|
Plagegeister aller Art und deren Bekämpfung: TR/injector.aop und TR/Symmi.6340.3 gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.03.2013, 16:45 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/injector.aop und TR/Symmi.6340.3 gefunden Okay, eine neue Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
01.03.2013, 16:56 | #17 |
| TR/injector.aop und TR/Symmi.6340.3 gefunden OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 01.03.2013 16:48:09 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jana\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 72,44% Memory free 6,00 Gb Paging File | 5,03 Gb Available in Paging File | 83,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 424,66 Gb Total Space | 345,80 Gb Free Space | 81,43% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 30,87 Gb Free Space | 77,19% Space Free | Partition Type: NTFS Computer Name: JANA-PC | User Name: Jana | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jana\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia) PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia) PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) PRC - C:\Programme\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.) PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3863.37734__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3863.37611__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3863.37668__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3863.37632__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Dashboard\2.0.3863.37736__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3863.37702__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3863.37712__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3863.37669__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3863.37683__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3863.37619__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3863.37663__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3863.37704__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3863.37668__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossFireX.Graphics.Dashboard\2.0.3863.37728__90ba9c70f846762e\CLI.Aspect.CrossFireX.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3863.37653__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3863.37701__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3863.37626__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3863.37712__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3863.37620__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Runtime\2.0.3863.37736__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3863.37734__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3863.37730__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3863.37656__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3863.37633__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3863.37677__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3863.37654__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3863.37650__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3863.37662__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3863.37636__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3863.37632__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3863.37655__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3863.37660__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3863.37654__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3863.37655__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3863.37660__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3863.37636__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3863.37662__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3863.37600__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3863.37602__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3863.37605__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3863.37602__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3863.37606__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3863.37701__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3863.37604__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3863.37708__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3863.37610__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3863.37606__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3863.37604__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3863.37601__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3863.37646__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3863.37683__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3863.37668__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3863.37629__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3863.37654__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3863.37620__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3863.37702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3863.37663__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3863.37620__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3863.37697__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3863.37677__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3863.37620__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3863.37629__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3863.37603__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3863.37660__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3863.37603__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3863.37610__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3863.37602__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3863.37626__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3863.37619__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3863.37677__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3863.37703__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3863.37602__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3863.37610__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3863.37606__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3863.37605__