| |
| |||||||
Log-Analyse und Auswertung: tbhcn wurde beendet und geschlossenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.02.2013, 22:42
| #1 |
 |  tbhcn wurde beendet und geschlossen Beim Starten von Windows Vista Home Basic erhalte ich seit einigen Tagen den Hinweis "tbhcn wurde beendet und geschlossen". Ich habe daraufhin, weil ich Angst hatte, dass es ein Virus ist, in der Systemkonfiguration das Programm unter dem Menue "Systemstart" deaktiviert. Ferner erhalte ich in der Infozeile den Hinweis auf ein geblocktes Programm namens "UpdateUtil application" Ich habe dann, wie in der Anleitung empfohlen, die verschiedenen Scans durchgeführt. Besten Dank vorab für eure Hilfe! |
|
01.03.2013, 10:48
| #2 |
| /// TB-Ausbilder  | tbhcn wurde beendet und geschlossen Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.  Bitte Lesen: Regeln für die Bereinigung Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
Gelesen und verstanden? Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Deinstallation von Programmen
Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Downloade Dir bitte Schritt 3: Temporäre Dateien löschen mit TFC
Schritt 4: Scan mit DDS+ (mit attach) Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.
__________________ |
|
02.03.2013, 11:48
| #3 |
| | tbhcn wurde beendet und geschlossen Hallo! Vielen Dank für deine schnelle Rückmeldung! Ich habe die ersten Schritte gewissen nacheinander abgearbeitet. Da ich aber kein "Computer - Guru" bin, weiß ich nicht, wie ich die Dokumente in meinen thread kopiere. Ich versuche dir die Informationen zunächst in dieser Antwort bereit zu stellen. Gib mir bitte eine detaillierte Beschreibung, wenn ich dir die Dokumente anders zur Verfügung stellen soll! Danke!AdwCleaner Logfile:
__________________Code:
ATTFilter # AdwCleaner v2.113 - Datei am 02/03/2013 um 10:08:45 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Benutzer : Andreas - ANDREAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Andreas\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Runner.job
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Stats Report.job
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Update Checker.job
Gelöscht mit Neustart : C:\Program Files\BrowserCompanion
Gelöscht mit Neustart : C:\ProgramData\GinyasBrowserCompanion
Gelöscht mit Neustart : C:\ProgramData\GinyasBrowserCompanion
Ordner Gelöscht : C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf
Ordner Gelöscht : C:\Users\Andreas\AppData\LocalLow\bbrs_002.tb
Ordner Gelöscht : C:\Users\Andreas\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\loadtbs
Ordner Gelöscht : C:\Users\Niklas\AppData\LocalLow\bbrs_002.tb
Ordner Gelöscht : C:\Users\Tanja\AppData\LocalLow\bbrs_002.tb
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\BrowserCompanion
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserCompanion
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\GinyasBrowserCompanion
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Schlüssel Gelöscht : HKLM\Software\GinyasBrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GinyasBrowserCompanion
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v25.0.1364.97
Datei : C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.1811] : homepage = "hxxp://www.searchplusnetwork.com/?sp=vit4",
Datei : C:\Users\Tanja\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [6700 octets] - [02/03/2013 10:08:45]
########## EOF - C:\AdwCleaner[S1].txt - [6760 octets] ##########
DDS Logfile:
Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2
Run by Andreas at 11:34:38 on 2013-03-02
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.49.1031.18.2943.1574 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.web.de/
uDefault_Page_URL = hxxp://www.asus.com
mDefault_Page_URL = hxxp://www.asus.com
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Epson Stylus SX235(Netzwerk)] c:\windows\system32\spool\drivers\w32x86\3\e_fatihle.exe /fu "c:\users\andreas\appdata\local\temp\E_S7BD3.tmp" /EF "HKCU"
uRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_fatihle.exe /ept "epltarget\P0000000000000000" /M "Epson Stylus SX235"
uRun: [EPLTarget\P0000000000000001] c:\windows\system32\spool\drivers\w32x86\3\e_fatihle.exe /ept "epltarget\P0000000000000001" /M "Epson Stylus SX235"
uRun: [Google Update] "c:\users\andreas\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [MusicManager] "c:\users\andreas\appdata\local\programs\google\musicmanager\MusicManager.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [ASUSTPE] c:\windows\system32\ASUSTPE.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ASUS Camera ScreenSaver] c:\windows\ASScrProlog.exe
mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe
mRun: [PowerForPhone] c:\program files\powerforphone\PowerForPhone.exe
mRun: [Skytel] Skytel.exe
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NetFxUpdate_v1.1.4322] "c:\windows\microsoft.net\framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 217.0.43.97 217.0.43.113
TCP: Interfaces\{3616D4E2-2025-4BF9-A64A-5C9539C44FBC} : DHCPNameServer = 217.0.43.97 217.0.43.113
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.97\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2012-11-4 142432]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-23 25824]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 100328]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-8-28 92632]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\drivers\WSDScan.sys [2011-11-17 19968]
.
=============== Created Last 30 ================
.
2013-03-02 09:08:55 207 ----a-w- c:\windows\DeleteOnReboot.bat
2013-03-02 08:51:54 6954968 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e42372ac-a5e2-47e2-a521-b0aa6bcfb391}\mpengine.dll
2013-02-28 18:20:13 6954968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-02-27 17:43:35 -------- d-----w- c:\windows\pss
2013-02-23 13:39:51 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-18 17:46:53 -------- d-----w- c:\programdata\GinyasBrowserCompanion
2013-02-14 07:23:35 2048512 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 17:59:12 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-02-13 17:59:08 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 17:59:08 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-02-13 17:59:04 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 17:59:03 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-13 17:29:23 768000 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-02-06 18:26:23 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2013-02-05 18:34:04 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2013-02-05 18:34:04 -------- d--h--w- c:\programdata\Common Files
.
