|
Log-Analyse und Auswertung: Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.07.2013, 16:40 | #1 |
| Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Hallo! Rechner: Win7 Starter auf Asus Eee PC Seashell Problem: Panda Cloud hat vor 2 Tagen den Trojaner "Dtcontx.F" gemeldet. Darauf habe ich den Rechner erstmal runtergefahren. Heute wollte ich das Problem angehen und fahre den Rechner hoch. Panda meldet, der Trojaner sei gelöscht, meldet aber bereits erneut denselben Trojaner. Um den Trojaner zu löschen, meldet Panda, muss der Rechner neu gestartet werden. Zwischenzeitlich war ich hier auf dem Board gelandet und habe die OLT- und Gmer-Scans gestartet, mit den geforderten Neustarts des Rechners. Direkt nach den Neustarts wurden von Panda der Dcontx.F und dann auch noch der CI.A gemeldet. Dies ist der Staus quo. Die beschriebene Historie ist im angehängten Panda-Report ersichtlich. Was ir darin auffällt: Die betroffenen Dateien sind immer im Verzeichnis C:\Users\<user> wobei <user> länge als 8 Zeichen ist. Beim Eintrag 19.07.2013 12:53:11 wurde der Username jedoch auf 8 Zeichen, bzw. auf 6 Zeich mit angehängtem "~1" gekürzt. Diesen Pfad gibt es jedoch nicht auf dem Rechner. Hier die geforderten Scans: Ich habe überall den Usernamen durch <user> ersetzt. OLT.txt Code:
ATTFilter OTL logfile created on: 19.07.2013 13:44:19 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\<user>\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,46% Memory free 3,98 Gb Paging File | 2,86 Gb Available in Paging File | 71,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 63,32 Gb Free Space | 63,32% Space Free | Partition Type: NTFS Drive D: | 183,07 Gb Total Space | 182,96 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Drive E: | 30,83 Mb Total Space | 13,12 Mb Free Space | 42,55% Space Free | Partition Type: FAT Drive W: | 5,00 Gb Total Space | 3,93 Gb Free Space | 78,55% Space Free | Partition Type: FAT32 Computer Name: PORTABLE-IK | User Name: <user> | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.19 12:59:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\<user>\Desktop\OTL.exe PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.09.05 12:23:49 | 000,453,552 | ---- | M] (LaCie) -- C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe PRC - [2012.07.13 07:15:56 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe PRC - [2012.07.13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe PRC - [2012.07.13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe PRC - [2012.03.19 10:51:36 | 000,217,256 | ---- | M] (Panda Security) -- C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe PRC - [2012.01.03 17:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.03.23 21:33:00 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe PRC - [2011.03.11 03:05:54 | 001,095,080 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe PRC - [2011.03.04 01:33:20 | 000,101,288 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe PRC - [2011.03.04 01:33:14 | 000,224,680 | ---- | M] () -- C:\Windows\System32\AsusService.exe PRC - [2011.03.04 01:33:12 | 001,252,272 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\HotkeyService\HotkeyService.exe PRC - [2011.02.25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.12 17:22:26 | 000,091,464 | ---- | M] () -- C:\ExpressGateUtil\VAWinService.exe PRC - [2010.11.15 21:27:22 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\ASUS\CapsHook\CapsHook.exe PRC - [2010.11.15 21:25:36 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\SHE\SuperHybridEngine.exe PRC - [2010.07.19 21:26:00 | 000,370,480 | ---- | M] (syncables, LLC) -- C:\Program Files\syncables\syncables desktop\syncables.exe PRC - [2010.07.19 21:26:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe PRC - [2010.05.21 22:42:48 | 002,839,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe PRC - [2010.05.21 22:42:48 | 000,828,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2010.05.21 22:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2010.04.13 09:32:40 | 000,548,744 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe PRC - [2010.04.07 07:16:52 | 001,599,880 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe ========== Modules (No Company Name) ========== MOD - [2013.07.16 23:12:38 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\46e5c98ee0b6840ffbc7875ec30e6b38\Microsoft.VisualBasic.ni.dll MOD - [2013.07.16 19:04:32 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll MOD - [2013.07.16 19:03:52 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll MOD - [2013.07.16 19:02:14 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll MOD - [2013.07.16 19:01:58 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll MOD - [2013.07.16 19:01:55 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll MOD - [2013.07.16 19:01:26 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2013.07.16 09:13:55 | 000,043,520 | ---- | M] () -- C:\Users\<user>\AppData\Local\Wuala\Program0\lib.443\proxy_util_w32.dll MOD - [2013.07.16 08:34:47 | 000,949,426 | ---- | M] () -- C:\Users\<user>\AppData\Local\Wuala\Program0\lib.443\jnotify.dll MOD - [2013.07.16 08:33:54 | 000,165,376 | ---- | M] () -- C:\Users\<user>\AppData\Local\Wuala\Program0\lib.443\orangevolt-4n-1.1.2.dll MOD - [2013.07.16 08:33:49 | 000,370,688 | ---- | M] () -- C:\Users\<user>\AppData\Local\Wuala\Program0\lib.443\jcbfs3.dll MOD - [2012.09.05 09:59:24 | 000,043,520 | ---- | M] () -- C:\Users\<user>\AppData\Local\Temp\proxy_util_w32.dll MOD - [2011.03.23 21:33:00 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe MOD - [2010.09.02 13:08:00 | 000,118,784 | ---- | M] () -- C:\PROGRA~1\ASUS\ASUSWE~1\30108~1.222\ASUSWS~1.DLL MOD - [2010.05.21 22:42:58 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll ========== Services (SafeList) ========== SRV - [2013.06.12 15:13:27 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.07.14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService) SRV - [2012.07.13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain) SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.03.04 01:33:14 | 000,224,680 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService) SRV - [2011.03.02 06:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011.01.12 17:22:26 | 000,091,464 | ---- | M] () [Auto | Running] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService) SRV - [2010.05.21 22:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) ========== Driver Services (SafeList) ========== DRV - File not found [File_System | Disabled | Running] -- system32\Drivers\PsBoot.sys -- (PsBoot) DRV - [2012.07.13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC) DRV - [2012.07.13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt) DRV - [2012.07.13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc) DRV - [2012.07.13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt) DRV - [2012.07.13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile) DRV - [2012.07.12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSStrm.sys -- (NNSSTRM) DRV - [2012.06.27 15:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNStlsc.sys -- (NNSTLSC) DRV - [2012.06.27 15:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSProt.sys -- (NNSPROT) DRV - [2012.06.27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPrv.sys -- (NNSPRV) DRV - [2012.06.27 15:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSSmtp.sys -- (NNSSMTP) DRV - [2012.06.27 15:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPop3.sys -- (NNSPOP3) DRV - [2012.06.27 15:51:05 | 000,060,968 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\NNSPihsw.sys -- (NNSPIHSW) DRV - [2012.06.27 15:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSIds.sys -- (NNSIDS) DRV - [2012.06.27 15:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSpicc.sys -- (NNSPICC) DRV - [2012.06.27 15:51:04 | 000,028,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NNSNAHSL.sys -- (NNSNAHSL) DRV - [2012.06.27 15:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSHttp.sys -- (NNSHTTP) DRV - [2012.06.27 15:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSAlpc.sys -- (NNSALPC) DRV - [2012.04.09 16:27:34 | 000,299,024 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3) DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2011.03.10 18:04:57 | 000,046,280 | ---- | M] (Panda Security) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\PSKMAD.sys -- (PSKMAD) DRV - [2010.11.20 12:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 12:24:42 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010.09.27 09:23:58 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010.08.03 07:20:56 | 000,011,832 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2010.06.28 07:24:00 | 000,011,456 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO) DRV - [2009.07.22 06:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd) DRV - [2009.07.20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://www.google.com/search?ie=utf-8&oe=utf-8&rlz=1V4IPYX&q={searchTerms} IE - HKCU\..\SearchScopes\{BB4AD99B-51CA-46A7-9BB3-AD5F7680E89D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=4EB513DA-586A-4A91-AAA6-031BE75693A8&apn_sauid=4374B2D2-D1D9-43DB-9668-01F1287A8AD6 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.23 23:10:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.23 23:10:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\<user>\AppData\Roaming\mozilla\Extensions [2013.05.22 21:23:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\<user>\AppData\Roaming\mozilla\Firefox\Profiles\tmpnzboc.default\extensions [2012.10.28 12:15:46 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\<user>\AppData\Roaming\mozilla\Firefox\Profiles\tmpnzboc.default\extensions\toolbar@ask.com [2013.03.18 08:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.08.02 23:18:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.28 12:04:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.14 03:02:55 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2012.07.14 03:02:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.14 03:02:55 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2012.07.14 03:02:55 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2012.07.14 03:02:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [2012.07.14 03:02:55 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security) O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe () O4 - HKCU..\Run: [Syncables] C:\Program Files\syncables\syncables desktop\Syncables.exe (syncables, LLC) O4 - Startup: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk = C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe (LaCie) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51C5442E-A9A4-4DD4-AB72-FA16DDCC1BB9}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89D62A12-4BBE-4A3F-BC9A-CAC796B28273}: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2030.01.01 13:50:16 | 000,000,000 | -HSD | C] -- C:\Boot [2013.07.19 13:34:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\<user>\Desktop\OTL.exe [2013.07.19 13:05:39 | 000,046,280 | ---- | C] (Panda Security) -- C:\windows\System32\drivers\PSKMAD.sys [2013.07.16 19:11:05 | 000,000,000 | ---D | C] -- C:\Users\<user>\AppData\Roaming\Xafezye [2013.07.16 19:11:05 | 000,000,000 | ---D | C] -- C:\Users\<user>\AppData\Roaming\Pywe [2013.07.16 19:10:57 | 000,000,000 | ---D | C] -- C:\Users\<user>\AppData\Roaming\Viyh [2013.07.16 19:10:57 | 000,000,000 | ---D | C] -- C:\Users\<user>\AppData\Roaming\Ifu [2013.07.16 15:38:09 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2013.07.16 15:38:05 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2013.07.16 15:38:04 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2013.07.16 15:38:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll [2013.07.16 15:38:02 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2013.07.16 15:38:00 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2013.07.16 15:38:00 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe [2013.07.16 15:37:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll [2013.07.16 15:37:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe [2013.07.16 15:37:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll [2013.07.16 08:44:21 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll [2013.07.16 08:44:15 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL [2013.07.16 08:44:11 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qedit.dll [2013.07.16 08:44:04 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys ========== Files - Modified Within 30 Days ========== [2013.07.19 13:34:11 | 000,092,249 | ---- | M] () -- C:\Users\<user>\Desktop\Panda-Report.jpg [2013.07.19 13:23:39 | 000,666,022 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013.07.19 13:23:39 | 000,627,864 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013.07.19 13:23:39 | 000,133,944 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013.07.19 13:23:39 | 000,110,326 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013.07.19 13:13:14 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.19 13:13:14 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.19 13:13:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.07.19 13:05:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.07.19 13:05:12 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys [2013.07.19 13:00:16 | 000,377,856 | ---- | M] () -- C:\Users\<user>\Desktop\gmer_2.1.19163.exe [2013.07.19 12:59:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\<user>\Desktop\OTL.exe [2013.07.16 18:59:18 | 000,315,344 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2030.01.01 13:50:16 | 000,383,786 | RHS- | C] () -- C:\bootmgr [2013.07.19 13:34:57 | 000,377,856 | ---- | C] () -- C:\Users\<user>\Desktop\gmer_2.1.19163.exe [2013.07.19 13:34:09 | 000,092,249 | ---- | C] () -- C:\Users\<user>\Desktop\Panda-Report.jpg [2012.11.05 10:16:47 | 000,434,176 | ---- | C] () -- C:\windows\System32\ZSHP1020.EXE [2012.09.05 12:24:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl [2012.03.17 12:47:49 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini [2012.03.17 12:45:40 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat [2011.04.21 02:56:11 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 19.07.2013 13:44:19 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\<user>\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,46% Memory free 3,98 Gb Paging File | 2,86 Gb Available in Paging File | 71,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 63,32 Gb Free Space | 63,32% Space Free | Partition Type: NTFS Drive D: | 183,07 Gb Total Space | 182,96 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Drive E: | 30,83 Mb Total Space | 13,12 Mb Free Space | 42,55% Space Free | Partition Type: FAT Drive W: | 5,00 Gb Total Space | 3,93 Gb Free Space | 78,55% Space Free | Partition Type: FAT32 Computer Name: PORTABLE-IK | User Name: <user> | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{A58E7306-2B16-433F-B710-E19B85524A0A}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | "{BA6DF6ED-66E8-4241-8E9E-991536B4990C}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | "{C5E3C9ED-BB47-432C-9821-0D3D264CF425}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{CA3E3652-B45B-4453-854C-8560416431CA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{9DF15337-4E25-42D6-AFE8-E4F24E383B81}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{BAF7435B-578D-471D-BF62-6ECDEE6629E1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{CA2F4121-A03B-4CCD-860D-E8B1FA42BFAF}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{E575682C-AA9D-4F46-9E9C-1230B55CC593}" = protocol=17 | dir=in | app=c:\program files\panda security\panda security toolbar\dtuser.exe | "{F8849DB1-9DE1-4DE3-A193-853ED518DACF}" = protocol=6 | dir=in | app=c:\program files\panda security\panda security toolbar\dtuser.exe | "TCP Query User{14DD44EA-7689-4D13-9DE6-DC21D05612B9}C:\users\<user>\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\<user>\appdata\roaming\wuala\wuala.exe | "TCP Query User{35DC0C5B-19E8-4793-BD48-F6298FD56D0A}C:\users\<user>\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\<user>\appdata\roaming\wuala\wuala.exe | "TCP Query User{3F306CDF-929E-406A-AFFD-31C3D50AED00}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | "TCP Query User{847ECC4B-9EAE-4323-B299-D534D8BB3D52}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | "TCP Query User{B461BADE-4366-44D1-9D63-955D30C4479F}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | "TCP Query User{FFBD621D-3D73-4222-B97D-5F80A26324BE}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | "UDP Query User{0D4E388F-A537-4F69-BDED-29765BAA7D6B}C:\users\<user>\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\<user>\appdata\roaming\wuala\wuala.exe | "UDP Query User{2439E76D-3AD4-498F-B4D2-6A88EA240817}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | "UDP Query User{6F303378-AEF3-463E-85D8-340E99FDF9E6}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | "UDP Query User{81D0E884-F0D2-4887-9CD0-14EC564D786F}C:\users\<user>\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\<user>\appdata\roaming\wuala\wuala.exe | "UDP Query User{938E5072-52B7-436E-A6CF-D78182044B1C}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | "UDP Query User{BC4F4047-36C5-4D51-AC7B-223B5F8449E2}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0F1A2E4E-E2EE-4806-B7CE-356D83A3CDEB}" = Windows Live Family Safety "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer "{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{41D6CED7-65E8-4EBB-BB1A-B45E2D8CF6D7}" = Windows Live Family Safety "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources "{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook "{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC "{5CE74A57-75E8-43A9-9BAA-CB97A1A23043}" = Panda Cloud Antivirus "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{99E77016-BCF2-48C8-9119-43ECF5815F65}" = AsusScreensaver "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources "{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ASUS WebStorage" = ASUS WebStorage "Eee Docking_is1" = Eee Docking 3.8.3 "Elantech" = ETDWare PS/2-x86 7.0.5.11_WHQL "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer "InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud "InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 14.0.1 (x86 en-GB)" = Mozilla Firefox 14.0.1 (x86 en-GB) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Panda Security URL Filtering" = Panda Security URL Filtering "Panda Universal Agent Endpoint" = Panda Cloud Antivirus "pandasecuritytb" = Panda Security Toolbar "Toolbar Cleaner" = Toolbar Cleaner 1.0 "WinLiveSuite" = Windows Live Essentials "Wuala CBFS" = Wuala CBFS "Wuala OverlayIcons" = Wuala OverlayIcons ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "Wuala" = Wuala ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 24.04.2013 13:27:45 | Computer Name = portable-IK | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: WINWORDC.EXE, Version: 14.0.6129.5000, Zeitstempel: 0x5082ffdf Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00690073 ID des fehlerhaften Prozesses: 0xe1c Startzeit der fehlerhaften Anwendung: 0x01ce4110c7ceca3b Pfad der fehlerhaften Anwendung: Q:\140066.deu\Office14\WINWORDC.EXE Pfad des fehlerhaften Moduls: unknown Berichtskennung: 46135fa4-ad04-11e2-8de2-742f68cef929 Error - 24.04.2013 14:25:40 | Computer Name = portable-IK | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x6ec Startzeit der fehlerhaften Anwendung: 0x01ce411913675de9 Pfad der fehlerhaften Anwendung: C:\windows\system32\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 5db053c6-ad0c-11e2-bf03-742f68cef929 Error - 05.05.2013 06:35:51 | Computer Name = portable-IK | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error - 05.05.2013 14:23:18 | Computer Name = portable-IK | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error - 05.05.2013 14:36:32 | Computer Name = portable-IK | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error - 05.05.2013 14:49:38 | Computer Name = portable-IK | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error - 15.05.2013 18:21:51 | Computer Name = portable-IK | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Panda_URL_Filtering.exe, Version: 1.0.1.34, Zeitstempel: 0x4f58eb32 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00039342 ID des fehlerhaften Prozesses: 0x9a8 Startzeit der fehlerhaften Anwendung: 0x01ce51b9474ebd79 Pfad der fehlerhaften Anwendung: C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe Pfad des fehlerhaften Moduls: C:\windows\system32\ole32.dll Berichtskennung: d6dc246a-bdad-11e2-9a2c-742f68cef929 Error - 09.06.2013 14:36:38 | Computer Name = portable-IK | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Panda_URL_Filtering.exe, Version: 1.0.1.34, Zeitstempel: 0x4f58eb32 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00039342 ID des fehlerhaften Prozesses: 0xf3c Startzeit der fehlerhaften Anwendung: 0x01ce653d4c36c5b8 Pfad der fehlerhaften Anwendung: C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe Pfad des fehlerhaften Moduls: C:\windows\system32\ole32.dll Berichtskennung: 84d87a03-d133-11e2-b5bd-742f68cef929 Error - 18.06.2013 12:23:09 | Computer Name = portable-IK | Source = Application Hang | ID = 1002 Description = Programm WINWORDC.EXE, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2fc Startzeit: 01ce6c3d83ddff3a Endzeit: 32 Anwendungspfad: Q:\140066.deu\Office14\WINWORDC.EXE Berichts-ID: 514d78e5-d833-11e2-bf2c-742f68cef929 Error - 24.06.2013 02:16:00 | Computer Name = portable-IK | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: [ System Events ] Error - 10.02.2013 10:09:44 | Computer Name = portable-IK | Source = DCOM | ID = 10010 Description = Error - 14.02.2013 15:10:41 | Computer Name = portable-IK | Source = DCOM | ID = 10010 Description = Error - 15.02.2013 10:38:21 | Computer Name = portable-IK | Source = WMPNetworkSvc | ID = 866300 Description = Error - 16.02.2013 16:58:05 | Computer Name = portable-IK | Source = WMPNetworkSvc | ID = 866300 Description = Error - 18.02.2013 18:06:12 | Computer Name = portable-IK | Source = DCOM | ID = 10010 Description = Error - 18.02.2013 18:06:08 | Computer Name = portable-IK | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst btwdins erreicht. Error - 21.02.2013 17:19:58 | Computer Name = portable-IK | Source = WMPNetworkSvc | ID = 866300 Description = Error - 22.02.2013 02:29:49 | Computer Name = portable-IK | Source = WMPNetworkSvc | ID = 866300 Description = Error - 27.02.2013 14:56:53 | Computer Name = portable-IK | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht. Error - 27.02.2013 14:56:54 | Computer Name = portable-IK | Source = DCOM | ID = 10010 Description = < End of report > Extras.txt: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-07-19 17:08:38 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST932032 rev.0003 298,09GB Running: gmer_2.1.19163.exe; Driver: C:\Users\<user>\AppData\Local\Temp\uwlyapow.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 820489F5 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 820821F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- Devices - GMER 2.1 ---- Device Ntfs.sys AttachedDevice cbfs3.sys Device fastfat.SYS Device Sftfslh.sys Device \Driver\BTHUSB \Device\00000081 bthport.sys Device \Driver\BTHUSB \Device\00000083 bthport.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat cbfs3.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{9D801AB8-362A-4915-AD1B-84C0AC6A3A91}?\Device\{CA81891F-7045-4EAE-8188-8A06668503F6}?\Device\{B3D35547-86CE-4B06-847B-4926F53EBD43}?\Device\{99D75C0B-9599-4D87-87A6-EC5FD64938B4}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{9D801AB8-362A-4915-AD1B-84C0AC6A3A91}"?"{CA81891F-7045-4EAE-8188-8A06668503F6}"?"{B3D35547-86CE-4B06-847B-4926F53EBD43}"?"{99D75C0B-9599-4D87-87A6-EC5FD64938B4}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{9D801AB8-362A-4915-AD1B-84C0AC6A3A91}?\Device\TCPIP6TUNNEL_{CA81891F-7045-4EAE-8188-8A06668503F6}?\Device\TCPIP6TUNNEL_{B3D35547-86CE-4B06-847B-4926F53EBD43}?\Device\TCPIP6TUNNEL_{99D75C0B-9599-4D87-87A6-EC5FD64938B4}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68cef929 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06da17155 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{CA81891F-7045-4EAE-8188-8A06668503F6}@InterfaceName isatap.{BEA210D1-39F4-4172-AA53-5BB79BEC0CF2} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{CA81891F-7045-4EAE-8188-8A06668503F6}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68cef929 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06da17155 (not active ControlSet) Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{346F58E0-7095-11E1-B959-806E6F6E6963} 1957051552 ---- EOF - GMER 2.1 ---- Schon mal vorab: DANKE! |
19.07.2013, 17:10 | #2 |
/// the machine /// TB-Ausbilder | Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
19.07.2013, 21:30 | #3 |
| Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Danke für die schnelle Antwort!
