| |
| |||||||
Log-Analyse und Auswertung: Mein Browser stürzt ständig ab / Probleme bei Kaspersky und erstellen der LogsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.04.2013, 11:05
| #1 |
| |  Mein Browser stürzt ständig ab / Probleme bei Kaspersky und erstellen der Logs Hallo, ich habe seit mehreren Wochen Probleme mit meinem Internetbrowser (Mozilla Firefox). Als ich mir sämtliche Updates gezogen habe, trat das Problem weiterhin auf, also habe ich mal mit einem Virenprogramm (Antivir) meinen PC durchsuchen lassen. Dort wurden mehrere Trojaner (u.a. Spy.Banker.HT, an die anderen kann ich mich nicht mehr erinnern) gefunden und auch in Quarantäne verschoben, aber mir wurde gesagt, dass ich mich trotzdem hier umgucken solle, es könnte ja noch etwas auf dem PC sein und sich nur gut genug versteckt haben. Nachträglich habe ich noch Kaspersky runtergeladen und verwendet, aber hier gab es Schwierigkeiten. Zuerst hat der Scan sehr lange gebraucht, bis er von 0% auf 1% sprung (circa 10 Minuten) und als der Scan dann fertig war, konnte ich mich nirgends durchklicken oder geschweige denn angucken, was gefunden wurde. Da standen war "2 Funde", aber der weiterführende Knopf hat einfach nicht funktioniert. Auch als ich den Anweisungen für die Forenlogs folgte, sind einige Probleme aufgetreten. Ich war sehr gewissenhaft und habe alles genau nach Anleitung abgearbeitet, aber bei dem 2. Schritt (das mit OTL) wurde nur eine Textdatei erstellt, nämlich OTL.txt. Das habe ich circa 4x mit Neustarts zwischendurch probiert, aber jedes mal erschien nur ein Dokument. "Nagut", dachte ich mir und habe nach einem Neustart den 3. Schritt machen wollen. Nach circa einer Minute scannen mit der demgmer.exe stürzte diese ab. Wieder Neustart, wieder ein Absturz. Hier ist die OTL-Datei, den Rest kann ich, wie bereits oben genannt, nicht posten: OTL logfile created on: 30.04.2013 11:21:10 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\riseandShine\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,49 Gb Available Physical Memory | 81,31% Memory free 15,95 Gb Paging File | 14,40 Gb Available in Paging File | 90,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 350,76 Gb Free Space | 75,32% Space Free | Partition Type: NTFS Computer Name: RISEANDSHINE-PC | User Name: riseandShine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.30 10:40:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\riseandShine\Desktop\OTL.exe PRC - [2013.03.19 08:12:28 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.25 15:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.25 15:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.01.13 17:46:32 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.10 22:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe PRC - [2011.03.23 11:42:52 | 001,516,888 | ---- | M] (Logitech(c)) -- C:\Program Files (x86)\Logitech\G930\G930.exe PRC - [2010.12.02 04:15:14 | 000,915,584 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe PRC - [2010.11.03 11:30:14 | 000,918,144 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe PRC - [2010.10.21 11:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ========== Modules (No Company Name) ========== MOD - [2013.01.13 17:46:32 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2012.04.25 19:52:28 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll MOD - [2012.04.25 19:52:26 | 007,422,352 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll MOD - [2012.04.25 19:52:24 | 000,795,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll MOD - [2012.04.25 19:52:24 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll MOD - [2012.04.25 19:52:22 | 002,453,904 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll MOD - [2012.04.25 19:52:22 | 002,126,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.08.12 16:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.02.25 15:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.25 15:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.10.10 22:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS) SRV - [2010.12.02 04:15:14 | 000,915,584 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc) SRV - [2010.11.03 11:30:14 | 000,918,144 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc) SRV - [2010.10.21 11:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.06 15:13:37 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.26 15:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.26 15:56:50 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.18 17:20:22 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfBakerCamd64.sys -- (LADF_BakerCOnly) DRV:64bit: - [2011.03.18 14:33:48 | 000,335,688 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfBakerRamd64.sys -- (LADF_BakerROnly) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.08 19:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2010.12.08 19:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2010.11.22 09:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.09.21 08:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2010.08.10 11:29:16 