==================== Find3M ====================
.
2013-03-02 08:40:26 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-02-26 19:36:40 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-26 19:36:39 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-23 13:39:25 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-23 13:39:24 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 14:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59:04 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 11:35:39,46 ===============
. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Basic Boot Device: \Device\HarddiskVolume2 Install Date: 17.11.2011 05:40:48 System Uptime: 02.03.2013 10:10:57 (1 hours ago) . Motherboard: ASUSTeK Computer Inc. | | F5N Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-57 | CPU 1 | 1800/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 116 GiB total, 70,862 GiB free. D: is FIXED (NTFS) - 107 GiB total, 100,471 GiB free. E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-6zu4-Adapter Device ID: ROOT\*6TO4MP\0008 Manufacturer: Microsoft Name: 6TO4 Adapter PNP Device ID: ROOT\*6TO4MP\0008 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-6zu4-Adapter Device ID: ROOT\*6TO4MP\0021 Manufacturer: Microsoft Name: 6TO4 Adapter PNP Device ID: ROOT\*6TO4MP\0021 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-6zu4-Adapter Device ID: ROOT\*6TO4MP\0031 Manufacturer: Microsoft Name: 6TO4 Adapter PNP Device ID: ROOT\*6TO4MP\0031 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-6zu4-Adapter Device ID: ROOT\*6TO4MP\0038 Manufacturer: Microsoft Name: 6TO4 Adapter PNP Device ID: ROOT\*6TO4MP\0038 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-6zu4-Adapter Device ID: ROOT\*6TO4MP\0039 Manufacturer: Microsoft Name: 6TO4 Adapter PNP Device ID: ROOT\*6TO4MP\0039 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-6zu4-Adapter Device ID: ROOT\*6TO4MP\0056 Manufacturer: Microsoft Name: 6TO4 Adapter PNP Device ID: ROOT\*6TO4MP\0056 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-6zu4-Adapter Device ID: ROOT\*6TO4MP\0059 Manufacturer: Microsoft Name: 6TO4 Adapter PNP Device ID: ROOT\*6TO4MP\0059 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-6zu4-Adapter Device ID: ROOT\*6TO4MP\0070 Manufacturer: Microsoft Name: 6TO4 Adapter PNP Device ID: ROOT\*6TO4MP\0070 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-6zu4-Adapter Device ID: ROOT\*6TO4MP\0073 Manufacturer: Microsoft Name: 6TO4 Adapter PNP Device ID: ROOT\*6TO4MP\0073 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-6zu4-Adapter Device ID: ROOT\*6TO4MP\0096 Manufacturer: Microsoft Name: 6TO4 Adapter PNP Device ID: ROOT\*6TO4MP\0096 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-6zu4-Adapter Device ID: ROOT\*6TO4MP\0123 Manufacturer: Microsoft Name: 6TO4 Adapter PNP Device ID: ROOT\*6TO4MP\0123 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-6zu4-Adapter Device ID: ROOT\*6TO4MP\0209 Manufacturer: Microsoft Name: 6TO4 Adapter PNP Device ID: ROOT\*6TO4MP\0209 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-ISATAP-Adapter Device ID: ROOT\*ISATAP\0000 Manufacturer: Microsoft Name: isatap.{4425220C-6ED5-41E0-8B32-B680342A9FCA} PNP Device ID: ROOT\*ISATAP\0000 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-ISATAP-Adapter Device ID: ROOT\*ISATAP\0010 Manufacturer: Microsoft Name: isatap.{4425220C-6ED5-41E0-8B32-B680342A9FCA} PNP Device ID: ROOT\*ISATAP\0010 Service: tunnel . Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a} Description: xD/SDMMC/MS/Pro Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_XD#SDMMC#MS#PRO&REV_1.00#20021111153705700&0# Manufacturer: Generic- Name: xD/SDMMC/MS/Pro PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_XD#SDMMC#MS#PRO&REV_1.00#20021111153705700&0# Service: WUDFRd . ==== System Restore Points =================== . RP387: 09.02.2013 14:54:21 - Installed Java(TM) 6 Update 39 RP388: 11.02.2013 11:31:16 - Windows Update RP389: 13.02.2013 18:17:00 - Windows Update RP390: 14.02.2013 08:23:02 - Windows Update RP391: 14.02.2013 20:27:01 - Windows Update RP392: 17.02.2013 13:32:04 - Windows Update RP393: 19.02.2013 19:06:20 - Geplanter Prüfpunkt RP394: 20.02.2013 17:31:26 - Windows Update RP395: 23.02.2013 14:36:50 - Removed Java(TM) 6 Update 39 RP396: 23.02.2013 14:38:10 - Installed Java 7 Update 15 RP397: 24.02.2013 13:14:41 - Windows Update RP398: 27.02.2013 18:13:34 - Windows Update RP399: 02.03.2013 11:32:07 - Geplanter Prüfpunkt . ==== Installed Programs ====================== . ABBYY FineReader 9.0 Sprint AbiWord 2.8.6 Adobe Flash Player 11 ActiveX Adobe Reader 8 Amazon MP3-Downloader 1.0.17 Angry Birds ASUS Data Security Manager ASUS InstantFun ASUS Live Update ASUS Splendid Video Enhancement Technology ASUS Touch Pad Extra Asus_Camera_ScreenSaver Atheros Driver Installation Program ATK Generic Function Service ATK Hotkey ATK Media ATKOSD2 Benutzerhandbuch EPSON SX235 Series Compatibility Pack für 2007 Office System dm-Fotowelt ElsterFormular Epson Easy Photo Print 2 Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) Epson Event Manager EPSON Scan EPSON SX235 Series Printer Uninstall EpsonNet Print Google Chrome Google Earth Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Java 7 Update 15 Java Auto Updater Memeo Instant Backup Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Antimalware Service DE-DE Language Pack Microsoft Office Excel Viewer Microsoft Office Word Viewer 2003 Microsoft Security Client Microsoft Security Client DE-DE Language Pack Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Motorola SM56 Speakerphone Modem MSVC90_x86 Music Manager NB Probe Netzwerkhandbuch EPSON SX235 Series Nokia Connectivity Cable Driver NVIDIA Drivers PC Connectivity Solution Power4Gear eXtreme PowerForPhone Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Seagate Dashboard Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) SopCast 3.4.0 Steuersparer 2013 Synaptics Pointing Device Driver TomTom HOME TomTom HOME Visual Studio Merge Modules Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VLC media player 1.1.11 Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) WinFlash Wireless Console 2 . ==== End Of File =========================== |
|
02.03.2013, 11:50
| #4 |
| /// TB-Ausbilder | tbhcn wurde beendet und geschlossen Gut! Bevor es weitergeht: Besteht das Problem noch?
