| |
| |||||||
Log-Analyse und Auswertung: Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.07.2013, 16:40
| #1 |
| |  Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Hallo! Rechner: Win7 Starter auf Asus Eee PC Seashell Problem: Panda Cloud hat vor 2 Tagen den Trojaner "Dtcontx.F" gemeldet. Darauf habe ich den Rechner erstmal runtergefahren. Heute wollte ich das Problem angehen und fahre den Rechner hoch. Panda meldet, der Trojaner sei gelöscht, meldet aber bereits erneut denselben Trojaner. Um den Trojaner zu löschen, meldet Panda, muss der Rechner neu gestartet werden. Zwischenzeitlich war ich hier auf dem Board gelandet und habe die OLT- und Gmer-Scans gestartet, mit den geforderten Neustarts des Rechners. Direkt nach den Neustarts wurden von Panda der Dcontx.F und dann auch noch der CI.A gemeldet. Dies ist der Staus quo. Die beschriebene Historie ist im angehängten Panda-Report ersichtlich. Was ir darin auffällt: Die betroffenen Dateien sind immer im Verzeichnis C:\Users\<user> wobei <user> länge als 8 Zeichen ist. Beim Eintrag 19.07.2013 12:53:11 wurde der Username jedoch auf 8 Zeichen, bzw. auf 6 Zeich mit angehängtem "~1" gekürzt. Diesen Pfad gibt es jedoch nicht auf dem Rechner. Hier die geforderten Scans: Ich habe überall den Usernamen durch <user> ersetzt. OLT.txt Code:
ATTFilter OTL logfile created on: 19.07.2013 13:44:19 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\<user>\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,46% Memory free 3,98 Gb Paging File | 2,86 Gb Available in Paging File | 71,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 63,32 Gb Free Space | 63,32% Space Free | Partition Type: NTFS Drive D: | 183,07 Gb Total Space | 182,96 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Drive E: | 30,83 Mb Total Space | 13,12 Mb Free Space | 42,55% Space Free | Partition Type: FAT Drive W: | 5,00 Gb Total Space | 3,93 Gb Free Space | 78,55% Space Free | Partition Type: FAT32 Computer Name: PORTABLE-IK | User Name: <user> | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.19 12:59:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\<user>\Desktop\OTL.exe PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.09.05 12:23:49 | 000,453,552 | ---- | M] (LaCie) -- C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe PRC - [2012.07.13 07:15:56 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe PRC - [2012.07.13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe PRC - [2012.07.13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe PRC - [2012.03.19 10:51:36 | 000,217,256 | ---- | M] (Panda Security) -- C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe PRC - [2012.01.03 17:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.03.23 21:33:00 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe PRC - [2011.03.11 03:05:54 | 001,095,080 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe PRC - [2011.03.04 01:33:20 | 000,101,288 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe PRC - [2011.03.04 01:33:14 | 000,224,680 | ---- | M] () -- C:\Windows\System32\AsusService.exe PRC - [2011.03.04 01:33:12 | 001,252,272 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\HotkeyService\HotkeyService.exe PRC - [2011.02.25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.12 17:22:26 | 000,091,464 | ---- | M] () -- C:\ExpressGateUtil\VAWinService.exe PRC - [2010.11.15 21:27:22 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\ASUS\CapsHook\CapsHook.exe PRC - [2010.11.15 21:25:36 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\SHE\SuperHybridEngine.exe PRC - [2010.07.19 21:26:00 | 000,370,480 | ---- | M] (syncables, LLC) -- C:\Program Files\syncables\syncables desktop\syncables.exe PRC - [2010.07.19 21:26:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe PRC - [2010.05.21 22:42:48 | 002,839,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe PRC - [2010.05.21 22:42:48 | 000,828,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2010.05.21 22:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2010.04.13 09:32:40 | 000,548,744 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe PRC - [2010.04.07 07:16:52 | 001,599,880 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe ========== Modules (No Company Name) ========== MOD - [2013.07.16 23:12:38 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\46e5c98ee0b6840ffbc7875ec30e6b38\Microsoft.VisualBasic.ni.dll MOD - [2013.07.16 19:04:32 