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3863.37616__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3863.37728__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3863.37692__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3863.37625__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3863.37697__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3863.37695__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3863.37608__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3863.37609__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3863.37605__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3863.37709__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3863.37605__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3863.37614__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3863.37603__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3863.37604__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3863.37697__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3863.37625__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3863.37615__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3863.37631__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3863.37608__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3863.37606__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3863.37608__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3863.37607__90ba9c70f846762e\AEM.Server.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (cvhsvc) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia) SRV - (sftvsa) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Micro Star SCM) -- C:\Programme\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.) SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\Jana\AppData\Local\Temp\catchme.sys File not found DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (ATI Technologies, Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices) DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-708478002-281803654-409329748-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-708478002-281803654-409329748-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-708478002-281803654-409329748-1000\..\SearchScopes,DefaultScope = {3B46B3D6-FE7D-43E6-8A6C-19F97C43CA37} IE - HKU\S-1-5-21-708478002-281803654-409329748-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-708478002-281803654-409329748-1000\..\SearchScopes\{3B46B3D6-FE7D-43E6-8A6C-19F97C43CA37}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393DE411 IE - HKU\S-1-5-21-708478002-281803654-409329748-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-708478002-281803654-409329748-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: AdBlock = C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\ CHR - Extension: Ghostery = C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.0_0\ O1 HOSTS File: ([2013.03.01 16:40:01 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-708478002-281803654-409329748-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-708478002-281803654-409329748-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{135951BA-ECD3-423F-BA85-ACB7B4E98D4E}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.01 16:36:49 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.03.01 16:36:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.03.01 16:36:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.03.01 16:36:42 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.03.01 16:36:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.03.01 16:09:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.01 16:09:31 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.01 16:08:44 | 000,547,491 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Jana\Desktop\JRT (1).exe [2013.03.01 12:47:41 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.01 12:46:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.01 12:25:32 | 005,036,023 | R--- | C] (Swearware) -- C:\Users\Jana\Desktop\ComboFix.exe [2013.02.28 15:33:11 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jana\Desktop\tdsskiller.exe [2013.02.28 15:11:18 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Jana\Desktop\aswMBR.exe [2013.02.28 13:13:14 | 000,000,000 | ---D | C] -- C:\Users\Jana\Desktop\mbar-1.01.0.1020 [2013.02.27 20:02:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jana\Desktop\OTL.exe [2013.02.27 14:28:24 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.02.27 14:28:24 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Local\Programs [2013.02.27 14:28:17 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.02.27 14:28:11 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.27 14:28:11 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.27 14:28:11 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.27 14:28:10 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.02.27 14:28:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.27 14:28:09 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.02.27 14:28:09 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.02.27 14:28:09 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.02.27 14:28:09 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.27 14:28:09 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.27 14:28:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.27 14:28:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.27 14:28:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.27 14:28:08 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.02.27 14:28:08 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.02.27 14:28:08 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.02.27 14:28:08 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.02.27 14:28:08 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.02.27 14:28:08 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.02.27 14:28:08 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.02.27 14:28:08 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.02.27 14:28:08 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.02.27 14:28:07 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.02.26 22:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.02.26 22:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013.02.20 15:46:36 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.02.20 15:46:35 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.02.20 15:46:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.02.20 15:46:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.02.20 15:46:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.02.20 15:46:34 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.02.20 15:46:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.02.20 15:46:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.02.20 15:21:41 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.02.20 15:21:24 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013.02.20 15:21:16 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.02.20 15:21:15 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.02.20 15:21:11 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.02.09 19:26:11 | 000,000,000 | ---D | C] -- C:\Users\Jana\Desktop\Karneval ========== Files - Modified Within 30 Days ========== [2013.03.01 16:48:45 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.01 16:48:45 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.01 16:41:30 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.01 16:41:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.01 16:41:07 | 2415,316,992 | -HS- | M] () -- C:\hiberfil.sys [2013.03.01 16:40:01 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2013.03.01 16:36:36 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2013.03.01 16:36:36 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.03.01 16:36:36 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.03.01 16:36:36 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.03.01 16:36:36 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.03.01 16:36:36 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.03.01 16:34:18 | 000,002,201 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.03.01 16:27:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.01 16:14:00 | 000,594,019 | ---- | M] () -- C:\Users\Jana\Desktop\adwcleaner.exe [2013.03.01 16:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.01 16:08:54 | 000,547,491 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Jana\Desktop\JRT (1).exe [2013.03.01 12:26:05 | 005,036,023 | R--- | M] (Swearware) -- C:\Users\Jana\Desktop\ComboFix.exe [2013.02.28 15:33:21 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jana\Desktop\tdsskiller.exe [2013.02.28 15:30:45 | 000,000,512 | ---- | M] () -- C:\Users\Jana\Desktop\MBR.dat [2013.02.28 15:12:41 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Jana\Desktop\aswMBR.exe [2013.02.28 13:12:57 | 013,711,621 | ---- | M] () -- C:\Users\Jana\Desktop\mbar-1.01.0.1020.zip [2013.02.28 12:41:10 | 000,377,856 | ---- | M] () -- C:\Users\Jana\Desktop\gmer_2.1.19115.exe [2013.02.27 20:06:01 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.02.27 20:06:01 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.02.27 20:03:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jana\Desktop\OTL.exe [2013.02.27 14:21:55 | 000,342,390 | ---- | M] () -- C:\Users\Jana\Desktop\AVSCAN-20130227-121201-4E0FCD56.zip [2013.02.26 18:00:55 | 000,317,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.20 15:45:02 | 000,654,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.20 15:45:02 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.20 15:45:02 | 000,130,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.20 15:45:02 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat ========== Files Created - No Company Name ========== [2013.03.01 16:13:51 | 000,594,019 | ---- | C] () -- C:\Users\Jana\Desktop\adwcleaner.exe [2013.02.28 15:30:45 | 000,000,512 | ---- | C] () -- C:\Users\Jana\Desktop\MBR.dat [2013.02.28 13:12:21 | 013,711,621 | ---- | C] () -- C:\Users\Jana\Desktop\mbar-1.01.0.1020.zip [2013.02.28 12:41:08 | 000,377,856 | ---- | C] () -- C:\Users\Jana\Desktop\gmer_2.1.19115.exe [2013.02.27 14:21:55 | 000,342,390 | ---- | C] () -- C:\Users\Jana\Desktop\AVSCAN-20130227-121201-4E0FCD56.zip [2012.12.16 20:54:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.12.16 20:54:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.12.16 20:54:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.12.16 20:54:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.12.16 20:54:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.10.09 18:56:42 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.10.09 18:56:42 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.10.01 12:11:34 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.08.10 15:34:14 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Ashampoo [2011.02.14 13:12:13 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\BullGuard [2010.12.18 15:37:39 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Canneverbe Limited [2010.12.18 15:47:03 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1 [2012.12.09 16:00:58 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\OpenOffice.org [2011.09.05 19:13:17 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\ProtectDISC [2012.12.23 15:50:46 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\SoftGrid Client [2011.02.14 13:12:13 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Software Inspection Library [2011.01.09 22:23:54 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\TP [2010.12.20 23:19:51 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.03.2013 16:48:09 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jana\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 72,44% Memory free 6,00 Gb Paging File | 5,03 Gb Available in Paging File | 83,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 424,66 Gb Total Space | 345,80 Gb Free Space | 81,43% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 30,87 Gb Free Space | 77,19% Space Free | Partition Type: NTFS Computer Name: JANA-PC | User Name: Jana | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-708478002-281803654-409329748-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0D6CE194-0645-4A63-836A-F91A40E390D5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0F7B411E-AC8B-470C-9C6D-48F34F4825E6}" = rport=10243 | protocol=6 | dir=out | app=system | "{1CD79DF9-AC8B-4A0D-A297-E92156824FD9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1E1EC31C-EEDC-437D-B506-C16E3823A82A}" = rport=445 | protocol=6 | dir=out | app=system | "{351F5236-E872-4D3F-932A-169E2E8586D1}" = rport=138 | protocol=17 | dir=out | app=system | "{3FB8ABF8-EC6F-4248-9C62-96B1006A159C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{423F9A24-F8B6-47A9-AFAD-B831C943044A}" = lport=139 | protocol=6 | dir=in | app=system | "{4914306A-230B-4106-A706-D8CB1DB7A217}" = rport=139 | protocol=6 | dir=out | app=system | "{4DF1C278-CC14-4774-9751-7588F05BE392}" = lport=137 | protocol=17 | dir=in | app=system | "{50CD42F3-0EF8-4A6B-AE2F-7CA0EFB2D3A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5FCB4CA0-4234-4B05-8D98-451B081C133E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{6121F529-688C-41FE-938B-B7550849903D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6143580E-3058-4523-9030-9DDE3802C068}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{68C52244-5C69-4F10-863F-99E97BF3238A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{767B55A6-230D-4A19-88B7-80B33A862EB1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{7B31E753-28D3-4761-9141-C6C05A4CA791}" = rport=137 | protocol=17 | dir=out | app=system | "{8241324F-F441-4514-913B-1B67F89FEB61}" = lport=445 | protocol=6 | dir=in | app=system | "{947A350F-954F-4265-8CB9-AC957CF06DEE}" = lport=2869 | protocol=6 | dir=in | app=system | "{9BC90078-1291-4C5A-8F01-21A0DDC37774}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AAA383F5-8D1A-457C-8C9F-AF79B7FEFAB9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B2F4212B-43C4-49FA-9520-857BF95F2C3A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B99AE337-76D4-47E9-B11A-F81D6BCB79A3}" = lport=138 | protocol=17 | dir=in | app=system | "{CA194E91-D0D0-4297-9525-ADE3BE9B3FB5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{DB0D51F8-0074-466E-90EC-834C47C5CB48}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{DB640436-E021-4F38-A740-AC3D8930CFA9}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2770F54A-1E69-423A-BE52-767927465819}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{2DF59073-7682-464C-895D-750B61FC3FDF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{327C36DF-86ED-4644-9DAC-F86264C4A99A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4561DB4B-9A31-4FE9-A835-F355E626F542}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{568D06AE-D575-4AC9-B8E9-684DD6D93E60}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{6B3123D4-784B-485A-B21A-047A26F6F51A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6C059CCA-6CA1-45B9-B5C0-149D4A332E27}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{7025881C-7EF7-4B3C-86B3-2ADE4A707829}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7323CA0E-109D-4FA0-857E-02BCC68464C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{819845A6-F072-4D6C-96AE-D3529B124497}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{91D3F860-D7EE-4C38-B9F0-BA06B91CE6A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{934E815B-532D-4C81-A9BF-B37005F23E84}" = protocol=6 | dir=out | app=system | "{9C2AC083-BDBD-49CC-B63D-0D7B2F8D624D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A43DA7E3-2C8B-4FAA-A9F7-C259338A1081}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{C20FF8B2-51E1-49D4-A98D-B904587D085B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{DAB5A0B8-C46F-4CBC-A02B-8412EA5BD114}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E1B98BA6-2EF8-4765-BA3F-AF966A255251}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E3E4ED30-0E1F-464A-8C64-433EFA0FBF06}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F57CC324-E07C-4632-BC66-D9D260C93BB9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{2AF0DEAA-379F-4831-A89F-8701DDF57CEA}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{85152495-0362-4756-A04D-5E831B38F806}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | "TCP Query User{9C518A45-73C5-4B07-A373-4BC20D3B40C3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{9F7BB652-78DA-4E23-A5E9-0E24DFA64541}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{A0D79C77-5BAD-4F05-B533-7810473C0F91}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{FEA133BF-A6AD-427A-AD02-2FCFA0F514A2}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | "UDP Query User{1E0C7B42-CBC7-46FE-8C81-B38499D7A63D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{2EEAFDFE-82F4-4D09-A1EE-CD5E7082EB9D}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{5DC51E89-5B81-4DCA-8148-CED5B78FE00B}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | "UDP Query User{5E816D5F-4D0C-4404-A546-F5BCD26547F0}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | "UDP Query User{5F707049-7EF2-4A80-AD5D-C5D02F665FF4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{90AF2592-886E-453E-BB7F-BF6CFE7C5C1C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 "_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources "{040E8987-3C5C-EEE9-7C3C-1A25D5EFE21E}" = Catalyst Control Center Graphics Light "{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE "{12A58E1A-7B5F-6CC8-A299-C9896DCD7982}" = CCC Help Italian "{142C7D29-6031-806E-C3F5-9053594EF332}" = ATI Catalyst Install Manager "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content "{1BCE0E72-5BE9-150F-04B8-75C1C67E01EB}" = CCC Help Chinese Traditional "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FDDD2DF-4EDD-BDBB-483D-8DBF60DA5BAB}" = CCC Help Finnish "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15 "{275C93C7-5FE4-3157-D289-AADD3E973B75}" = CCC Help Korean "{28C40108-8E43-7BFB-C9DF-06C8E183323A}" = Catalyst Control Center Graphics Previews Common "{2E03C934-17D0-D1F7-0631-8EB7DDB7B8D5}" = CCC Help Thai "{2EA73859-A140-04D7-136C-6B29704CC796}" = CCC Help Danish "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN "{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D5E294C-A62C-3459-BAA0-B6AAD8E83460}" = CCC Help Swedish "{435AD583-AFB5-03A8-7F65-721327D6BB11}" = CCC Help