__________________Hier das Ergebnis des FRST Scans: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-07-2013 Ran by SYSTEM on 19-07-2013 22:21:26 Running from E:\ Windows 7 Starter (X86) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log. ==================== Registry (Whitelisted) ================== HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-12] (AsusTek Computer Inc.) HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-26] (AsusTek Computer Inc.) HKU\Default User\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-12] (AsusTek Computer Inc.) HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-26] (AsusTek Computer Inc.) HKU\<user>\...\Run: [Syncables] - C:\Program Files\syncables\syncables desktop\Syncables.exe [ 2010-07-19] (syncables, LLC) ram Files\ASUS\APRP\APRP.EXE [2018032 2011-04-20] (ASUSTek Computer Inc.) HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme) HKLM\...\Run: [Panda Security URL Filtering] - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [217256 2012-03-19] (Panda Security) HKLM\...\Run: [PSUAMain] - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37152 2012-07-12] (Panda Security, S.L.) HKLM\...\Run: [] - [x] HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-11] (Oracle Corporation) Startup: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk ShortcutTarget: Wuala.lnk -> (No File) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ========================== Services (Whitelisted) ================= S2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-03] () S2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140064 2012-07-12] (Panda Security, S.L.) S2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [36640 2012-07-12] (Panda Security, S.L.) S2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] () ==================== Drivers (Whitelisted) ==================== S1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-27] () S1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-02] () S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2010-05-20] (Broadcom Corporation.) S1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation) S3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.) S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( ) S1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [82472 2012-06-27] (Panda Security, S.L.) S1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [120744 2012-06-27] (Panda Security, S.L.) S1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [122664 2012-06-27] (Panda Security, S.L.) S1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [28712 2012-06-27] (Panda Security, S.L.) S1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [93992 2012-06-27] (Panda Security, S.L.) S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [60968 2012-06-27] (Panda Security, S.L.) S1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [104104 2012-06-27] (Panda Security, S.L.) S1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [286376 2012-06-27] (Panda Security, S.L.) S1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [153000 2012-06-27] (Panda Security, S.L.) S1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [106536 2012-06-27] (Panda Security, S.L.) S1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [206632 2012-07-12] (Panda Security, S.L.) S1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [92840 2012-06-27] (Panda Security, S.L.) S2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [148520 2012-07-12] (Panda Security, S.L.) S2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [103464 2012-07-12] (Panda Security, S.L.) S1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [174632 2012-07-12] (Panda Security, S.L.) S2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114216 2012-07-12] (Panda Security, S.L.) S2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [120872 2012-07-12] (Panda Security, S.L.) S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2030-01-01 03:50 - 2010-11-20 04:40 - 00383786 __RSH C:\bootmgr 2013-07-19 22:21 - 2013-07-19 22:21 - 00000000 ____D C:\FRST 2013-07-19 07:08 - 2013-07-19 07:08 - 00004800 _____ C:\Users\<user>\Desktop\gmer.txt 2013-07-19 04:03 - 2013-07-19 04:03 - 00049474 _____ C:\Users\<user>\Desktop\Extras.Txt 2013-07-19 04:01 - 2013-07-19 04:01 - 00060882 _____ C:\Users\<user>\Desktop\OTL.Txt 2013-07-19 03:34 - 2013-07-19 03:00 - 00377856 _____ C:\Users\<user>\Desktop\gmer_2.1.19163.exe 2013-07-19 03:34 - 2013-07-19 02:59 - 00602112 _____ (OldTimer Tools) C:\Users\<user>\Desktop\OTL.exe 2013-07-16 09:11 - 2013-07-16 09:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Xafezye 2013-07-16 09:11 - 2013-07-16 09:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Pywe 2013-07-16 09:10 - 2013-07-19 03:06 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Viyh 2013-07-16 09:10 - 2013-07-18 23:09 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Ifu 2013-07-16 05:38 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-07-16 05:38 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-07-16 05:38 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-07-16 05:38 - 2013-06-11 15:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-07-16 05:38 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-07-16 05:38 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-07-16 05:38 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-07-16 05:38 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-07-16 05:37 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-07-16 05:37 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-07-16 05:37 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-07-16 05:37 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-07-16 05:37 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-07-16 05:37 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-07-16 05:37 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-07-16 05:37 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-07-15 22:44 - 2013-06-04 19:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-07-15 22:44 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll 2013-07-15 22:44 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL 2013-07-15 22:44 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll ==================== One Month Modified Files and Folders ======= 2030-01-01 03:50 - 2009-07-13 20:57 - 00029696 ___SH C:\Windows\System32\config\BCD-Template.LOG 2030-01-01 03:50 - 2009-07-13 20:52 - 00032768 _____ C:\Windows\System32\config\BCD-Template 2013-07-19 22:21 - 2013-07-19 22:21 - 00000000 ____D C:\FRST 2013-07-19 12:11 - 2012-03-17 16:59 - 01626497 _____ C:\Windows\WindowsUpdate.log 2013-07-19 12:11 - 2009-07-13 20:34 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-19 12:11 - 2009-07-13 20:34 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-19 11:41 - 2009-07-27 02:11 - 01530778 _____ C:\Windows\System32\PerfStringBackup.INI 2013-07-19 11:36 - 2012-06-01 15:42 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering 2013-07-19 11:35 - 2009-07-13 20:39 - 00088788 _____ C:\Windows\setupact.log 2013-07-19 07:08 - 2013-07-19 07:08 - 00004800 _____ C:\Users\<user>\Desktop\gmer.txt 2013-07-19 07:08 - 2012-03-17 02:44 - 00000000 ___RD C:\Users\<user>\Desktop 2013-07-19 05:24 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-07-19 04:03 - 2013-07-19 04:03 - 00049474 _____ C:\Users\<user>\Desktop\Extras.Txt 2013-07-19 04:01 - 2013-07-19 04:01 - 00060882 _____ C:\Users\<user>\Desktop\OTL.Txt 2013-07-19 03:06 - 2013-07-16 09:10 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Viyh 2013-07-19 03:05 - 2012-03-17 02:44 - 00000000 ____D C:\users\<user> 2013-07-19 03:00 - 2013-07-19 03:34 - 00377856 _____ C:\Users\<user>\Desktop\gmer_2.1.19163.exe 2013-07-19 02:59 - 2013-07-19 03:34 - 00602112 _____ (OldTimer Tools) C:\Users\<user>\Desktop\OTL.exe 2013-07-18 23:09 - 2013-07-16 09:10 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Ifu 2013-07-18 23:01 - 2012-08-20 06:55 - 00000000 ____D C:\Users\<user>\Documents\<user> 2013-07-16 09:11 - 2013-07-16 09:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Xafezye 2013-07-16 09:11 - 2013-07-16 09:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Pywe 2013-07-16 08:59 - 2009-07-13 20:33 - 00315344 _____ C:\Windows\System32\FNTCACHE.DAT 2013-07-16 08:57 - 2011-04-20 17:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-16 08:57 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-16 05:33 - 2012-07-16 01:40 - 75699896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-07-16 05:24 - 2012-03-26 09:27 - 00000000 ____D C:\Users\<user>\AppData\Roaming\SoftGrid Client 2013-07-15 23:53 - 2012-08-20 07:15 - 00000000 ____D C:\Users\<user>\Documents\Kram Files to move or delete: ==================== C:\ProgramData\FullRemove.exe ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-05-15 14:18:24 Restore point made on: 2013-06-13 06:39:10 Restore point made on: 2013-06-23 22:11:23 Restore point made on: 2013-07-16 02:38:00 Restore point made on: 2013-07-16 05:25:49 ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 2038.12 MB Available physical RAM: 1651.7 MB Total Pagefile: 2038.12 MB Available Pagefile: 1654.33 MB Total Virtual: 2047.88 MB Available Virtual: 1934.59 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:100 GB) (Free:63.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:183.07 GB) (Free:182.96 GB) NTFS Drive e: (USB-Stick) (Removable) (Total:0.03 GB) (Free:0.01 GB) FAT Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D1FFC8CF) Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=15 GB) - (Type=1B) Partition 3: (Not Active) - (Size=183 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=16 MB) - (Type=EF) ======================================================== Disk: 1 (Size: 31 MB) (Disk ID: 617A130E) Partition 1: (Active) - (Size=31 MB) - (Type=04) LastRegBack: 2013-07-16 02:29 ==================== End Of Log ============================ |
20.07.2013, 10:18 | #4 |
/// the machine /// TB-Ausbilder | Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Hi, warum lässt du FRST aus der Recovery laufen, der Rechner bootet doch normal? Bitte vom Desktop aus laufen lassen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
20.07.2013, 10:24 | #5 |
| Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Weil es so in der verlinkten Anleitung stand ... Ich mach's nochmal, geht ja relativ schnell. |
20.07.2013, 10:52 | #6 |
/// the machine /// TB-Ausbilder | Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Ok
__________________ --> Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) |
20.07.2013, 18:27 | #7 |
| Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) So, hier jetzt das Ergebnis des FRST Scans nach normalem Start des Rechners. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-07-2013 Ran by <user> (administrator) on 20-07-2013 19:14:24 Running from E:\ Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\windows\system32\WLANExt.exe () C:\windows\system32\AsusService.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe () C:\ExpressGateUtil\VAWinService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotkeyService.exe () C:\ExpressGateUtil\VAWinAgent.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\SHE\SuperHybridEngine.exe (ASUS) C:\Program Files\ASUS\CapsHook\CapsHook.exe (AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe (ASUSTek Computer Inc.) C:\Program Files\Asus\APRP\aprp.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Panda Security) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Ask) C:\Program Files\Ask.com\Updater\Updater.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (syncables, LLC) C:\Program Files\syncables\syncables desktop\syncables.exe (Intel Corporation) C:\windows\system32\igfxsrvc.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (LaCie) C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe (Sun Microsystems, Inc.) C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Microsoft Corporation) \\?\C:\windows\system32\wbem\WMIADAP.EXE ==================== Registry (Whitelisted) ================== HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.) HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.) HKU\Default User\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.) HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.) ductor) HKLM\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-03-23] () HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-04-21] (ASUSTek Computer Inc.) HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme) HKLM\...\Run: [Panda Security URL Filtering] - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [217256 2012-03-19] (Panda Security) HKLM\...\Run: [PSUAMain] - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37152 2012-07-13] (Panda Security, S.L.) HKLM\...\Run: [] - [x] HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKCU\...