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 47 B6 E6 9E 2E C6 CC 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Programme\Firefox\components [2012.08.30 13:24:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Programme\Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\riseandShine\AppData\Roaming\15001.027 [2013.01.30 22:16:37 | 000,000,000 | ---D | M] [2012.08.30 13:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\riseandShine\AppData\Roaming\mozilla\Extensions [2013.04.29 11:29:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\riseandShine\AppData\Roaming\mozilla\Firefox\Profiles\0113pyf1.default\extensions [2013.04.29 11:44:23 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\riseandShine\AppData\Roaming\mozilla\Firefox\Profiles\0113pyf1.default\extensions\ffxtlbr@delta.com [2013.04.29 11:44:23 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\riseandShine\AppData\Roaming\mozilla\Firefox\Profiles\0113pyf1.default\extensions\plugin@yontoo.com [2013.04.29 11:28:46 | 000,213,470 | ---- | M] () (No name found) -- C:\Users\riseandShine\AppData\Roaming\mozilla\firefox\profiles\0113pyf1.default\extensions\torntv2@torntv.com.xpi [2013.04.29 11:29:14 | 000,001,294 | ---- | M] () -- C:\Users\riseandShine\AppData\Roaming\mozilla\firefox\profiles\0113pyf1.default\searchplugins\delta.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe (Logitech(c)) O4 - HKCU..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3FD9F90-3D5A-44B7-B83A-BFA68917322A}: DhcpNameServer = 192.168.178.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.30 10:40:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\riseandShine\Desktop\OTL.exe [2013.04.29 12:24:17 | 000,000,000 | ---D | C] -- C:\Users\riseandShine\AppData\Roaming\Avira [2013.04.29 12:15:54 | 000,000,000 | ---D | C] -- C:\Users\riseandShine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan [2013.04.29 12:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.04.29 12:15:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2013.04.29 12:07:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ms-MY [2013.04.29 12:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.04.29 12:02:18 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.04.29 12:02:18 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.04.29 12:02:18 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.04.29 11:41:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.04.29 11:41:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.04.29 11:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.04.29 11:34:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.04.29 11:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.04.29 11:29:20 | 000,000,000 | ---D | C] -- C:\Users\riseandShine\AppData\Roaming\BabSolution [2013.04.29 11:29:08 | 000,000,000 | ---D | C] -- C:\Users\riseandShine\AppData\Roaming\Babylon [2013.04.29 11:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.04.29 11:29:04 | 000,000,000 | ---D | C] -- C:\Users\riseandShine\AppData\Roaming\Yontoo [2013.04.29 11:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.04.29 11:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TornTV.com [2013.04.28 18:14:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.28 18:13:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.04.07 19:04:22 | 000,000,000 | ---D | C] -- C:\Users\riseandShine\Desktop\April [1 C:\Users\riseandShine\AppData\Roaming\*.tmp files -> C:\Users\riseandShine\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.30 11:17:33 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.30 11:17:33 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.30 11:16:33 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.30 11:16:33 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.30 11:16:33 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.30 11:16:33 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.30 11:16:33 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.30 11:09:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.30 11:09:46 | 2129,244,159 | -HS- | M] () -- C:\hiberfil.sys [2013.04.30 10:48:52 | 000,377,856 | ---- | M] () -- C:\Users\riseandShine\Desktop\gmer_2.1.19163.exe [2013.04.30 10:40:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\riseandShine\Desktop\OTL.exe [2013.04.30 10:38:15 | 000,000,000 | ---- | M] () -- C:\Users\riseandShine\defogger_reenable [2013.04.30 10:36:25 | 000,050,477 | ---- | M] () -- C:\Users\riseandShine\Desktop\Defogger.exe [2013.04.29 12:15:38 | 000,001,077 | ---- | M] () -- C:\Users\riseandShine\Desktop\Kaspersky Security Scan.lnk [2013.04.29 12:07:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf [2013.04.29 12:07:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf [2013.04.29 12:07:14 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk [2013.04.29 12:02:28 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.04.26 23:54:30 | 000,198,621 | ---- | M] () -- C:\Users\riseandShine\Desktop\Katakana_image.jpg [2013.04.26 23:52:48 | 000,103,351 | ---- | M] () -- C:\Users\riseandShine\Desktop\hiragana_chart.jpg [1 C:\Users\riseandShine\AppData\Roaming\*.tmp files -> C:\Users\riseandShine\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.30 10:48:52 | 000,377,856 | ---- | C] () -- C:\Users\riseandShine\Desktop\gmer_2.1.19163.exe [2013.04.30 10:38:15 | 000,000,000 | ---- | C] () -- C:\Users\riseandShine\defogger_reenable [2013.04.30 10:36:24 | 000,050,477 | ---- | C] () -- C:\Users\riseandShine\Desktop\Defogger.exe [2013.04.29 12:15:54 | 000,001,077 | ---- | C] () -- C:\Users\riseandShine\Desktop\Kaspersky Security Scan.lnk [2013.04.29 12:07:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf [2013.04.29 12:07:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf [2013.04.29 12:07:14 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk [2013.04.29 12:02:28 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.04.26 23:54:29 | 000,198,621 | ---- | C] () -- C:\Users\riseandShine\Desktop\Katakana_image.jpg [2013.04.26 23:52:45 | 000,103,351 | ---- | C] () -- C:\Users\riseandShine\Desktop\hiragana_chart.jpg [2012.10.23 13:29:48 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.12.29 15:47:15 | 001,076,016 | ---- | C] () -- C:\Windows\PE_File.dll [2011.12.29 15:31:50 | 001,032,112 | ---- | C] () -- C:\Windows\PE_Rom.dll [2011.12.29 15:29:43 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011.12.29 15:29:42 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2011.12.29 15:10:03 | 000,041,153 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011.12.29 15:09:31 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.12.29 15:09:28 | 000,027,693 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.06.23 17:15:21 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\12001.023 [2012.07.24 20:10:30 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\12001.048 [2012.07.25 12:54:32 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\12001.049 [2012.07.26 16:18:43 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\12001.050 [2012.08.05 21:01:00 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\12001.054 [2012.08.07 18:34:48 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\12001.057 [2012.08.08 21:24:56 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\12001.059 [2012.08.09 17:10:39 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\12001.060 [2012.08.10 16:26:02 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\12001.062 [2012.08.15 12:53:31 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\12001.063 [2012.06.01 18:44:57 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\12011 [2012.08.30 16:49:20 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\15001.001 [2012.09.26 15:27:45 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\15001.003 [2012.10.05 23:37:16 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\15001.005 [2012.10.13 19:22:46 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\15001.008 [2012.10.19 23:12:46 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\15001.012 [2012.10.31 01:41:37 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\15001.013 [2012.11.10 11:55:52 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\15001.015 [2013.01.30 22:16:37 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\15001.027 [2013.04.29 11:44:23 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\BabSolution [2013.04.29 11:29:08 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\Babylon [2011.12.29 15:55:08 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\HD Tune Pro [2012.04.11 16:01:23 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\ICQ Search [2012.06.01 18:44:37 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\kock [2012.04.19 18:28:54 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\Leadertech [2013.01.30 22:41:02 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\LolClient [2013.03.26 23:59:11 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\Might & Magic Heroes VI [2012.04.10 14:37:30 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\OpenOffice.org [2013.04.29 23:05:56 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\TS3Client [2012.08.30 13:18:15 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\UAs [2012.08.30 13:18:22 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\xmldm [2013.04.29 11:44:23 | 000,000,000 | ---D | M] -- C:\Users\riseandShine\AppData\Roaming\Yontoo ========== Purity Check ========== < End of report > Ich danke euch auf jeden Fall schon mal im Voraus, ich habe überhaupt keine Ahnung von diesen ganzen PC-Zeugs und bin ziemlich aufgeschmissen  Liebe Grüße, Mion |
| Themen zu Mein Browser stürzt ständig ab / Probleme bei Kaspersky und erstellen der Logs |
| adware/installcore.gen, browser absturz, exp/java.ternub.gen, exp/js.blackhole.j, exp/pidief.dkg, gebraucht, js/agent.arb, kaspersky, kaspersky funktioniert nicht, logerstellung nicht möglich, monitor.exe, mozilla, pando media booster, plug-in, programm, rkit/agent.deyz, software, tarma, tr/spy.bafi.2, tr/spy.bafi.r.3, tr/spy.banker.eb.4, tr/spy.banker.gen2, tr/spy.banker.yh, tr/spy.gen, windows |
Baum-Darstellung