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll MOD - [2013.07.16 19:03:52 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll MOD - [2013.07.16 19:02:14 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll MOD - [2013.07.16 19:01:58 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll MOD - [2013.07.16 19:01:55 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll MOD - [2013.07.16 19:01:26 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2013.07.16 09:13:55 | 000,043,520 | ---- | M] () -- C:\Users\<user>\AppData\Local\Wuala\Program0\lib.443\proxy_util_w32.dll MOD - [2013.07.16 08:34:47 | 000,949,426 | ---- | M] () -- C:\Users\<user>\AppData\Local\Wuala\Program0\lib.443\jnotify.dll MOD - [2013.07.16 08:33:54 | 000,165,376 | ---- | M] () -- C:\Users\<user>\AppData\Local\Wuala\Program0\lib.443\orangevolt-4n-1.1.2.dll MOD - [2013.07.16 08:33:49 | 000,370,688 | ---- | M] () -- C:\Users\<user>\AppData\Local\Wuala\Program0\lib.443\jcbfs3.dll MOD - [2012.09.05 09:59:24 | 000,043,520 | ---- | M] () -- C:\Users\<user>\AppData\Local\Temp\proxy_util_w32.dll MOD - [2011.03.23 21:33:00 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe MOD - [2010.09.02 13:08:00 | 000,118,784 | ---- | M] () -- C:\PROGRA~1\ASUS\ASUSWE~1\30108~1.222\ASUSWS~1.DLL MOD - [2010.05.21 22:42:58 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll ========== Services (SafeList) ========== SRV - [2013.06.12 15:13:27 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.07.14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService) SRV - [2012.07.13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain) SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.03.04 01:33:14 | 000,224,680 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService) SRV - [2011.03.02 06:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011.01.12 17:22:26 | 000,091,464 | ---- | M] () [Auto | Running] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService) SRV - [2010.05.21 22:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) ========== Driver Services (SafeList) ========== DRV - File not found [File_System | Disabled | Running] -- system32\Drivers\PsBoot.sys -- (PsBoot) DRV - [2012.07.13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC) DRV - [2012.07.13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt) DRV - [2012.07.13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc) DRV - [2012.07.13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt) DRV - [2012.07.13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile) DRV - [2012.07.12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSStrm.sys -- (NNSSTRM) DRV - [2012.06.27 15:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNStlsc.sys -- (NNSTLSC) DRV - [2012.06.27 15:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSProt.sys -- (NNSPROT) DRV - [2012.06.27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPrv.sys -- (NNSPRV) DRV - [2012.06.27 15:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSSmtp.sys -- (NNSSMTP) DRV - [2012.06.27 15:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPop3.sys -- (NNSPOP3) DRV - [2012.06.27 15:51:05 | 000,060,968 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\NNSPihsw.sys -- (NNSPIHSW) DRV - [2012.06.27 15:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSIds.sys -- (NNSIDS) DRV - [2012.06.27 15:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSpicc.sys -- (NNSPICC) DRV - [2012.06.27 15:51:04 | 000,028,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NNSNAHSL.sys -- (NNSNAHSL) DRV - [2012.06.27 15:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSHttp.sys -- (NNSHTTP) DRV - [2012.06.27 15:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSAlpc.sys -- (NNSALPC) DRV - [2012.04.09 16:27:34 | 000,299,024 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3) DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2011.03.10 18:04:57 | 000,046,280 | ---- | M] (Panda Security) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\PSKMAD.sys -- (PSKMAD) DRV - [2010.11.20 12:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 12:24:42 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010.09.27 09:23:58 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010.08.03 07:20:56 | 000,011,832 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2010.06.28 07:24:00 | 000,011,456 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO) DRV - [2009.07.22 06:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd) DRV - [2009.07.20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://www.google.com/search?ie=utf-8&oe=utf-8&rlz=1V4IPYX&q={searchTerms} IE - HKCU\..