\Run: [Syncables] - C:\Program Files\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk ShortcutTarget: Wuala.lnk -> C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe (LaCie) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox SearchScopes: HKCU - {BB4AD99B-51CA-46A7-9BB3-AD5F7680E89D} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=4EB513DA-586A-4A91-AAA6-031BE75693A8&apn_sauid=4374B2D2-D1D9-43DB-9668-01F1287A8AD6 BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default FF user.js: detected! => C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default\user.js FF Homepage: google.de FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml FF Extension: Ask Toolbar - C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default\Extensions\toolbar@ask.com FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} ========================== Services (Whitelisted) ================= R2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-04] () S2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140064 2012-07-13] (Panda Security, S.L.) R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [36640 2012-07-13] (Panda Security, S.L.) R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] () ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-28] () R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] () R3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2010-05-21] (Broadcom Corporation.) R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation) R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( ) R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [82472 2012-06-27] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [120744 2012-06-27] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [122664 2012-06-27] (Panda Security, S.L.) R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [28712 2012-06-27] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [93992 2012-06-27] (Panda Security, S.L.) S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [60968 2012-06-27] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [104104 2012-06-27] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [286376 2012-06-27] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [153000 2012-06-27] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [106536 2012-06-27] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [206632 2012-07-12] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [92840 2012-06-27] (Panda Security, S.L.) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [148520 2012-07-13] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [103464 2012-07-13] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [174632 2012-07-13] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114216 2012-07-13] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [120872 2012-07-13] (Panda Security, S.L.) S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2030-01-01 13:50 - 2010-11-20 14:40 - 00383786 __RSH C:\bootmgr 2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST 2013-07-19 17:08 - 2013-07-19 17:08 - 00004800 _____ C:\Users\<user>\Desktop\gmer.txt 2013-07-19 14:03 - 2013-07-19 14:03 - 00049474 _____ C:\Users\<user>\Desktop\Extras.Txt 2013-07-19 14:01 - 2013-07-19 14:01 - 00060882 _____ C:\Users\<user>\Desktop\OTL.Txt 2013-07-19 13:34 - 2013-07-19 13:00 - 00377856 _____ C:\Users\<user>\Desktop\gmer_2.1.19163.exe 2013-07-19 13:34 - 2013-07-19 12:59 - 00602112 _____ (OldTimer Tools) C:\Users\<user>\Desktop\OTL.exe 2013-07-16 19:11 - 2013-07-16 19:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Xafezye 2013-07-16 19:11 - 2013-07-16 19:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Pywe 2013-07-16 19:10 - 2013-07-19 13:06 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Viyh 2013-07-16 19:10 - 2013-07-19 09:09 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Ifu 2013-07-16 15:38 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-07-16 15:38 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-07-16 15:38 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-07-16 15:38 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-07-16 15:38 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-07-16 15:38 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-07-16 15:38 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-07-16 15:38 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-07-16 15:37 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-07-16 15:37 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-07-16 15:37 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-07-16 15:37 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-07-16 15:37 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-07-16 15:37 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-07-16 15:37 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-07-16 15:37 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-07-16 08:44 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-07-16 08:44 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2013-07-16 08:44 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2013-07-16 08:44 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll ==================== One Month Modified Files and Folders ======= 2030-01-01 13:50 - 2009-07-14 06:57 - 00029696 ___SH C:\windows\system32\config\BCD-Template.LOG 2030-01-01 13:50 - 2009-07-14 06:52 - 00032768 _____ C:\windows\system32\config\BCD-Template 2013-07-20 19:13 - 2012-10-05 21:39 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-07-20 19:12 - 2012-06-02 01:42 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering 2013-07-20 11:29 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-07-20 11:29 - 2009-07-14 06:39 - 00088844 _____ C:\windows\setupact.log 2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST 2013-07-19 22:11 - 2012-03-18 02:59 - 01642610 _____ C:\windows\WindowsUpdate.log 2013-07-19 22:11 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-19 22:11 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-19 21:41 - 2009-07-27 12:11 - 01530778 _____ C:\windows\system32\PerfStringBackup.INI 2013-07-19 17:08 - 2013-07-19 17:08 - 00004800 _____ C:\Users\<user>\Desktop\gmer.txt 2013-07-19 17:08 - 2012-03-17 12:44 - 00000000 ___RD C:\Users\<user>\Desktop 2013-07-19 15:24 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET 2013-07-19 14:03 - 2013-07-19 14:03 - 00049474 _____ C:\Users\<user>\Desktop\Extras.Txt 2013-07-19 14:01 - 2013-07-19 14:01 - 00060882 _____ C:\Users\<user>\Desktop\OTL.Txt 2013-07-19 13:06 - 2013-07-16 19:10 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Viyh 2013-07-19 13:05 - 2012-03-17 12:44 - 00000000 ____D C:\Users\<user> 2013-07-19 13:05 - 2009-07-14 06:53 - 00001134 ____N C:\windows\Tasks\SCHEDLGU.TXT 2013-07-19 13:00 - 2013-07-19 13:34 - 00377856 _____ C:\Users\<user>\Desktop\gmer_2.1.19163.exe 2013-07-19 12:59 - 2013-07-19 13:34 - 00602112 _____ (OldTimer Tools) C:\Users\<user>\Desktop\OTL.exe 2013-07-19 09:09 - 2013-07-16 19:10 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Ifu 2013-07-19 09:01 - 2012-08-20 16:55 - 00000000 ____D C:\Users\<user>\Documents\<user> 2013-07-16 19:11 - 2013-07-16 19:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Xafezye 2013-07-16 19:11 - 2013-07-16 19:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Pywe 2013-07-16 18:59 - 2009-07-14 06:33 - 00315344 _____ C:\windows\system32\FNTCACHE.DAT 2013-07-16 18:57 - 2011-04-21 03:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-16 18:57 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-16 15:33 - 2012-07-16 11:40 - 75699896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-07-16 15:24 - 2012-03-26 19:27 - 00000000 ____D C:\Users\<user>\AppData\Roaming\SoftGrid Client 2013-07-16 09:53 - 2012-08-20 17:15 - 00000000 ____D C:\Users\<user>\Documents\Kram Files to move or delete: ==================== C:\ProgramData\FullRemove.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-16 12:29 ==================== End Of Log ============================ --- --- --- --- --- --- |
20.07.2013, 20:11 | #8 | |
/// the machine /// TB-Ausbilder | Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Und wenn Du unsere Tools jetzt noch vom Desktop ausführst ist alles in Butter Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
20.07.2013, 23:20 | #9 |
| Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Ooops ... Ich weiß nicht, ob's von Bedeutung ist, aber hier dann nochmal das FRST Logfile, ausgeführt vom Desktop: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-07-2013 Ran by <user> (administrator) on 20-07-2013 23:03:30 Running from C:\Users\<user>\Desktop Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\windows\system32\WLANExt.exe () C:\windows\system32\AsusService.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe () C:\ExpressGateUtil\VAWinService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotkeyService.exe () C:\ExpressGateUtil\VAWinAgent.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\SHE\SuperHybridEngine.exe (AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe (ASUSTek Computer Inc.) C:\Program Files\Asus\APRP\aprp.exe (ASUS) C:\Program Files\ASUS\CapsHook\CapsHook.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\windows\system32\igfxsrvc.exe (Panda Security) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Ask) C:\Program Files\Ask.com\Updater\Updater.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (syncables, LLC) C:\Program Files\syncables\syncables desktop\syncables.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (LaCie) C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe (Sun Microsystems, Inc.) C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe ==================== Registry (Whitelisted) ================== HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.) HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.) HKU\Default User\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.) HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.) ductor) HKLM\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-03-23] () HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-04-21] (ASUSTek Computer Inc.) HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme) HKLM\...\Run: [Panda Security URL Filtering] - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [217256 2012-03-19] (Panda Security) HKLM\...\Run: [PSUAMain] - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37152 2012-07-13] (Panda Security, S.L.) HKLM\...\Run: [] - [x] HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKCU\...\Run: [Syncables] - C:\Program Files\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk ShortcutTarget: Wuala.lnk -> C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe (LaCie) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox SearchScopes: HKCU - {BB4AD99B-51CA-46A7-9BB3-AD5F7680E89D} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=4EB513DA-586A-4A91-AAA6-031BE75693A8&apn_sauid=4374B2D2-D1D9-43DB-9668-01F1287A8AD6 BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default FF user.js: detected! => C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default\user.js FF Homepage: google.de FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml FF Extension: Ask Toolbar - C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default\Extensions\toolbar@ask.com FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} ========================== Services (Whitelisted) ================= R2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-04] () R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140064 2012-07-13] (Panda Security, S.L.) R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [36640 2012-07-13] (Panda Security, S.L.) R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] () ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-28] () R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] () R3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2010-05-21] (Broadcom Corporation.) R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation) R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( ) R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [82472 2012-06-27] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [120744 2012-06-27] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [122664 2012-06-27] (Panda Security, S.L.) S1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [28712 2012-06-27] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [93992 2012-06-27] (Panda Security, S.L.) S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [60968 2012-06-27] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [104104 2012-06-27] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [286376 2012-06-27] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [153000 2012-06-27] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [106536 2012-06-27] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [206632 2012-07-12] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [92840 2012-06-27] (Panda Security, S.L.) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [148520 2012-07-13] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [103464 2012-07-13] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [174632 2012-07-13] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114216 2012-07-13] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [120872 2012-07-13] (Panda Security, S.L.) U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [46280 2011-03-10] (Panda Security) S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2030-01-01 13:50 - 2010-11-20 14:40 - 00383786 __RSH C:\bootmgr 2013-07-20 23:01 - 2011-03-10 18:04 - 00046280 _____ (Panda Security) C:\windows\system32\Drivers\PSKMAD.sys 2013-07-20 22:55 - 2013-07-20 22:45 - 05093416 _____ (Swearware) C:\Users\<user>\Desktop\ComboFix.exe 2013-07-20 22:55 - 2013-07-19 21:37 - 01219758 _____ (Farbar) C:\Users\<user>\Desktop\FRST.exe 2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST 2013-07-19 17:08 - 2013-07-19 17:08 - 00004800 _____ C:\Users\<user>\Desktop\gmer.txt 2013-07-19 14:03 - 2013-07-19 14:03 - 00049474 _____ C:\Users\<user>\Desktop\Extras.Txt 2013-07-19 14:01 - 2013-07-19 14:01 - 00060882 _____ C:\Users\<user>\Desktop\OTL.Txt 2013-07-16 19:11 - 2013-07-16 19:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Xafezye 2013-07-16 19:11 - 2013-07-16 19:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Pywe 2013-07-16 19:10 - 2013-07-19 13:06 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Viyh 2013-07-16 19:10 - 2013-07-19 09:09 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Ifu 2013-07-16 15:38 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-07-16 15:38 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-07-16 15:38 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-07-16 15:38 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-07-16 15:38 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-07-16 15:38 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-07-16 15:38 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-07-16 15:38 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-07-16 15:37 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-07-16 15:37 