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
04.03.2013, 19:20
| #5 |
| | tbhcn wurde beendet und geschlossen Also nach dem Hochfahren gerade eben habe ich die Meldung nicht erhalten. Bin aber nicht sicher, ob das Problem behoben ist. Was ich weiterhin habe, ist der Hinweis in der Info-Zeile, dass ein Programm beim Start geblockt wurde. Wenn ich mir die Liste der geblockten Programme anschaue handelt es sich offenbar um "UpdateUtil Application" - was immer das ist. in meiner "Systemkonfiguration" habe ich im Menue "Systemstart" weiter den Eintrag tbhcn. Beim dem hatte ich ja das Häkchen entfernt in der Hoffnung, dass das Programm/Trojaner dann gar nicht erst gestartet wird. Hoffe, ich habe mich einigermaßen verständlich ausgedrückt. |
|
05.03.2013, 14:39
| #6 |
| /// TB-Ausbilder | tbhcn wurde beendet und geschlossen In Ordnung, dann schauen wir mal weiter: Scan mit Combofix
__________________ --> tbhcn wurde beendet und geschlossen |
|
05.03.2013, 19:02
| #7 |
| | tbhcn wurde beendet und geschlossen Combofix Logfile: Code:
ATTFilter ComboFix 13-03-05.01 - Andreas 05.03.2013 18:12:16.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.49.1031.18.2943.1796 [GMT 1:00]
ausgeführt von:: c:\users\Andreas\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BrowserCompanion
c:\program files\BrowserCompanion\updatebhoWin32.dll
c:\program files\BrowserCompanion\updatebhoWin32.dll_1
c:\program files\BrowserCompanion\updatebhoWin32.dll_2
c:\program files\BrowserCompanion\updatebhoWin32.dll_3
c:\program files\BrowserCompanion\updater.ini
c:\program files\BrowserCompanion\widgetserv.exe
c:\users\Andreas\4.0
c:\users\Tanja\4.0
c:\windows\security\Database\tmp.edb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-05 bis 2013-03-05 ))))))))))))))))))))))))))))))
.
.
2013-03-05 17:02 . 2013-03-05 17:02 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C055706D-01D4-4EC6-85F2-9DC1F308E1D2}\MpKsl28c322ee.sys
2013-03-04 18:11 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C055706D-01D4-4EC6-85F2-9DC1F308E1D2}\mpengine.dll
2013-03-03 14:36 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-02 09:08 . 2013-03-02 09:09 207 ----a-w- c:\windows\DeleteOnReboot.bat
2013-02-23 13:40 . 2013-02-23 13:40 -------- d-----w- c:\program files\Common Files\Java
2013-02-23 13:39 . 2013-02-23 13:39 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-18 17:46 . 2013-03-02 09:08 -------- d-----w- c:\programdata\GinyasBrowserCompanion
2013-02-14 07:23 . 2013-01-04 01:38 2048512 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 17:59 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-02-13 17:59 . 2013-01-04 11:28 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 17:59 . 2013-01-04 01:55 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-02-13 17:59 . 2013-01-05 05:26 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 17:59 . 2013-01-05 05:26 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-13 17:29 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-02-06 18:26 . 2013-02-27 17:26 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2013-02-05 18:34 . 2013-02-05 18:34 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2013-02-05 18:34 . 2013-02-05 18:34 -------- d--h--w- c:\programdata\Common Files
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-05 16:53 . 2011-11-17 05:19 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-02-26 19:36 . 2012-04-19 18:16 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-26 19:36 . 2011-11-17 18:59 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-23 13:39 . 2012-06-29 22:05 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-23 13:39 . 2011-12-06 21:42 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-30 10:53 . 2011-11-17 20:02 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 14:59 . 2013-01-20 14:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2011-04-27 14:25 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-12-16 13:12 . 2012-12-30 21:23 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-30 21:23 293376 ----a-w- c:\windows\system32\atmfd.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE" [2012-02-29 249440]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE" [2012-02-29 249440]
"MusicManager"="c:\users\Andreas\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-01-14 7437824]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-14 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-14 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-12 4710400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 630784]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-01-17 106496]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2011-11-17 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2011-11-17 33136]
"PowerForPhone"="c:\program files\PowerForPhone\PowerForPhone.exe" [2007-06-26 778240]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"NetFxUpdate_v1.1.4322"="c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" [2004-08-10 106496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Andreas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tbhcn.lnk]
path=c:\users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
backup=c:\windows\pss\tbhcn.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL28C322EE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-26 13:43 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 19:36]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-13 21:05]
.