\SearchScopes\{BB4AD99B-51CA-46A7-9BB3-AD5F7680E89D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=4EB513DA-586A-4A91-AAA6-031BE75693A8&apn_sauid=4374B2D2-D1D9-43DB-9668-01F1287A8AD6 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.23 23:10:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.23 23:10:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\<user>\AppData\Roaming\mozilla\Extensions [2013.05.22 21:23:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\<user>\AppData\Roaming\mozilla\Firefox\Profiles\tmpnzboc.default\extensions [2012.10.28 12:15:46 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\<user>\AppData\Roaming\mozilla\Firefox\Profiles\tmpnzboc.default\extensions\toolbar@ask.com [2013.03.18 08:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.08.02 23:18:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.28 12:04:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.14 03:02:55 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2012.07.14 03:02:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.14 03:02:55 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2012.07.14 03:02:55 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2012.07.14 03:02:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [2012.07.14 03:02:55 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security) O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe () O4 - HKCU..\Run: [Syncables] C:\Program Files\syncables\syncables desktop\Syncables.exe (syncables, LLC) O4 - Startup: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk = C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe (LaCie) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51C5442E-A9A4-4DD4-AB72-FA16DDCC1BB9}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89D62A12-4BBE-4A3F-BC9A-CAC796B28273}: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2030.01.01 13:50:16 | 000,000,000 | -HSD | C] -- C:\Boot [2013.07.19 13:34:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\<user>\Desktop\OTL.exe [2013.07.19 13:05:39 | 000,046,280 | ---- | C] (Panda Security) -- C:\windows\System32\drivers\PSKMAD.sys [2013.07.16 19:11:05 | 000,000,000 | ---D | C] -- C:\Users\<user>\AppData\Roaming\Xafezye [2013.07.16 19:11:05 | 000,000,000 | ---D | C] -- C:\Users\<user>\AppData\Roaming\Pywe [2013.07.16 19:10:57 | 000,000,000 | ---D | C] -- C:\Users\<user>\AppData\Roaming\Viyh [2013.07.16 19:10:57 | 000,000,000 | ---D | C] -- C:\Users\<user>\AppData\Roaming\Ifu [2013.07.16 15:38:09 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2013.07.16 15:38:05 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2013.07.16 15:38:04 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2013.07.16 15:38:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll [2013.07.16 15:38:02 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2013.07.16 15:38:00 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2013.07.16 15:38:00 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe [2013.07.16 15:37:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll [2013.07.16 15:37:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe [2013.07.16 15:37:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll [2013.07.16 08:44:21 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll [2013.07.16 08:44:15 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL [2013.07.16 08:44:11 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qedit.dll [2013.07.16 08:44:04 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys ========== Files - Modified Within 30 Days ========== [2013.07.19 13:34:11 | 000,092,249 | ---- | M] () -- C:\Users\<user>\Desktop\Panda-Report.jpg [2013.07.19 13:23:39 | 000,666,022 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013.07.19 13:23:39 | 000,627,864 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013.07.19 13:23:39 | 000,133,944 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013.07.19 13:23:39 | 000,110,326 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013.07.19 13:13:14 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.19 13:13:14 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.19 13:13:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.07.19 