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-07-16 15:37 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-07-16 15:37 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-07-16 15:37 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-07-16 15:37 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-07-16 15:37 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-07-16 15:37 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-07-16 08:44 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-07-16 08:44 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2013-07-16 08:44 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2013-07-16 08:44 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll ==================== One Month Modified Files and Folders ======= 2030-01-01 13:50 - 2009-07-14 06:57 - 00029696 ___SH C:\windows\system32\config\BCD-Template.LOG 2030-01-01 13:50 - 2009-07-14 06:52 - 00032768 _____ C:\windows\system32\config\BCD-Template 2013-07-20 23:01 - 2012-06-02 01:42 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering 2013-07-20 23:01 - 2012-03-17 12:44 - 00000000 ___RD C:\Users\<user>\Desktop 2013-07-20 23:00 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-07-20 23:00 - 2009-07-14 06:39 - 00088956 _____ C:\windows\setupact.log 2013-07-20 22:59 - 2012-03-18 02:59 - 01650723 _____ C:\windows\WindowsUpdate.log 2013-07-20 22:59 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-20 22:59 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-20 22:53 - 2012-10-05 21:39 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-07-20 22:45 - 2013-07-20 22:55 - 05093416 _____ (Swearware) C:\Users\<user>\Desktop\ComboFix.exe 2013-07-20 19:16 - 2009-07-27 12:11 - 01530778 _____ C:\windows\system32\PerfStringBackup.INI 2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST 2013-07-19 21:37 - 2013-07-20 22:55 - 01219758 _____ (Farbar) C:\Users\<user>\Desktop\FRST.exe 2013-07-19 17:08 - 2013-07-19 17:08 - 00004800 _____ C:\Users\<user>\Desktop\gmer.txt 2013-07-19 15:24 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET 2013-07-19 14:03 - 2013-07-19 14:03 - 00049474 _____ C:\Users\<user>\Desktop\Extras.Txt 2013-07-19 14:01 - 2013-07-19 14:01 - 00060882 _____ C:\Users\<user>\Desktop\OTL.Txt 2013-07-19 13:06 - 2013-07-16 19:10 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Viyh 2013-07-19 13:05 - 2012-03-17 12:44 - 00000000 ____D C:\Users\<user> 2013-07-19 13:05 - 2009-07-14 06:53 - 00001638 ____N C:\windows\Tasks\SCHEDLGU.TXT 2013-07-19 09:09 - 2013-07-16 19:10 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Ifu 2013-07-19 09:01 - 2012-08-20 16:55 - 00000000 ____D C:\Users\<user>\Documents\<user> 2013-07-16 19:11 - 2013-07-16 19:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Xafezye 2013-07-16 19:11 - 2013-07-16 19:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Pywe 2013-07-16 18:59 - 2009-07-14 06:33 - 00315344 _____ C:\windows\system32\FNTCACHE.DAT 2013-07-16 18:57 - 2011-04-21 03:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-16 18:57 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-16 15:33 - 2012-07-16 11:40 - 75699896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-07-16 15:24 - 2012-03-26 19:27 - 00000000 ____D C:\Users\<user>\AppData\Roaming\SoftGrid Client 2013-07-16 09:53 - 2012-08-20 17:15 - 00000000 ____D C:\Users\<user>\Documents\Kram Files to move or delete: ==================== C:\ProgramData\FullRemove.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-16 12:29 ==================== End Of Log ============================ --- --- --- Und dann (ebenfalls ausgeführt vom Desktop ... die Lernkuve steigt! ) das Logfile von ComboFix: Combofix Logfile: Code:
ATTFilter ComboFix 13-07-20.03 - <user> 20.07.2013 23:22:41.1.4 - x86 Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.2038.988 [GMT 2:00] ausgeführt von:: c:\users\<user>\Desktop\ComboFix.exe AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C} FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117} SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\FullRemove.exe c:\users\<user>\AppData\Roaming\Pywe c:\users\<user>\AppData\Roaming\Pywe\dyogca.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-06-20 bis 2013-07-20 )))))))))))))))))))))))))))))) . . 2030-01-01 11:50 . 2030-01-01 11:50 -------- d-----w- C:\Boot 2013-07-20 21:45 . 2013-07-20 21:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-20 21:07 . 2011-03-10 16:04 46280 ----a-w- c:\windows\system32\drivers\PSKMAD.sys 2013-07-20 06:21 . 2013-07-20 06:21 -------- d-----w- C:\FRST 2013-07-16 17:11 . 2013-07-16 17:11 -------- d-----w- c:\users\<user>\AppData\Roaming\Xafezye 2013-07-16 17:10 . 2013-07-19 11:06 -------- d-----w- c:\users\<user>\AppData\Roaming\Viyh 2013-07-16 17:10 . 2013-07-19 07:09 -------- d-----w- c:\users\<user>\AppData\Roaming\Ifu 2013-07-16 13:38 . 2013-06-07 02:37 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-07-16 13:38 . 2013-06-11 23:43 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2013-07-16 13:38 . 2013-06-11 23:43 2877440 ----a-w- c:\windows\system32\jscript9.dll 2013-07-16 13:38 . 2013-06-11 23:43 108032 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll 2013-07-16 13:38 . 2013-06-11 23:42 61440 ----a-w- c:\windows\system32\iesetup.dll 2013-07-16 13:38 . 2013-06-11 23:42 257536 ----a-w- c:\program files\Internet Explorer\ieproxy.dll 2013-07-16 13:38 . 2013-06-11 23:42 235520 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2013-07-16 13:37 . 2013-06-11 23:42 109056 ----a-w- c:\windows\system32\iesysprep.dll 2013-07-16 13:37 . 2013-06-11 22:51 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-07-16 13:37 . 2013-06-11 23:43 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-07-16 13:37 . 2013-06-12 00:23 770648 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2013-07-16 13:37 . 2013-06-11 23:43 1767936 ----a-w- c:\windows\system32\wininet.dll 2013-07-16 06:44 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll 2013-07-16 06:44 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-16 06:44 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll 2013-07-16 06:44 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-07-16 06:43 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-16 06:43 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2013-07-16 06:43 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll 2013-07-16 06:43 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-12 13:13 . 2012-10-05 19:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-12 13:13 . 2012-10-05 19:39 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-14 19:10 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-13 04:45 . 2013-06-12 19:58 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 04:45 . 2013-06-12 19:58 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 04:45 . 2013-06-12 19:58 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 03:08 . 2013-06-12 19:58 903168 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-12 19:58 43008 ----a-w- c:\windows\system32\certenc.dll 2013-05-12 14:44 . 2013-05-12 14:44 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-05-12 14:44 . 2013-05-12 14:44 185344 ----a-w- c:\windows\system32\elshyph.dll 2013-05-12 14:44 . 2013-05-12 14:44 158720 ----a-w- c:\windows\system32\msls31.dll 2013-05-12 14:44 . 2013-05-12 14:44 150528 ----a-w- c:\windows\system32\iexpress.exe 2013-05-12 14:44 . 2013-05-12 14:44 138752 ----a-w- c:\windows\system32\wextract.exe 2013-05-12 14:44 . 2013-05-12 14:44 523264 ----a-w- c:\windows\system32\vbscript.dll 2013-05-12 14:44 . 2013-05-12 14:44 137216 ----a-w- c:\windows\system32\ieUnatt.exe 2013-05-12 14:44 . 2013-05-12 14:44 38400 ----a-w- c:\windows\system32\imgutil.dll 2013-05-12 14:44 . 2013-05-12 14:44 12800 ----a-w- c:\windows\system32\mshta.exe 2013-05-12 14:44 . 2013-05-12 14:44 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-05-12 14:44 . 2013-05-12 14:44 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-05-12 14:44 . 2013-05-12 14:44 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-05-12 14:44 . 2013-05-12 14:44 61952 ----a-w- c:\windows\system32\tdc.ocx 2013-05-12 14:44 . 2013-05-12 14:44 361984 ----a-w- c:\windows\system32\html.iec 2013-05-12 14:44 . 2013-05-12 14:44 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-05-12 14:44 . 2013-05-12 14:44 23040 ----a-w- c:\windows\system32\licmgr10.dll 2013-05-12 14:44 . 2013-05-12 14:44 1441280 ----a-w- c:\windows\system32\inetcpl.cpl 2013-05-10 03:20 . 2013-06-12 19:59 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-08 05:38 . 2013-06-12 19:57 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-06 05:06 . 2013-06-12 19:58 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-06 05:06 . 2013-06-12 19:58 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-04-26 04:55 . 2013-06-12 19:59 492544 ----a-w- c:\windows\system32\win32spl.dll 2013-04-25 23:30 . 2013-06-12 19:59 1505280 ----a-w- c:\windows\system32\d3d11.dll 2012-07-14 00:15 . 2012-07-23 21:10 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}] 2012-03-15 21:02 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2012-03-15 86696] . [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-05-02 12:10 1688576 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-05-02 12:10 1688576 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-05-02 12:10 1688576 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2012-05-02 12:10 1688576 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay] @="{9F26BD00-946A-4855-AA63-E319DF22B493}" [HKEY_CLASSES_ROOT\CLSID\{9F26BD00-946A-4855-AA63-E319DF22B493}] 2012-04-09 14:27 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}" [HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{618A47A2-528B-4D9A-AFC8-97D3233511E2}" [HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}" [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}] 2012-04-09 14:27 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Syncables"="c:\program files\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-04-13 548744] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "HotkeyMon"="AsusSender.exe" [2011-03-11 34728] "HotkeyService"="AsusSender.exe" [2011-03-11 34728] "SuperHybridEngine"="AsusSender.exe" [2011-03-11 34728] "LiveUpdate"="AsusSender.exe" [2011-03-11 34728] "CapsHook"="AsusSender.exe" [2011-03-11 34728] "Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2011-01-06 414384] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-08-24 9722472] "VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-03-23 45448] "ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2011-04-21 2018032] "ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-19 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-19 174360] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-19 150808] "Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256] "PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X] "panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X] . c:\users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Wuala.lnk - c:\users\<user>\AppData\Roaming\Wuala\Wuala.exe -silent [2012-5-4 453552] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-5-21 828704] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [2012-06-27 28712] R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-22 81704] R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2012-06-27 60968] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-08-03 11832] S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-04-09 299024] S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2012-06-27 82472] S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2012-06-27 120744] S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2012-06-27 122664] S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2012-06-27 93992] S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2012-06-27 104104] S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2012-06-27 286376] S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2012-06-27 153000] S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2012-06-27 106536] S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2012-07-12 206632] S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2012-06-27 92840] S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2012-07-13 174632] S2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2011-03-03 224680] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-07-13 140064] S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-07-13 148520] S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2012-07-13 103464] S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2012-07-13 114216] S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2012-07-13 120872] S2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-07-13 36640] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-01-12 91464] S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-05-21 293928] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-05-21 33320] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 109960] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-09-27 68208] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10 -01 219496] . . --- Andere Dienste/Treiber im Speicher --- . *Deregistered* - PSKMAD . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc . Inhalt des "geplante Tasks" Ordners . 2013-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-05 13:13] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default\ FF - prefs.js: browser.startup.homepage - google.de FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-07-21 00:01:18 ComboFix-quarantined-files.txt 2013-07-20 22:01 . Vor Suchlauf: 9 Verzeichnis(se), 75.240.558.592 Bytes frei Nach Suchlauf: 14 Verzeichnis(se), 76.397.649.920 Bytes frei . - - End Of File - - A37759171B669A2D03CE3B42EA628D38 A36C5E4F47E84449FF07ED3517B43A31 |
21.07.2013, 14:49 | #10 |
/// the machine /// TB-Ausbilder | Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Supi Combofix-Skript
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