2013-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-13 21:05]
.
2013-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3449463680-1578276531-568636548-1000Core.job
- c:\users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-15 18:31]
.
2013-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3449463680-1578276531-568636548-1000UA.job
- c:\users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-15 18:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.web.de/
TCP: DhcpNameServer = 217.0.43.97 217.0.43.113
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-03-05 18:30
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
C:\ADSM_PData_0150
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2013-03-05 18:32:53
ComboFix-quarantined-files.txt 2013-03-05 17:32
.
Vor Suchlauf: 5 Verzeichnis(se), 75.719.921.664 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 75.422.142.464 Bytes frei
.
- - End Of File - - 8CA03ACFE81D25F7497511CA72BB48E7
|
|
05.03.2013, 19:55
| #8 |
| /// TB-Ausbilder | tbhcn wurde beendet und geschlossen Okay. Ein wenig ist weg ... bleibt noch etwas: Combofix-Skript
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
06.03.2013, 20:29
| #9 |
| | tbhcn wurde beendet und geschlossenCode:
ATTFilter ComboFix 13-03-05.01 - Andreas 06.03.2013 19:44:09.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.49.1031.18.2943.1567 [GMT 1:00]
ausgeführt von:: C:\Users\Andreas\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: C:\Users\Andreas\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FILE ::
"c:\users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk"
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
c:\programdata\GinyasBrowserCompanion
c:\programdata\GinyasBrowserCompanion\tbhcn.exe
c:\programdata\GinyasBrowserCompanion\tcbhn.exe
c:\programdata\GinyasBrowserCompanion\valuese.xml
((((((((((((((((((((((( Dateien erstellt von 2013-02-06 bis 2013-03-06 ))))))))))))))))))))))))))))))
2013-03-06 19:08:10 . 2013-03-06 19:08:10 -------- d-----w- C:\Users\Tanja\AppData\Local\temp
2013-03-06 19:08:10 . 2013-03-06 19:08:10 -------- d-----w- C:\Users\Niklas\AppData\Local\temp
2013-03-06 19:08:10 . 2013-03-06 19:08:10 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-03-06 18:31:40 . 2013-02-08 00:45:01 6954968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{17849A94-80EB-4A06-987C-305346B0A59E}\mpengine.dll
2013-03-05 18:16:29 . 2013-03-05 18:16:29 -------- d-----w- C:\Users\Andreas\AppData\Local\Macromedia
2013-03-05 18:11:37 . 2013-03-05 18:11:37 -------- d-----w- C:\Users\Andreas\AppData\Local\Mozilla
2013-03-05 18:11:30 . 2013-03-05 18:11:31 -------- d-----w- C:\Program Files\Mozilla Maintenance Service
2013-03-05 17:47:36 . 2013-02-08 00:45:01 6954968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-02 09:08:55 . 2013-03-02 09:09:34 207 ----a-w- C:\Windows\DeleteOnReboot.bat
2013-02-23 13:40:21 . 2013-02-23 13:40:21 -------- d-----w- C:\Program Files\Common Files\Java
2013-02-23 13:39:51 . 2013-02-23 13:39:35 94112 ----a-w- C:\Windows\system32\WindowsAccessBridge.dll
2013-02-14 07:23:35 . 2013-01-04 01:38:50 2048512 ----a-w- C:\Windows\system32\win32k.sys
2013-02-13 17:59:12 . 2012-11-08 03:48:38 1314816 ----a-w- C:\Windows\system32\quartz.dll
2013-02-13 17:59:08 . 2013-01-04 11:28:19 914792 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2013-02-13 17:59:08 . 2013-01-04 01:55:18 31232 ----a-w- C:\Windows\system32\drivers\tcpipreg.sys
2013-02-13 17:59:04 . 2013-01-05 05:26:01 3550072 ----a-w- C:\Windows\system32\ntoskrnl.exe
2013-02-13 17:59:03 . 2013-01-05 05:26:01 3602808 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2013-02-13 17:29:23 . 2013-01-08 22:01:00 768000 ----a-w- C:\Program Files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-02-06 18:26:23 . 2013-02-27 17:26:47 -------- d-----w- C:\Program Files\Eusing Free Registry Cleaner
2013-02-05 18:34:04 . 2013-02-05 18:34:04 -------- d-sh--w- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2013-02-05 18:34:04 . 2013-02-05 18:34:04 -------- d--h--w- C:\ProgramData\Common Files
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
2013-03-06 17:40:42 . 2011-11-17 05:19:48 45056 ----a-w- C:\Windows\system32\acovcnt.exe
2013-03-05 18:16:15 . 2012-04-19 18:16:04 691568 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2013-03-05 18:16:14 . 2011-11-17 18:59:34 71024 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-02-23 13:39:25 . 2012-06-29 22:05:23 861088 ----a-w- C:\Windows\system32\npdeployJava1.dll
2013-02-23 13:39:24 . 2011-12-06 21:42:18 782240 ----a-w- C:\Windows\system32\deployJava1.dll
2013-01-30 10:53:21 . 2011-11-17 20:02:00 232336 ------w- C:\Windows\system32\MpSigStub.exe
2013-01-20 14:59:04 . 2013-01-20 14:59:04 195296 ----a-w- C:\Windows\system32\drivers\MpFilter.sys
2013-01-20 14:59:04 . 2011-04-27 14:25:24 100328 ----a-w- C:\Windows\system32\drivers\NisDrvWFP.sys
2012-12-16 13:12:54 . 2012-12-30 21:23:50 34304 ----a-w- C:\Windows\system32\atmlib.dll
2012-12-16 10:50:29 . 2012-12-30 21:23:51 293376 ----a-w- C:\Windows\system32\atmfd.dll
2013-02-16 00:34:54 . 2013-03-05 18:11:05 263064 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
---- Directory of c:\windows\pss ----
2013-02-27 17:43:35 . 2012-07-29 17:27:06 2043 ------w- c:\windows\pss\tbhcn.lnk.Startup
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08:18 143360 ----a-w- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-04-11 06:28:03 1233920]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 05:41:06 247768]
"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE" [2012-02-29 06:03:02 249440]
"EPLTarget\P0000000000000001"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE" [2012-02-29 06:03:02 249440]
"MusicManager"="C:\Users\Andreas\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-01-14 23:31:30 7437824]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:35:20 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-14 17:38:00 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-14 17:38:00 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-14 17:38:00 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-12 08:50:28 4710400]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 05:29:41 630784]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 16:27:32 61440]
"ASUSTPE"="C:\Windows\system32\ASUSTPE.exe" [2007-01-17 00:13:14 106496]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 21:24:26 857648]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2011-11-17 05:05:48 37232]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2011-11-17 05:05:59 33136]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-06-26 18:10:44 778240]