13:05:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.07.19 13:05:12 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys [2013.07.19 13:00:16 | 000,377,856 | ---- | M] () -- C:\Users\<user>\Desktop\gmer_2.1.19163.exe [2013.07.19 12:59:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\<user>\Desktop\OTL.exe [2013.07.16 18:59:18 | 000,315,344 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2030.01.01 13:50:16 | 000,383,786 | RHS- | C] () -- C:\bootmgr [2013.07.19 13:34:57 | 000,377,856 | ---- | C] () -- C:\Users\<user>\Desktop\gmer_2.1.19163.exe [2013.07.19 13:34:09 | 000,092,249 | ---- | C] () -- C:\Users\<user>\Desktop\Panda-Report.jpg [2012.11.05 10:16:47 | 000,434,176 | ---- | C] () -- C:\windows\System32\ZSHP1020.EXE [2012.09.05 12:24:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl [2012.03.17 12:47:49 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini [2012.03.17 12:45:40 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat [2011.04.21 02:56:11 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 19.07.2013 13:44:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\<user>\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,46% Memory free
3,98 Gb Paging File | 2,86 Gb Available in Paging File | 71,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 63,32 Gb Free Space | 63,32% Space Free | Partition Type: NTFS
Drive D: | 183,07 Gb Total Space | 182,96 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive E: | 30,83 Mb Total Space | 13,12 Mb Free Space | 42,55% Space Free | Partition Type: FAT
Drive W: | 5,00 Gb Total Space | 3,93 Gb Free Space | 78,55% Space Free | Partition Type: FAT32
Computer Name: PORTABLE-IK | User Name: <user> | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A58E7306-2B16-433F-B710-E19B85524A0A}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{BA6DF6ED-66E8-4241-8E9E-991536B4990C}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{C5E3C9ED-BB47-432C-9821-0D3D264CF425}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CA3E3652-B45B-4453-854C-8560416431CA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9DF15337-4E25-42D6-AFE8-E4F24E383B81}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BAF7435B-578D-471D-BF62-6ECDEE6629E1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{CA2F4121-A03B-4CCD-860D-E8B1FA42BFAF}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{E575682C-AA9D-4F46-9E9C-1230B55CC593}" = protocol=17 | dir=in | app=c:\program files\panda security\panda security toolbar\dtuser.exe |
"{F8849DB1-9DE1-4DE3-A193-853ED518DACF}" = protocol=6 | dir=in | app=c:\program files\panda security\panda security toolbar\dtuser.exe |
"TCP Query User{14DD44EA-7689-4D13-9DE6-DC21D05612B9}C:\users\<user>\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\<user>\appdata\roaming\wuala\wuala.exe |
"TCP Query User{35DC0C5B-19E8-4793-BD48-F6298FD56D0A}C:\users\<user>\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\<user>\appdata\roaming\wuala\wuala.exe |
"TCP Query User{3F306CDF-929E-406A-AFFD-31C3D50AED00}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{847ECC4B-9EAE-4323-B299-D534D8BB3D52}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe |
"TCP Query User{B461BADE-4366-44D1-9D63-955D30C4479F}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe |
"TCP Query User{FFBD621D-3D73-4222-B97D-5F80A26324BE}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{0D4E388F-A537-4F69-BDED-29765BAA7D6B}C:\users\<user>\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\<user>\appdata\roaming\wuala\wuala.exe |
"UDP Query User{2439E76D-3AD4-498F-B4D2-6A88EA240817}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe |
"UDP Query User{6F303378-AEF3-463E-85D8-340E99FDF9E6}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe |
"UDP Query User{81D0E884-F0D2-4887-9CD0-14EC564D786F}C:\users\<user>\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\<user>\appdata\roaming\wuala\wuala.exe |
"UDP Query User{938E5072-52B7-436E-A6CF-D78182044B1C}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{BC4F4047-36C5-4D51-AC7B-223B5F8449E2}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F1A2E4E-E2EE-4806-B7CE-356D83A3CDEB}" = Windows Live Family Safety
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{41D6CED7-65E8-4EBB-BB1A-B45E2D8CF6D7}" = Windows Live Family Safety
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5CE74A57-75E8-43A9-9BAA-CB97A1A23043}" = Panda Cloud Antivirus