English "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4F007121-E30C-09A3-E548-ED75161611E3}" = CCC Help Greek "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{6438EBAC-5305-39A5-A93E-88CDFA6CE947}" = Google Chrome "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{656A4D8E-9DFA-813E-541E-C047B130D58F}" = Catalyst Control Center Core Implementation "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76690645-425D-59BF-6CA7-CBA3D68C159F}" = Catalyst Control Center Localization All "{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8AF57B88-28DF-D7AA-A9A5-01D535C8023D}" = CCC Help Spanish "{8B4C0BC1-67A3-6CA9-123B-992DCF14C5AF}" = Catalyst Control Center Graphics Full Existing "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DA00A19-9AB2-2724-36CD-5094EC6F4A45}" = Catalyst Control Center InstallProxy "{8DBF1BC7-E29D-EF2A-3EAD-98D70C4F6C5B}" = ccc-core-static "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4 "{923D47BD-3BE2-1B83-B9FD-9189FD4474AB}" = CCC Help Dutch "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{94DCFB3E-015B-C9B4-763B-D07329E89A6D}" = CCC Help Hungarian "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{A39B0352-24A9-5D58-E272-91218BC8A51E}" = CCC Help Polish "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9139E41-8969-54D1-AF85-D30E8DFF50FE}" = CCC Help Russian "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw "{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR "{BF3C0386-BADC-F3DF-25A5-435B10852B13}" = CCC Help French "{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES "{CBC9CF44-0F09-42EC-6BB0-44AC5C413BCE}" = CCC Help Turkish "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF0A5043-8744-A076-9515-AD6B4421152B}" = Catalyst Control Center Graphics Previews Vista "{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension "{CFA1A443-F2D9-097D-4CE3-D965A2178B32}" = CCC Help Norwegian "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D776CF6B-93A2-DEFC-3B80-431CB59B3E76}" = CCC Help Czech "{D7E49254-D6DD-0175-7409-F8DC8B5C1749}" = ccc-utility "{DAAACF3B-7EFF-6A05-E2CF-2581F8B2B1B1}" = CCC Help Chinese Standard "{DB3E28FF-969F-0C82-8C24-893823FCC203}" = CCC Help Japanese "{DCE271F2-588E-F0B5-F0BE-7621BBAB1B6A}" = CCC Help German "{DD70AAF2-66CA-7BDE-CF7D-AA814A8B939E}" = Catalyst Control Center Graphics Full New "{DE656F94-4E2A-66AA-DEEA-07638647690D}" = CCC Help Portuguese "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters "{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Avira AntiVir Desktop" = Avira Free Antivirus "CCleaner" = CCleaner "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Secunia PSI" = Secunia PSI (2.0.0.4003) "SynTPDeinstKey" = Synaptics Pointing Device Driver "Winamp" = Winamp "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinLiveSuite" = Windows Live Essentials "Xvid_is1" = Xvid 1.1.3 final uninstall ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-708478002-281803654-409329748-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 01.03.2013 11:40:25 | Computer Name = Jana-PC | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: [ System Events ] Error - 01.03.2013 11:39:01 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. < End of report > |
02.03.2013, 01:09 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/injector.aop und TR/Symmi.6340.3 gefunden Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren
__________________Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ |
06.03.2013, 00:28 | #19 |
| TR/injector.aop und TR/Symmi.6340.3 gefunden sorry dass ich jetzt erst wieder schreibe. hatte wenig zeit die letzten tage. Eset hat einen threat gefunden. malwarebytes hat nichts gefunden. Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=7ca51145c8de36468f85c8d5d7ded3e9 # engine=13303 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-03-05 04:12:32 # local_time=2013-03-05 05:12:32 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 97 7590 108270436 366 0 # compatibility_mode=5893 16776574 100 94 349046 114131143 0 0 # scanned=51410 # found=0 # cleaned=0 # scan_time=3581 ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=7ca51145c8de36468f85c8d5d7ded3e9 # engine=13307 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-03-05 11:21:32 # local_time=2013-03-06 12:21:32 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 97 33330 108296176 26106 0 # compatibility_mode=5893 16776574 100 94 378386 114156883 0 0 # scanned=119824 # found=1 # cleaned=0 # scan_time=5490 sh=26EFCB56EBD47A1BFAA854E9FE382957F630CE7D ft=1 fh=9bd80ae6b7f95773 vn="Win32/Trustezeb.C trojan" ac=I fn="C:\_OTL\MovedFiles\03012013_163901\C_Users\Jana\Rrdpnflpe\vwhpiwbby.exe" |
06.03.2013, 12:08 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/injector.aop und TR/Symmi.6340.3 gefunden Die Logs immer posten egal ob Funde oder kein Fund!
__________________ Logfiles bitte immer in CODE-Tags posten |
07.03.2013, 13:22 | #21 |
| TR/injector.aop und TR/Symmi.6340.3 gefundenCode:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.05.11 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Jana :: JANA-PC [Administrator] 05.03.2013 16:03:56 mbam-log-2013-03-05 (16-03-56).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 198598 Laufzeit: 5 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
07.03.2013, 13:46 | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/injector.aop und TR/Symmi.6340.3 gefunden Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
08.03.2013, 13:03 | #23 |
| TR/injector.aop und TR/Symmi.6340.3 gefunden ok, vielen vielen Dank für die Hilfe! Ich werde nächste Woche nochmal einen Scan machen und falls ich noch was finde, werde ich den Log posten. |
08.03.2013, 14:25 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/injector.aop und TR/Symmi.6340.3 gefunden Dann wären wir durch! Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
11.03.2013, 12:41 | #25 |
| TR/injector.aop und TR/Symmi.6340.3 gefunden Vielen vielen Dank nochmal! |
Themen zu TR/injector.aop und TR/Symmi.6340.3 gefunden |
angehängt, anhang, antivir, arbeiten, email, erweiterter, freundin, gefunde, hoffe, konnte, log, poste, reinigen, report, scan, troja, trojaner |