"Skytel"="Skytel.exe" [2007-11-20 10:15:58 1826816]
"EEventManager"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 11:56:40 979328]
"Memeo Instant Backup"="C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 00:33:08 136416]
"Seagate Dashboard"="C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 16:42:28 79112]
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe" [2013-01-27 10:11:06 947152]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 08:04:54 252848]
"NetFxUpdate_v1.1.4322"="C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" [2004-08-10 15:20:00 106496]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Users^Andreas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tbhcn.lnk]
path=C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
backup=C:\Windows\pss\tbhcn.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-06 17:41:54 1630672 ----a-w- C:\Program Files\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
Inhalt des "geplante Tasks" Ordners
2013-03-06 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 18:16:04 . 2013-03-05 18:16:15]
2013-03-06 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-13 21:06:02 . 2011-12-13 21:05:48]
2013-03-06 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-13 21:06:02 . 2011-12-13 21:05:48]
2013-02-24 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3449463680-1578276531-568636548-1000Core.job
- C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-15 18:31:10 . 2012-11-15 18:31:04]
2013-03-06 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3449463680-1578276531-568636548-1000UA.job
- C:\Users\Andreas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-15 18:31:10 . 2012-11-15 18:31:04]
------- Zusätzlicher Suchlauf -------
uStart Page = hxxp://www.web.de/
TCP: DhcpNameServer = 217.0.43.97 217.0.43.113
FF - ProfilePath - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\jpsksdxx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-03-06 20:08:24
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
Zeit der Fertigstellung: 2013-03-06 20:10:28
ComboFix-quarantined-files.txt 2013-03-06 19:10:25
ComboFix2.txt 2013-03-05 17:32:54
Vor Suchlauf: 7 Verzeichnis(se), 75.369.074.688 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 75.357.638.656 Bytes frei
- - End Of File - - 5ACD2BA7ED4B56CB9EC0E8D01696D8BE
|
|
06.03.2013, 21:58
| #10 |
| /// TB-Ausbilder | tbhcn wurde beendet und geschlossen Gut. Hat sich das tbchn Problem damit erledigt?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
07.03.2013, 19:13
| #11 |
| | tbhcn wurde beendet und geschlossen Ja - ich denke schon. Zumindest erscheint der Hinweis beim Start nicht mehr. Was ich immer noch habe ist halt der Hinweis auf das geblockte Autostartprogramm "UpdateUtil Application" - was immer das sein mag. |
|
07.03.2013, 19:31
| #12 |
| /// TB-Ausbilder | tbhcn wurde beendet und geschlossen Dann schauen wir uns das nochmal anders an: Kontrollscan mit OTL
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
09.03.2013, 09:20
| #13 |
| | tbhcn wurde beendet und geschlossenCode:
ATTFilter OTL logfile created on: 09.03.2013 09:07:52 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andreas\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 51,25% Memory free 5,95 Gb Paging File | 4,39 Gb Available in Paging File | 73,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,44 Gb Total Space | 69,99 Gb Free Space | 60,11% Space Free | Partition Type: NTFS Drive D: | 106,68 Gb Total Space | 100,47 Gb Free Space | 94,18% Space Free | Partition Type: NTFS Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.28 21:09:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe PRC - [2013.02.26 20:36:38 | 000,701,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe PRC - [2013.01.27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe PRC - [2013.01.27 11:11:46 | 000,284,304 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MpCmdRun.exe PRC - [2013.01.27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2013.01.27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2013.01.15 00:31:30 | 007,437,824 | ---- | M] (Google Inc.) -- C:\Users\Andreas\AppData\Local\Programs\Google\MusicManager\MusicManager.exe PRC - [2012.08.28 06:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2012.08.28 06:41:06 | 000,247,768 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2012.02.29 07:03:02 | 000,249,440 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHLE.EXE PRC - [2012.02.21 07:01:02 | 000,142,432 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE PRC - [2011.11.17 06:05:59 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe PRC - [2011.06.01 17:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe PRC - [2011.06.01 17:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe PRC - [2011.06.01 17:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe PRC - [2010.10.12 12:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe PRC - [2010.04.23 01:33:52 | 000,085,784 | ---- | M] (Memeo Inc.) -- C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe PRC - [2010.04.23 01:33:04 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe PRC - [2010.04.23 01:33:00 | 000,323,808 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe PRC - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2007.12.12 09:50:28 | 004,710,400 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007.09.03 06:29:41 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe PRC - [2007.09.01 02:38:12 | 000,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe PRC - [2007.07.10 19:59:56 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2007.06.26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe PRC - [2007.01.17 01:13:14 | 000,106,496 | ---- | M] (ASUS) -- C:\Windows\System32\ASUSTPE.exe PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2006.12.19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe PRC - [2006.11.02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe PRC - [2006.10.23 10:48:38 | 000,345,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (No Company Name) ========== MOD - [2013.02.17 12:59:30 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dae1b2e49e240e879a6523025cc306fb\Microsoft.VisualBasic.ni.dll MOD - [2013.02.17 12:47:21 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15e2d7f51f15830591727d6d6a1e4032\System.ServiceProcess.ni.dll MOD - [2013.02.17 12:47:15 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll MOD - [2013.02.14 20:41:20 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll MOD - [2013.01.15 00:19:36 | 000,344,064 | ---- | M] () -- C:\Users\Andreas\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll MOD - [2013.01.15 00:19:22 | 000,231,936 | ---- | M] () -- C:\Users\Andreas\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll MOD - [2013.01.15 00:18:54 | 000,253,440 | ---- | M] () -- C:\Users\Andreas\AppData\Local\Programs\Google\MusicManager\libid3tag.dll MOD - [2013.01.15 00:18:44 | 000,117,248 | ---- | M] () -- C:\Users\Andreas\AppData\Local\Programs\Google\MusicManager\libaacdec.dll MOD - [2013.01.10 21:01:44 | 000,026,624 | ---- | M] () -- C:\Users\Andreas\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll MOD - [2013.01.10 21:01:26 | 010,683,392 | ---- | M] () -- C:\Users\Andreas\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll MOD - [2013.01.10 21:01:24 | 001,681,408 | ---- | M] () -- C:\Users\Andreas\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll MOD - [2013.01.10 21:01:22 | 007,741,952 | ---- | M] () -- C:\Users\Andreas\AppData\Local\Programs\Google\MusicManager\QtGui4.dll MOD - [2013.01.10 21:01:20 | 002,248,192 | ---- | M] () -- C:\Users\Andreas\AppData\Local\Programs\Google\MusicManager\QtCore4.dll MOD - [2013.01.09 21:13:52 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll MOD - [2013.01.09 21:13:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll MOD - [2013.01.09 21:13:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll MOD - [2013.01.09 21:12:42 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll MOD - [2013.01.09 21:11:46 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013.01.09 21:10:47 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll MOD - [2013.01.09 21:09:30 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.09 21:09:20 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2011.11.17 06:05:59 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe MOD - [2011.06.01 17:46:02 | 000,030,984 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll MOD - [2011.06.01 17:45:34 | 000,011,016 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Plugins\de-DE\Memeo.Dashboard.SeagateSharePlusPlugin.resources.dll MOD - [2011.06.01 17:42:24 | 000,108,296 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll MOD - [2011.06.01 17:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll MOD - [2011.06.01 17:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll MOD - [2010.04.23 01:34:22 | 000,028,672 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll MOD - [2010.04.23 01:33:24 | 002,887,904 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll MOD - [2010.04.23 01:33:20 | 000,025,824 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll MOD - [2010.04.23 01:33:00 | 000,323,808 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe MOD - [2010.03.22 23:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\sqlite3.dll MOD - [2009.03.30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe MOD - [2007.08.08 11:52:08 | 000,331,776 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll MOD - [2007.06.26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe MOD - [2007.06.15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll MOD - [2007.06.02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll MOD - [2006.11.22 18:31:30 | 000,065,536 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56ita.dll MOD - [2006.11.22 18:31:30 | 000,065,536 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56esp.dll MOD - [2006.11.22 18:31:30 | 000,065,536 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56brz.dll MOD - [2006.11.22 18:31:30 | 000,053,248 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56kor.dll MOD - [2006.11.22 18:31:28 | 000,065,536 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56ger.dll MOD - [2006.11.22 18:31:28 | 000,065,536 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56fra.dll MOD - [2006.11.22 18:31:28 | 000,065,536 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56dnk.dll MOD - [2006.11.22 18:31:28 | 000,057,344 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56jpn.dll MOD - [2006.11.22 18:31:28 | 000,053,248 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56cht.dll MOD - [2006.11.22 18:31:28 | 000,053,248 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56chs.dll MOD - [2006.10.26 00:37:52 | 000,045,056 | ---- | M] () -- C:\Program Files\ASUS\ATK Media\GERSTRING.dll ========== Services (SafeList) ========== SRV - [2013.03.05 19:16:15 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.16 01:34:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.08.28 06:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012.02.21 07:01:02 | 000,142,432 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04) SRV - [2011.11.30 15:12:40 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.06.01 17:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService) SRV - [2010.04.23 01:33:04 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService) SRV - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) SRV - [2008.01.21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2006.12.19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Andreas\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2013.01.20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2009.04.11 06:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan) DRV - [2008.08.26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.01.21 03:32:47 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2007.08.11 05:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2007.08.03 05:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2007.07.31 07:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2007.05.14 18:38:00 | 007,115,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.03.06 14:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.02.16 09:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.01.24 19:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2006.12.14 16:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.22 18:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3449463680-1578276531-568636548-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ IE - HKU\S-1-5-21-3449463680-1578276531-568636548-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3449463680-1578276531-568636548-1000\..\SearchScopes,DefaultScope = {F2AEC341-C9FE-42C3-8BBD-94CBF10A5161} IE - HKU\S-1-5-21-3449463680-1578276531-568636548-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3449463680-1578276531-568636548-1000\..