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{99E77016-BCF2-48C8-9119-43ECF5815F65}" = AsusScreensaver
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS WebStorage" = ASUS WebStorage
"Eee Docking_is1" = Eee Docking 3.8.3
"Elantech" = ETDWare PS/2-x86 7.0.5.11_WHQL
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 en-GB)" = Mozilla Firefox 14.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Panda Security URL Filtering" = Panda Security URL Filtering
"Panda Universal Agent Endpoint" = Panda Cloud Antivirus
"pandasecuritytb" = Panda Security Toolbar
"Toolbar Cleaner" = Toolbar Cleaner 1.0
"WinLiveSuite" = Windows Live Essentials
"Wuala CBFS" = Wuala CBFS
"Wuala OverlayIcons" = Wuala OverlayIcons
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Wuala" = Wuala
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.04.2013 13:27:45 | Computer Name = portable-IK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORDC.EXE, Version: 14.0.6129.5000,
Zeitstempel: 0x5082ffdf Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00690073 ID des fehlerhaften
Prozesses: 0xe1c Startzeit der fehlerhaften Anwendung: 0x01ce4110c7ceca3b Pfad der
fehlerhaften Anwendung: Q:\140066.deu\Office14\WINWORDC.EXE Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 46135fa4-ad04-11e2-8de2-742f68cef929
Error - 24.04.2013 14:25:40 | Computer Name = portable-IK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version:
6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version:
0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000
ID
des fehlerhaften Prozesses: 0x6ec Startzeit der fehlerhaften Anwendung: 0x01ce411913675de9
Pfad
der fehlerhaften Anwendung: C:\windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 5db053c6-ad0c-11e2-bf03-742f68cef929
Error - 05.05.2013 06:35:51 | Computer Name = portable-IK | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 05.05.2013 14:23:18 | Computer Name = portable-IK | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 05.05.2013 14:36:32 | Computer Name = portable-IK | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 05.05.2013 14:49:38 | Computer Name = portable-IK | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 15.05.2013 18:21:51 | Computer Name = portable-IK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Panda_URL_Filtering.exe, Version:
1.0.1.34, Zeitstempel: 0x4f58eb32 Name des fehlerhaften Moduls: ole32.dll, Version:
6.1.7601.17514, Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00039342
ID
des fehlerhaften Prozesses: 0x9a8 Startzeit der fehlerhaften Anwendung: 0x01ce51b9474ebd79
Pfad
der fehlerhaften Anwendung: C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
Pfad
des fehlerhaften Moduls: C:\windows\system32\ole32.dll Berichtskennung: d6dc246a-bdad-11e2-9a2c-742f68cef929
Error - 09.06.2013 14:36:38 | Computer Name = portable-IK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Panda_URL_Filtering.exe, Version:
1.0.1.34, Zeitstempel: 0x4f58eb32 Name des fehlerhaften Moduls: ole32.dll, Version:
6.1.7601.17514, Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00039342
ID
des fehlerhaften Prozesses: 0xf3c Startzeit der fehlerhaften Anwendung: 0x01ce653d4c36c5b8
Pfad
der fehlerhaften Anwendung: C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
Pfad
des fehlerhaften Moduls: C:\windows\system32\ole32.dll Berichtskennung: 84d87a03-d133-11e2-b5bd-742f68cef929
Error - 18.06.2013 12:23:09 | Computer Name = portable-IK | Source = Application Hang | ID = 1002
Description = Programm WINWORDC.EXE, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2fc Startzeit:
01ce6c3d83ddff3a Endzeit: 32 Anwendungspfad: Q:\140066.deu\Office14\WINWORDC.EXE Berichts-ID:
514d78e5-d833-11e2-bf2c-742f68cef929
Error - 24.06.2013 02:16:00 | Computer Name = portable-IK | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
[ System Events ]
Error - 10.02.2013 10:09:44 | Computer Name = portable-IK | Source = DCOM | ID = 10010
Description =
Error - 14.02.2013 15:10:41 | Computer Name = portable-IK | Source = DCOM | ID = 10010
Description =
Error - 15.02.2013 10:38:21 | Computer Name = portable-IK | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 16.02.2013 16:58:05 | Computer Name = portable-IK | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 18.02.2013 18:06:12 | Computer Name = portable-IK | Source = DCOM | ID = 10010
Description =
Error - 18.02.2013 18:06:08 | Computer Name = portable-IK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst btwdins erreicht.