21.07.2013, 21:53 | #11 |
| Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) ComboFix: Code:
ATTFilter Combofix Logfile: dann AdwCleaner: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 21/07/2013 um 22:21:28 erstellt # Aktualisiert am 19/07/2013 von Xplode # Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits) # Benutzer : <user> - PORTABLE-IK # Bootmodus : Normal # Ausgeführt unter : C:\Users\<user>\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Program Files\Ask.com Ordner Gelöscht : C:\ProgramData\Ask Ordner Gelöscht : C:\Users\<user>\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default\extensions\toolbar@ask.com Ordner Gelöscht : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\APN Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\Ask.com Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKLM\Software\APN Schlüssel Gelöscht : HKLM\Software\AskToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\0CFE535C35F99574E8340BFA75BF92C2 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\0E12F736682067FDE4D1158D5940A82E Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\120DFADEB50841F408F04D2A278F9509 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\261F213D1F55267499B1F87D0CC3BCF7 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\2B0D56C4F4C46D844A57FFED6F0D2852 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\2BDF3E992C0908741B7C11F4B4E0F775 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\49D4375FE41653242AEA4C969E4E65E0 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\6AA0923513360135B272E8289C5F13FA Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\6B3BC4CF5ECE1F54BBA174C13A1AB907 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\6F7467AF8F29C134CBBAB394ECCFDE96 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\741B4ADF27276464790022C965AB6DA8 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\7DE196B10195F5647A2B21B761F3DE01 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\922525DCC5199162F8935747CA3D8E59 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\9D4F5849367142E4685ED8C25E44C5ED Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\A5875B04372C19545BEB90D4D606C472 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\A876D9E80B896EC44A8620248CC79296 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\B5BAE2ED018083A4C8DA86D6E3F4B024 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\B66FFAB725B92594C986DE826A867888 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\BCDA179D619B91648538E3394CAC94CC Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\BEABAA33A5E68374DBF197F2A00CD011 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\CB61AF52AD64B6B45930BE969F316720 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\D677B1A9671D4D4004F6F2A4469E86EA Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\DD1402A9DD4215A43ABDE169A41AFA0E Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\E36E114A0EAD2AD46B381D23AD69CDDF Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Components\EF8E618DB3AEDFBB384561B5C548F65E Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18 \Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v14.0.1 (en-GB) Datei : C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default\prefs.js C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default\user.js ... Gelöscht ! Gelöscht : user_pref("browser.search.defaultengine", "Ask.com"); Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com"); Gelöscht : user_pref("browser.search.order.1", "Ask.com"); Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", ""); ************************* AdwCleaner[S1].txt - [7128 octets] - [21/07/2013 22:21:28] ########## EOF - C:\AdwCleaner[S1].txt - [7188 octets] ########## [/CODE] dann JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.1.9 (07.20.2013:3) OS: Windows 7 Starter x86 Ran by <user> on 21.07.2013 at 22:27:42,92 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB4AD99B-51CA-46A7-9BB3- AD5F7680E89D} ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\<user>\AppData\Roaming\mozilla\firefox\profiles\tmpnzboc.default\minidumps [10 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 21.07.2013 at 22:34:46,70 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ und zum Abschluss noch ein FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-07-2013 Ran by <user> (administrator) on 21-07-2013 22:38:05 Running from C:\Users\<user>\Desktop Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\windows\system32\WLANExt.exe () C:\windows\system32\AsusService.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe () C:\ExpressGateUtil\VAWinService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\SHE\SuperHybridEngine.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe () C:\ExpressGateUtil\VAWinAgent.exe (AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe (ASUS) C:\Program Files\ASUS\CapsHook\CapsHook.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Panda Security) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (syncables, LLC) C:\Program Files\syncables\syncables desktop\syncables.exe (Intel Corporation) C:\windows\system32\igfxsrvc.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (LaCie) C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe (Sun Microsystems, Inc.) C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe ==================== Registry (Whitelisted) ================== HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.) HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.) HKU\Default User\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.) HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.) M\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-04-21] (ASUSTek Computer Inc.) HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme) HKLM\...\Run: [Panda Security URL Filtering] - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [217256 2012-03- 19] (Panda Security) HKLM\...\Run: [PSUAMain] - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37152 2012-07-13] (Panda Security, S.L.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKCU\...\Run: [Syncables] - C:\Program Files\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk ShortcutTarget: Wuala.lnk -> C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe (LaCie) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe" SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms} &form=ASUTDF&pc=NP07&src=IE-SearchBox SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms} &form=ASUTDF&pc=NP07&src=IE-SearchBox BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default FF Homepage: google.de FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} ========================== Services (Whitelisted) ================= R2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-04] () R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140064 2012-07-13] (Panda Security, S.L.) R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [36640 2012-07-13] (Panda Security, S.L.) R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] () ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-28] () R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] () R3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2010-05-21] (Broadcom Corporation.) R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation) R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( ) R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [82472 2012-06-27] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [120744 2012-06-27] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [122664 2012-06-27] (Panda Security, S.L.) S1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [28712 2012-06-27] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [93992 2012-06-27] (Panda Security, S.L.) S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [60968 2012-06-27] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [104104 2012-06-27] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [286376 2012-06-27] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [153000 2012-06-27] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [106536 2012-06-27] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [206632 2012-07-12] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [92840 2012-06-27] (Panda Security, S.L.) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [148520 2012-07-13] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [103464 2012-07-13] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [174632 2012-07-13] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114216 2012-07-13] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [120872 2012-07-13] (Panda Security, S.L.) R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [46280 2011-03-10] (Panda Security) S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink) S3 catchme; \??\C:\Users\<user>~1\AppData\Local\Temp\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2030-01-01 13:50 - 2010-11-20 14:40 - 00383786 __RSH C:\bootmgr 2013-07-21 22:34 - 2013-07-21 22:34 - 00001037 _____ C:\Users\<user>\Desktop\JRT.txt 2013-07-21 22:27 - 2013-07-21 22:27 - 00000000 ____D C:\windows\ERUNT 2013-07-21 22:25 - 2011-03-10 18:04 - 00046280 _____ (Panda Security) C:\windows\system32\Drivers\PSKMAD.sys 2013-07-21 22:21 - 2013-07-21 22:22 - 00007257 _____ C:\AdwCleaner[S1].txt 2013-07-21 21:44 - 2013-07-21 17:33 - 00666633 _____ C:\Users\<user>\Desktop\adwcleaner.exe 2013-07-21 21:44 - 2013-07-21 17:33 - 00559550 _____ (Oleg N. Scherbakov) C:\Users\<user>\Desktop\JRT.exe 2013-07-21 21:42 - 2013-07-21 17:30 - 05093416 ____R (Swearware) C:\Users\<user>\Desktop\ComboFix.exe 2013-07-20 23:16 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe 2013-07-20 23:16 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe 2013-07-20 23:16 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2013-07-20 23:16 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2013-07-20 23:16 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2013-07-20 23:16 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe 2013-07-20 23:16 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe 2013-07-20 23:16 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe 2013-07-20 23:15 - 2013-07-21 22:15 - 00000000 ____D C:\Qoobox 2013-07-20 23:15 - 2013-07-20 23:57 - 00000000 ____D C:\windows\erdnt 2013-07-20 22:55 - 2013-07-19 21:37 - 01219758 _____ (Farbar) C:\Users\<user>\Desktop\FRST.exe 2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST 2013-07-16 15:38 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-07-16 15:38 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-07-16 15:38 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-07-16 15:38 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-07-16 15:38 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-07-16 15:38 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-07-16 15:38 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-07-16 15:38 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-07-16 15:37 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-07-16 15:37 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-07-16 15:37 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-07-16 15:37 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-07-16 15:37 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-07-16 15:37 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-07-16 15:37 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-07-16 15:37 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-07-16 08:44 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-07-16 08:44 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2013-07-16 08:44 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2013-07-16 08:44 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll ==================== One Month Modified Files and Folders ======= 2030-01-01 13:50 - 2009-07-14 06:57 - 00029696 ___SH C:\windows\system32\config\BCD-Template.LOG 2030-01-01 13:50 - 2009-07-14 06:52 - 00032768 _____ C:\windows\system32\config\BCD-Template 2013-07-21 22:34 - 2013-07-21 22:34 - 00001037 _____ C:\Users\<user>\Desktop\JRT.txt 2013-07-21 22:34 - 2012-03-17 12:44 - 00000000 ___RD C:\Users\<user>\Desktop 2013-07-21 22:34 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289- 439d-8115-601632D005A0 2013-07-21 22:34 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289- 439d-8115-601632D005A0 2013-07-21 22:31 - 2009-07-27 12:11 - 01530778 _____ C:\windows\system32\PerfStringBackup.INI 2013-07-21 22:27 - 2013-07-21 22:27 - 00000000 ____D C:\windows\ERUNT 2013-07-21 22:24 - 2012-10-05 21:39 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-07-21 22:24 - 2012-06-02 01:42 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering 2013-07-21 22:24 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-07-21 22:24 - 2009-07-14 06:39 - 00089124 _____ C:\windows\setupact.log 2013-07-21 22:23 - 2012-03-18 02:59 - 01681141 _____ C:\windows\WindowsUpdate.log 2013-07-21 22:23 - 2011-04-21 02:32 - 00124998 _____ C:\windows\PFRO.log 2013-07-21 22:22 - 2013-07-21 22:21 - 00007257 _____ C:\AdwCleaner[S1].txt 2013-07-21 22:15 - 2013-07-20 23:15 - 00000000 ____D C:\Qoobox 2013-07-21 22:10 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini 2013-07-21 17:33 - 2013-07-21 21:44 - 00666633 _____ C:\Users\<user>\Desktop\adwcleaner.exe 2013-07-21 17:33 - 2013-07-21 21:44 - 00559550 _____ (Oleg N. Scherbakov) C:\Users\<user>\Desktop\JRT.exe 2013-07-21 17:30 - 2013-07-21 21:42 - 05093416 ____R (Swearware) C:\Users\<user>\Desktop\ComboFix.exe 2013-07-21 00:01 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public 2013-07-20 23:57 - 2013-07-20 23:15 - 00000000 ____D C:\windows\erdnt 2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST 2013-07-19 21:37 - 2013-07-20 22:55 - 01219758 _____ (Farbar) C:\Users\<user>\Desktop\FRST.exe 2013-07-19 15:24 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET 2013-07-19 13:05 - 2012-03-17 12:44 - 00000000 ____D C:\Users\<user> 2013-07-19 13:05 - 2009-07-14 06:53 - 00002394 ____N C:\windows\Tasks\SCHEDLGU.TXT 2013-07-19 09:01 - 2012-08-20 16:55 - 00000000 ____D C:\Users\<user>\Documents\<user> 2013-07-16 18:59 - 2009-07-14 06:33 - 00315344 _____ C:\windows\system32\FNTCACHE.DAT 2013-07-16 18:57 - 2011-04-21 03:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-16 18:57 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-16 15:33 - 2012-07-16 11:40 - 75699896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-07-16 15:24 - 2012-03-26 19:27 - 00000000 ____D C:\Users\<user>\AppData\Roaming\SoftGrid Client 2013-07-16 09:53 - 2012-08-20 17:15 - 00000000 ____D C:\Users\<user>\Documents\Kram ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-16 12:29 ==================== End Of Log ============================ ... jetzt bin ich ja gespannt ... |