\SearchScopes\{094A7713-483A-4791-B719-25E2DDAFAC79}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKU\S-1-5-21-3449463680-1578276531-568636548-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3449463680-1578276531-568636548-1000\..\SearchScopes\{F2AEC341-C9FE-42C3-8BBD-94CBF10A5161}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-3449463680-1578276531-568636548-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andreas\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.05 19:11:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.03 08:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions [2012.01.03 08:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.03.05 19:11:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013.02.16 01:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.02.16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.02.16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.02.16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\system32\npDeployJava1.dll O1 HOSTS File: ([2013.03.06 20:08:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe () O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe () O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe () O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKU\S-1-5-21-3449463680-1578276531-568636548-1000..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-3449463680-1578276531-568636548-1000..\Run: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-3449463680-1578276531-568636548-1000..\Run: [MusicManager] C:\Users\Andreas\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.) O4 - HKU\S-1-5-21-3449463680-1578276531-568636548-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3449463680-1578276531-568636548-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3449463680-1578276531-568636548-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.97 217.0.43.113 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3616D4E2-2025-4BF9-A64A-5C9539C44FBC}: DhcpNameServer = 217.0.43.97 217.0.43.113 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.06 21:16:57 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Documents\300-fe [2013.03.06 21:10:26 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Documents\302-fe [2013.03.06 20:21:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.06 20:10:30 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.06 19:35:04 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.03.06 18:58:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.06 18:50:09 | 005,036,545 | R--- | C] (Swearware) -- C:\Users\Andreas\Desktop\ComboFix.exe [2013.03.05 19:16:29 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Macromedia [2013.03.05 19:11:37 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Mozilla [2013.03.05 19:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2013.03.05 19:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.03.05 19:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.03.05 18:05:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.05 18:05:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.05 18:02:00 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.05 18:01:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.02 11:32:59 | 000,700,783 | R--- | C] (Swearware) -- C:\Users\Andreas\Desktop\dds+.exe [2013.03.02 10:25:20 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas\Desktop\TFC.exe [2013.02.28 21:09:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe [2013.02.27 18:43:35 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.02.23 14:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.02.14 21:48:35 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Documents\172_fe [2013.02.14 21:42:10 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Documents\GT-S7500_UM_German [2013.02.14 20:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard ========== Files - Modified Within 30 Days ========== [2013.03.09 09:00:50 | 000,076,797 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\nvModes.001 [2013.03.09 08:59:30 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2013.03.09 08:59:17 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2013.03.09 08:59:11 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.09 08:59:11 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.09 08:59:11 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.09 08:59:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.09 08:58:17 | 3086,188,544 | -HS- | M] () -- C:\hiberfil.sys [2013.03.06 22:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.06 22:42:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3449463680-1578276531-568636548-1000UA.job [2013.03.06 22:41:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.06 20:08:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.03.06 18:50:28 | 005,036,545 | R--- | M] (Swearware) -- C:\Users\Andreas\Desktop\ComboFix.exe [2013.03.06 18:49:59 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.03.05 19:11:32 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.02 11:33:02 | 000,700,783 | R--- | M] (Swearware) -- C:\Users\Andreas\Desktop\dds+.exe [2013.03.02 10:25:20 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\TFC.exe [2013.03.02 10:23:49 | 000,076,797 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\nvModes.dat [2013.03.02 10:09:34 | 000,000,207 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.03.02 10:04:47 | 000,594,019 | ---- | M] () -- C:\Users\Andreas\Desktop\adwcleaner.exe [2013.02.28 21:33:00 | 000,377,856 | ---- | M] () -- C:\Users\Andreas\Desktop\gmer_2.1.19115.exe [2013.02.28 21:09:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Desktop\OTL.exe [2013.02.28 21:05:34 | 000,000,000 | ---- | M] () -- C:\Users\Andreas\defogger_reenable [2013.02.28 21:03:59 | 000,050,477 | ---- | M] () -- C:\Users\Andreas\Desktop\Defogger.exe [2013.02.24 17:42:04 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3449463680-1578276531-568636548-1000Core.job [2013.02.24 14:30:30 | 000,000,524 | ---- | M] () -- C:\Windows\wiso.ini [2013.02.20 19:02:20 | 000,639,460 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.20 19:02:20 | 000,605,014 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.20 19:02:20 | 000,131,468 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.20 19:02:20 | 000,108,346 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.17 13:40:19 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.02.14 21:48:23 | 000,529,142 | ---- | M] () -- C:\Users\Andreas\Documents\172_fe.zip [2013.02.14 21:41:46 | 002,526,941 | ---- | M] () -- C:\Users\Andreas\Documents\GT-S7500_UM_German.zip [2013.02.14 20:38:32 | 000,228,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.14 20:23:38 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk [2013.02.14 20:12:54 | 000,001,356 | ---- | M] () -- C:\Users\Andreas\AppData\Local\d3d9caps.dat [2013.02.11 19:26:30 | 005,855,195 | ---- | M] () -- C:\Users\Andreas\Documents\Manual_SmartPadEP750_DE.pdf [2013.02.10 11:55:50 | 009,240,467 | ---- | M] () -- C:\Users\Andreas\Documents\MSI Handbuch.pdf ========== Files Created - No Company Name ========== [2013.03.05 19:11:32 | 000,000,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.03.05 19:11:32 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.05 18:05:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.05 18:05:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.05 18:05:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.05 18:05:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.05 18:05:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.02 10:08:55 | 000,000,207 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.03.02 10:04:39 | 000,594,019 | ---- | C] () -- C:\Users\Andreas\Desktop\adwcleaner.exe [2013.02.28 21:33:00 | 000,377,856 | ---- | C] () -- C:\Users\Andreas\Desktop\gmer_2.1.19115.exe [2013.02.28 21:05:34 | 000,000,000 | ---- | C] () -- C:\Users\Andreas\defogger_reenable [2013.02.28 21:03:59 | 000,050,477 | ---- | C] () -- C:\Users\Andreas\Desktop\Defogger.exe [2013.02.14 21:48:21 | 000,529,142 | ---- | C] () -- C:\Users\Andreas\Documents\172_fe.zip [2013.02.14 21:41:29 | 002,526,941 | ---- | C] () -- C:\Users\Andreas\Documents\GT-S7500_UM_German.zip [2013.02.14 20:23:38 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk [2013.02.14 20:16:43 | 3086,188,544 | -HS- | C] () -- C:\hiberfil.sys [2013.02.11 19:26:26 | 005,855,195 | ---- | C] () -- C:\Users\Andreas\Documents\Manual_SmartPadEP750_DE.pdf [2013.02.10 11:55:49 | 009,240,467 | ---- | C] () -- C:\Users\Andreas\Documents\MSI Handbuch.pdf [2013.01.01 10:57:37 | 000,000,524 | ---- | C] () -- C:\Windows\wiso.ini [2012.12.11 19:31:56 | 000,010,639 | ---- | C] () -- C:\Users\Andreas\Tanja_elster_2048.pfx [2012.12.04 20:45:46 | 000,000,001 | ---- | C] () -- C:\Users\Andreas\.SIG_PINSTATUS_VOREINSTELLUNG [2012.12.04 20:45:46 | 000,000,001 | ---- | C] () -- C:\Users\Andreas\.SIG_DIALOG_VOREINSTELLUNG [2012.09.03 18:19:41 | 000,016,577 | ---- | C] () -- C:\Users\Andreas\ESt2011_Gottschlich_Jörg_und_Gottschlich_Anja.elfo [2012.04.04 16:09:18 | 000,001,356 | ---- | C] () -- C:\Users\Andreas\AppData\Local\d3d9caps.dat [2012.02.18 14:46:40 | 000,153,746 | ---- | C] () -- C:\Users\Andreas\ESt2011_Lück_Andreas_und_Lück_Tanja.elfo [2011.11.20 10:41:39 | 000,000,095 | ---- | C] () -- C:\Users\Andreas\AppData\Local\fusioncache.dat [2011.11.20 10:25:28 | 000,009,216 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.18 17:37:45 | 000,076,797 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\nvModes.001 [2011.11.18 17:37:44 | 000,076,797 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\nvModes.dat [2011.11.17 23:56:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.11.17 23:56:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.11.17 22:12:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.11.17 06:34:20 | 000,081,920 | ---- | C] () -- C:\Windows\PGMONITOR.EXE [2011.11.17 06:32:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2011.11.17 06:31:43 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys [2011.11.17 06:19:48 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe [2011.11.17 06:05:59 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe [2011.11.17 06:05:48 | 000,037,232 | ---- | C] () -- C:\Windows\ASScrProlog.exe [2011.11.17 06:05:44 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll [2011.11.17 05:59:31 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin ========== ZeroAccess Check ========== [2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.06.16 13:34:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Amazon [2013.01.01 11:09:04 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Buhl Data Service [2012.02.18 14:39:37 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\elsterformular [2012.12.13 21:00:32 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Epson [2011.11.20 10:42:51 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Imaxel [2012.01.25 21:34:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Leadertech [2012.11.13 20:14:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Memeo [2012.07.29 18:26:52 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nokia [2011.12.08 21:49:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenOffice.org [2012.07.29 18:26:49 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\PC Suite [2012.07.26 20:37:43 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Rovio [2012.11.13 20:12:51 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Seagate [2012.01.03 08:12:19 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TomTom [2012.08.27 18:20:40 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Epson [2013.01.24 19:25:54 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Memeo [2013.01.24 19:25:55 | 000,000,000 | ---D | M] -- C:\Users\Niklas\AppData\Roaming\Seagate [2012.08.13 18:44:40 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Epson [2012.11.14 17:06:22 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Memeo [2012.11.21 16:59:26 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Rovio [2012.01.26 07:34:28 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Seagate [2012.03.05 20:22:07 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\TomTom ========== Purity Check ========== < End of report > |
|
09.03.2013, 09:52
| #14 |
| /// TB-Ausbilder | tbhcn wurde beendet und geschlossen Und das fragliche Fenster kommt von deinem Virenscanner oder der Windowsfirewall?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
09.03.2013, 17:45
| #15 |
| | tbhcn wurde beendet und geschlossen Das weiß ich eben nicht. VirenScanner hab ich keinen installiert. Wenn,dann von den Windows Programmen. Ich habe dann das Programm aus der Liste der automatisch beim SystemStart gestarteten Programme durch entfernen der Háckchens deinstalliert. Wusste nur gerne, welches Programm dafür verantwortlich ist. |
|
| Themen zu tbhcn wurde beendet und geschlossen |
| angst, anleitung, basic, beendet, beendet und geschlossen, beim starten, erhalte, geschlossen, hilfe!, hinweis, home, namens, programm, starte, starten, systemkonfiguration, systems, systemstart, tagen, tbhcn, verschiedene, verschiedenen, virus, vista, windows, windows vista, windows vista home basic |
Linear-Darstellung