22.07.2013, 08:31 | #12 |
/// the machine /// TB-Ausbilder | Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Onlinescan und wir sind durch ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
22.07.2013, 12:52 | #13 |
| Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Ganz am Ende habe ich noch eine Frage gepostet. EST Scanner war fündig: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=1 esets_scanner_update returned -1 esets_gle=1 esets_scanner_update returned -1 esets_gle=1 ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=1 ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=133421a324d19e4caf945a1fb07b9187 # engine=14466 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-07-22 10:11:21 # local_time=2013-07-22 12:11:21 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1791 16777215 0 0 0 0 0 0 # compatibility_mode=5893 16776574 100 94 494027 126119072 0 0 # scanned=194457 # found=1 # cleaned=0 # scan_time=6374 sh=19925B1515BBA6EAFB9A557D09DCC37A1A2B88AB ft=1 fh=7a5a338cc62a7e85 vn="Win32/Spy.Zbot.ZR trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Ilka Kock\AppData\Roaming\Pywe\dyogca.exe.vir" Code:
ATTFilter Results of screen317's Security Check version 0.99.70 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Panda Cloud Antivirus WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Toolbar Cleaner 1.0 Java 7 Update 21 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 14.0.1 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Panda Security Panda Cloud Antivirus PSANHost.exe Panda Security Panda Cloud Antivirus PSUAService.exe Panda Security Panda Cloud Antivirus PSUAMain.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-07-2013 Ran by <user> (administrator) on 22-07-2013 12:55:36 Running from C:\Users\<user>\Desktop Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\windows\system32\WLANExt.exe () C:\windows\system32\AsusService.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe () C:\ExpressGateUtil\VAWinService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotkeyService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\SHE\SuperHybridEngine.exe () C:\ExpressGateUtil\VAWinAgent.exe (ASUS) C:\Program Files\ASUS\CapsHook\CapsHook.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\windows\system32\igfxsrvc.exe (Panda Security) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (syncables, LLC) C:\Program Files\syncables\syncables desktop\syncables.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (LaCie) C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe (Sun Microsystems, Inc.) C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe ==================== Registry (Whitelisted) ================== HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.) HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.) HKU\Default User\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.) HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.) M\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-04-21] (ASUSTek Computer Inc.) HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme) HKLM\...\Run: [Panda Security URL Filtering] - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [217256 2012-03-19] (Panda Security) HKLM\...\Run: [PSUAMain] - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37152 2012-07-13] (Panda Security, S.L.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKCU\...\Run: [Syncables] - C:\Program Files\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk ShortcutTarget: Wuala.lnk -> C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe (LaCie) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe" SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default FF Homepage: google.de FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} ========================== Services (Whitelisted) ================= R2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-04] () R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140064 2012-07-13] (Panda Security, S.L.) R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [36640 2012-07-13] (Panda Security, S.L.) R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] () ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-28] () R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] () R3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2010-05-21] (Broadcom Corporation.) R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation) R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( ) R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [82472 2012-06-27] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [120744 2012-06-27] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [122664 2012-06-27] (Panda Security, S.L.) S1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [28712 2012-06-27] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [93992 2012-06-27] (Panda Security, S.L.) S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [60968 2012-06-27] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [104104 2012-06-27] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [286376 2012-06-27] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [153000 2012-06-27] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [106536 2012-06-27] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [206632 2012-07-12] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [92840 2012-06-27] (Panda Security, S.L.) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [148520 2012-07-13] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [103464 2012-07-13] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [174632 2012-07-13] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114216 2012-07-13] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [120872 2012-07-13] (Panda Security, S.L.) R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [46280 2011-03-10] (Panda Security) S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink) S3 catchme; \??\C:\Users\<user>~1\AppData\Local\Temp\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2030-01-01 13:50 - 2010-11-20 14:40 - 00383786 __RSH C:\bootmgr 2013-07-22 09:43 - 2013-07-22 09:43 - 00000000 ____D C:\Program Files\ESET 2013-07-22 09:43 - 2013-07-22 09:40 - 00891062 _____ C:\Users\<user>\Desktop\SecurityCheck.exe 2013-07-22 09:43 - 2013-07-22 09:39 - 02347384 _____ (ESET) C:\Users\<user>\Desktop\esetsmartinstaller_enu.exe 2013-07-22 09:42 - 2011-03-10 18:04 - 00046280 _____ (Panda Security) C:\windows\system32\Drivers\PSKMAD.sys 2013-07-21 22:27 - 2013-07-21 22:27 - 00000000 ____D C:\windows\ERUNT 2013-07-21 22:21 - 2013-07-21 22:22 - 00007257 _____ C:\AdwCleaner[S1].txt 2013-07-21 21:44 - 2013-07-21 17:33 - 00666633 _____ C:\Users\<user>\Desktop\adwcleaner.exe 2013-07-21 21:44 - 2013-07-21 17:33 - 00559550 _____ (Oleg N. Scherbakov) C:\Users\<user>\Desktop\JRT.exe 2013-07-21 21:42 - 2013-07-21 17:30 - 05093416 ____R (Swearware) C:\Users\<user>\Desktop\ComboFix.exe 2013-07-20 23:16 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe 2013-07-20 23:16 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe 2013-07-20 23:16 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2013-07-20 23:16 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2013-07-20 23:16 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2013-07-20 23:16 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe 2013-07-20 23:16 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe 2013-07-20 23:16 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe 2013-07-20 23:15 - 2013-07-21 22:15 - 00000000 ____D C:\Qoobox 2013-07-20 23:15 - 2013-07-20 23:57 - 00000000 ____D C:\windows\erdnt 2013-07-20 22:55 - 2013-07-19 21:37 - 01219758 _____ (Farbar) C:\Users\<user>\Desktop\FRST.exe 2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST 2013-07-16 15:38 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-07-16 15:38 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-07-16 15:38 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-07-16 15:38 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-07-16 15:38 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-07-16 15:38 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-07-16 15:38 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-07-16 15:38 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-07-16 15:37 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-07-16 15:37 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-07-16 15:37 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-07-16 15:37 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-07-16 15:37 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-07-16 15:37 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-07-16 15:37 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-07-16 15:37 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-07-16 08:44 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-07-16 08:44 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2013-07-16 08:44 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2013-07-16 08:44 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll ==================== One Month Modified Files and Folders ======= 2030-01-01 13:50 - 2009-07-14 06:57 - 00029696 ___SH C:\windows\system32\config\BCD-Template.LOG 2030-01-01 13:50 - 2009-07-14 06:52 - 00032768 _____ C:\windows\system32\config\BCD-Template 2013-07-22 12:38 - 2012-03-18 02:59 - 01705953 _____ C:\windows\WindowsUpdate.log 2013-07-22 12:13 - 2012-10-05 21:39 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-07-22 10:27 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-22 10:27 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-22 10:24 - 2009-07-27 12:11 - 01530778 _____ C:\windows\system32\PerfStringBackup.INI 2013-07-22 10:19 - 2012-06-02 01:42 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering 2013-07-22 10:18 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-07-22 10:18 - 2009-07-14 06:39 - 00089236 _____ C:\windows\setupact.log 2013-07-22 09:43 - 2013-07-22 09:43 - 00000000 ____D C:\Program Files\ESET 2013-07-22 09:43 - 2012-03-17 12:44 - 00000000 ___RD C:\Users\<user>\Desktop 2013-07-22 09:40 - 2013-07-22 09:43 - 00891062 _____ C:\Users\<user>\Desktop\SecurityCheck.exe 2013-07-22 09:39 - 2013-07-22 09:43 - 02347384 _____ (ESET) C:\Users\<user>\Desktop\esetsmartinstaller_enu.exe 2013-07-21 22:27 - 2013-07-21 22:27 - 00000000 ____D C:\windows\ERUNT 2013-07-21 22:23 - 2011-04-21 02:32 - 00124998 _____ C:\windows\PFRO.log 2013-07-21 22:22 - 2013-07-21 22:21 - 00007257 _____ C:\AdwCleaner[S1].txt 2013-07-21 22:15 - 2013-07-20 23:15 - 00000000 ____D C:\Qoobox 2013-07-21 22:10 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini 2013-07-21 17:33 - 2013-07-21 21:44 - 00666633 _____ C:\Users\<user>\Desktop\adwcleaner.exe 2013-07-21 17:33 - 2013-07-21 21:44 - 00559550 _____ (Oleg N. Scherbakov) C:\Users\<user>\Desktop\JRT.exe 2013-07-21 17:30 - 2013-07-21 21:42 - 05093416 ____R (Swearware) C:\Users\<user>\Desktop\ComboFix.exe 2013-07-21 00:01 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public 2013-07-20 23:57 - 2013-07-20 23:15 - 00000000 ____D C:\windows\erdnt 2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST 2013-07-19 21:37 - 2013-07-20 22:55 - 01219758 _____ (Farbar) C:\Users\<user>\Desktop\FRST.exe 2013-07-19 15:24 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET 2013-07-19 13:05 - 2012-03-17 12:44 - 00000000 ____D C:\Users\<user> 2013-07-19 13:05 - 2009-07-14 06:53 - 00002898 ____N C:\windows\Tasks\SCHEDLGU.TXT 2013-07-19 09:01 - 2012-08-20 16:55 - 00000000 ____D C:\Users\<user>\Documents\Ilka 2013-07-16 18:59 - 2009-07-14 06:33 - 00315344 _____ C:\windows\system32\FNTCACHE.DAT 2013-07-16 18:57 - 2011-04-21 03:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-16 18:57 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-16 15:33 - 2012-07-16 11:40 - 75699896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-07-16 15:24 - 2012-03-26 19:27 - 00000000 ____D C:\Users\<user>\AppData\Roaming\SoftGrid Client 2013-07-16 09:53 - 2012-08-20 17:15 - 00000000 ____D C:\Users\<user>\Documents\Kram ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-16 12:29 ==================== End Of Log ============================ Frage: Diese Zeile Code:
ATTFilter S3 catchme; \??\C:\Users\<user>~1\AppData\Local\Temp\catchme.sys [x] Wie ist das zu bewerten? |
22.07.2013, 14:02 | #14 |
/// the machine /// TB-Ausbilder | Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Java, Adobe und Firefox updaten. Catchme ist Teil eines Rootkitscanners unserer Tools. Also Entwarnung Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Startup: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk ShortcutTarget: Wuala.lnk -> C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe (LaCie) C:\Users\<user>\AppData\Roaming\Wuala Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Neues FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
22.07.2013, 15:29 | #15 |
| Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Danke für die Erklärung! Java, Adobe und Firefox habe ich upgedatet. Die Frage nach den Problemen: Wirklich Probleme machte der Rechner vorher auch nicht, außer der Trojanermeldung von Panda. Panda meckert jetzt jedenfalls nicht mehr (Ergebnis nach "optimiertem Scan")! Also aus der Sicht: Keine Probleme! Frage: Da es ja nur ein kleines, rel. leistungsschwaches Netbook ist, hatte ich mich für das (dem Vernehmen nach) ressourcenschonende Panda entschieden. Ich hatte mal Avira, das hat das System zienmlich ausgebremst. Würdest Du für meinen Fall eine andere AntivirenSoftware anstatt Panda empfehlen, die möglichst ressourcenschonend arbeitet? Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-07-2013 Ran by <user> at 2013-07-22 15:58:53 Run:1 Running from C:\Users\<user>\Desktop Boot Mode: Normal ============================================== C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk => Moved successfully. C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe => Moved successfully. C:\Users\<user>\AppData\Roaming\Wuala => Moved successfully. ==== End of Fixlog ==== Augenscheinlich ist es nach einem Neustart aus dem Autostart und damit aus der Taskleiste verschwunden. Es dient dazu, veränderte Dateien zu erkennen und mit einem Cloud-Dienst zu syncen. FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-07-2013 Ran by <user> (administrator) on 22-07-2013 16:00:00 Running from C:\Users\<user>\Desktop Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\windows\system32\WLANExt.exe () C:\windows\system32\AsusService.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe () C:\ExpressGateUtil\VAWinService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotkeyService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe (ASUSTeK Computer Inc.) C:\Program Files\ASUS\SHE\SuperHybridEngine.exe (ASUS) C:\Program Files\ASUS\CapsHook\CapsHook.exe () C:\ExpressGateUtil\VAWinAgent.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\windows\system32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Panda Security) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (syncables, LLC) C:\Program Files\syncables\syncables desktop\syncables.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Sun Microsystems, Inc.) C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Microsoft Corporation) C:\windows\system32\msiexec.exe ==================== Registry (Whitelisted) ================== HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.) HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.) HKU\Default User\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.) HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.) iles\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme) HKLM\...\Run: [Panda Security URL Filtering] - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [217256 2012-03-19] (Panda Security) HKLM\...\Run: [PSUAMain] - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37152 2012-07-13] (Panda Security, S.L.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKCU\...\Run: [Syncables] - C:\Program Files\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe" SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default FF Homepage: google.de FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========================== Services (Whitelisted) ================= R2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-04] () R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140064 2012-07-13] (Panda Security, S.L.) R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [36640 2012-07-13] (Panda Security, S.L.) R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] () ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-28] () R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] () R3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2010-05-21] (Broadcom Corporation.) R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation) R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( ) R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [82472 2012-06-27] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [120744 2012-06-27] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [122664 2012-06-27] (Panda Security, S.L.) S1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [28712 2012-06-27] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [93992 2012-06-27] (Panda Security, S.L.) S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [60968 2012-06-27] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [104104 2012-06-27] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [286376 2012-06-27] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [153000 2012-06-27] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [106536 2012-06-27] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [206632 2012-07-12] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [92840 2012-06-27] (Panda Security, S.L.) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [148520 2012-07-13] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [103464 2012-07-13] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [174632 2012-07-13] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114216 2012-07-13] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [120872 2012-07-13] (Panda Security, S.L.) U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [46280 2011-03-10] (Panda Security) S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink) S3 catchme; \??\C:\Users\<user>~1\AppData\Local\Temp\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2030-01-01 13:50 - 2010-11-20 14:40 - 00383786 __RSH C:\bootmgr 2013-07-22 15:51 - 2013-07-22 15:51 - 00001989 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-07-22 15:50 - 2013-07-22 15:51 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-07-22 15:38 - 2013-07-22 15:38 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll 2013-07-22 15:38 - 2013-07-22 15:37 - 00263592 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2013-07-22 15:38 - 2013-07-22 15:37 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2013-07-22 15:38 - 2013-07-22 15:37 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe 2013-07-22 15:37 - 2013-07-22 15:37 - 00000000 ____D C:\Program Files\Java 2013-07-22 15:19 - 2011-03-10 18:04 - 00046280 _____ (Panda Security) C:\windows\system32\Drivers\PSKMAD.sys 2013-07-22 09:43 - 2013-07-22 09:43 - 00000000 ____D C:\Program Files\ESET 2013-07-22 09:43 - 2013-07-22 09:40 - 00891062 _____ C:\Users\<user>\Desktop\SecurityCheck.exe 2013-07-22 09:43 - 2013-07-22 09:39 - 02347384 _____ (ESET) C:\Users\<user>\Desktop\esetsmartinstaller_enu.exe 2013-07-21 22:27 - 2013-07-21 22:27 - 00000000 ____D C:\windows\ERUNT 2013-07-21 22:21 - 2013-07-21 22:22 - 00007257 _____ C:\AdwCleaner[S1].txt 2013-07-21 21:44 - 2013-07-21 17:33 - 00666633 _____ C:\Users\<user>\Desktop\adwcleaner.exe 2013-07-21 21:44 - 2013-07-21 17:33 - 00559550 _____ (Oleg N. Scherbakov) C:\Users\<user>\Desktop\JRT.exe 2013-07-21 21:42 - 2013-07-21 17:30 - 05093416 ____R (Swearware) C:\Users\<user>\Desktop\ComboFix.exe 2013-07-20 23:16 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe 2013-07-20 23:16 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe 2013-07-20 23:16 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2013-07-20 23:16 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2013-07-20 23:16 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2013-07-20 23:16 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe 2013-07-20 23:16 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe 2013-07-20 23:16 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe 2013-07-20 23:15 - 2013-07-21 22:15 - 00000000 ____D C:\Qoobox 2013-07-20 23:15 - 2013-07-20 23:57 - 00000000 ____D C:\windows\erdnt 2013-07-20 22:55 - 2013-07-19 21:37 - 01219758 _____ (Farbar) C:\Users\<user>\Desktop\FRST.exe 2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST 2013-07-16 15:38 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-07-16 15:38 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-07-16 15:38 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-07-16 15:38 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-07-16 15:38 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-07-16 15:38 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-07-16 15:38 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-07-16 15:38 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-07-16 15:37 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-07-16 15:37 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-07-16 15:37 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-07-16 15:37 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-07-16 15:37 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-07-16 15:37 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-07-16 15:37 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-07-16 15:37 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-07-16 08:44 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-07-16 08:44 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2013-07-16 08:44 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2013-07-16 08:44 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll ==================== One Month Modified Files and Folders ======= 2030-01-01 13:50 - 2009-07-14 06:57 - 00029696 ___SH C:\windows\system32\config\BCD-Template.LOG 2030-01-01 13:50 - 2009-07-14 06:52 - 00032768 _____ C:\windows\system32\config\BCD-Template 2013-07-22 16:00 - 2012-03-17 12:44 - 00000000 ___RD C:\Users\<user>\Desktop 2013-07-22 15:57 - 2012-03-17 12:44 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Adobe 2013-07-22 15:57 - 2011-04-21 02:57 - 00000000 ____D C:\ProgramData\Adobe 2013-07-22 15:55 - 2012-03-17 12:44 - 00000000 ____D C:\Users\<user>~1\AppData\Local\Adobe 2013-07-22 15:54 - 2012-10-05 21:39 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-07-22 15:51 - 2013-07-22 15:51 - 00001989 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-07-22 15:51 - 2013-07-22 15:50 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-07-22 15:51 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop 2013-07-22 15:50 - 2011-04-21 02:56 - 00000000 ____D C:\Program Files\Adobe 2013-07-22 15:45 - 2012-10-05 21:39 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2013-07-22 15:45 - 2012-10-05 21:39 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2013-07-22 15:42 - 2012-07-23 23:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-07-22 15:42 - 2012-07-23 23:10 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-07-22 15:38 - 2013-07-22 15:38 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll 2013-07-22 15:38 - 2009-07-27 12:11 - 01530778 _____ C:\windows\system32\PerfStringBackup.INI 2013-07-22 15:37 - 2013-07-22 15:38 - 00263592 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2013-07-22 15:37 - 2013-07-22 15:38 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2013-07-22 15:37 - 2013-07-22 15:38 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe 2013-07-22 15:37 - 2013-07-22 15:37 - 00000000 ____D C:\Program Files\Java 2013-07-22 15:37 - 2012-08-02 23:18 - 00867240 _____ (Oracle Corporation) C:\windows\system32\npdeployJava1.dll 2013-07-22 15:37 - 2012-08-02 23:18 - 00789416 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll 2013-07-22 15:27 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-22 15:27 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-22 15:22 - 2012-06-02 01:42 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering 2013-07-22 15:19 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-07-22 15:19 - 2009-07-14 06:39 - 00089292 _____ C:\windows\setupact.log 2013-07-22 13:57 - 2012-03-18 02:59 - 01713419 _____ C:\windows\WindowsUpdate.log 2013-07-22 09:43 - 2013-07-22 09:43 - 00000000 ____D C:\Program Files\ESET 2013-07-22 09:40 - 2013-07-22 09:43 - 00891062 _____ C:\Users\<user>\Desktop\SecurityCheck.exe 2013-07-22 09:39 - 2013-07-22 09:43 - 02347384 _____ (ESET) C:\Users\<user>\Desktop\esetsmartinstaller_enu.exe 2013-07-21 22:27 - 2013-07-21 22:27 - 00000000 ____D C:\windows\ERUNT 2013-07-21 22:23 - 2011-04-21 02:32 - 00124998 _____ C:\windows\PFRO.log 2013-07-21 22:22 - 2013-07-21 22:21 - 00007257 _____ C:\AdwCleaner[S1].txt 2013-07-21 22:15 - 2013-07-20 23:15 - 00000000 ____D C:\Qoobox 2013-07-21 22:10 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini 2013-07-21 17:33 - 2013-07-21 21:44 - 00666633 _____ C:\Users\<user>\Desktop\adwcleaner.exe 2013-07-21 17:33 - 2013-07-21 21:44 - 00559550 _____ (Oleg N. Scherbakov) C:\Users\<user>\Desktop\JRT.exe 2013-07-21 17:30 - 2013-07-21 21:42 - 05093416 ____R (Swearware) C:\Users\<user>\Desktop\ComboFix.exe 2013-07-21 00:01 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public 2013-07-20 23:57 - 2013-07-20 23:15 - 00000000 ____D C:\windows\erdnt 2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST 2013-07-19 21:37 - 2013-07-20 22:55 - 01219758 _____ (Farbar) C:\Users\<user>\Desktop\FRST.exe 2013-07-19 15:24 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET 2013-07-19 13:05 - 2012-03-17 12:44 - 00000000 ____D C:\Users\<user> 2013-07-19 13:05 - 2009-07-14 06:53 - 00003150 ____N C:\windows\Tasks\SCHEDLGU.TXT 2013-07-19 09:01 - 2012-08-20 16:55 - 00000000 ____D C:\Users\<user>\Documents\<user> 2013-07-16 18:59 - 2009-07-14 06:33 - 00315344 _____ C:\windows\system32\FNTCACHE.DAT 2013-07-16 18:57 - 2011-04-21 03:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-16 18:57 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-16 15:33 - 2012-07-16 11:40 - 75699896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-07-16 15:24 - 2012-03-26 19:27 - 00000000 ____D C:\Users\<user>\AppData\Roaming\SoftGrid Client 2013-07-16 09:53 - 2012-08-20 17:15 - 00000000 ____D C:\Users\<user>\Documents\Kram ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-16 12:29 ==================== End Of Log ============================ |
Themen zu Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) |
adobe, antivirus, bho, bingbar, defender, dtcontx.f, error, explorer, failed, firefox, flash player, format, install.exe, installation, logfile, microsoft office starter 2010, mozilla, plug-in, programm, proxy, realtek, registry, rundll, security, software, svchost.exe, temp, trojaner, tunnel, udp, windows, wlansvc |