Error - 21.02.2013 17:19:58 | Computer Name = portable-IK | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 22.02.2013 02:29:49 | Computer Name = portable-IK | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 27.02.2013 14:56:53 | Computer Name = portable-IK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 27.02.2013 14:56:54 | Computer Name = portable-IK | Source = DCOM | ID = 10010
Description =
< End of report >
Extras.txt: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-19 17:08:38
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST932032 rev.0003 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\<user>\AppData\Local\Temp\uwlyapow.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 820489F5 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 820821F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- Devices - GMER 2.1 ----
Device Ntfs.sys
AttachedDevice cbfs3.sys
Device fastfat.SYS
Device Sftfslh.sys
Device \Driver\BTHUSB \Device\00000081 bthport.sys
Device \Driver\BTHUSB \Device\00000083 bthport.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat cbfs3.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{9D801AB8-362A-4915-AD1B-84C0AC6A3A91}?\Device\{CA81891F-7045-4EAE-8188-8A06668503F6}?\Device\{B3D35547-86CE-4B06-847B-4926F53EBD43}?\Device\{99D75C0B-9599-4D87-87A6-EC5FD64938B4}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{9D801AB8-362A-4915-AD1B-84C0AC6A3A91}"?"{CA81891F-7045-4EAE-8188-8A06668503F6}"?"{B3D35547-86CE-4B06-847B-4926F53EBD43}"?"{99D75C0B-9599-4D87-87A6-EC5FD64938B4}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{9D801AB8-362A-4915-AD1B-84C0AC6A3A91}?\Device\TCPIP6TUNNEL_{CA81891F-7045-4EAE-8188-8A06668503F6}?\Device\TCPIP6TUNNEL_{B3D35547-86CE-4B06-847B-4926F53EBD43}?\Device\TCPIP6TUNNEL_{99D75C0B-9599-4D87-87A6-EC5FD64938B4}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68cef929
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06da17155
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{CA81891F-7045-4EAE-8188-8A06668503F6}@InterfaceName isatap.{BEA210D1-39F4-4172-AA53-5BB79BEC0CF2}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{CA81891F-7045-4EAE-8188-8A06668503F6}@ReusableType 0
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68cef929 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06da17155 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{346F58E0-7095-11E1-B959-806E6F6E6963} 1957051552
---- EOF - GMER 2.1 ----
Schon mal vorab: DANKE! |
|
19.07.2013, 17:10
| #2 |
| /// the machine /// TB-Ausbilder    | Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
19.07.2013, 21:30
| #3 |
| | Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Danke für die schnelle Antwort!
__________________Hier das Ergebnis des FRST Scans: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-07-2013
Ran by SYSTEM on 19-07-2013 22:21:26
Running from E:\
Windows 7 Starter (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
==================== Registry (Whitelisted) ==================
HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-12] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-26] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-12] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-26] (AsusTek Computer Inc.)
HKU\<user>\...\Run: [Syncables] - C:\Program Files\syncables\syncables desktop\Syncables.exe [ 2010-07-19] (syncables, LLC)
ram Files\ASUS\APRP\APRP.EXE [2018032 2011-04-20] (ASUSTek Computer Inc.)
HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM\...\Run: [Panda Security URL Filtering] - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [217256 2012-03-19] (Panda Security)
HKLM\...\Run: [PSUAMain] - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37152 2012-07-12] (Panda Security, S.L.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-11] (Oracle Corporation)
Startup: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk
ShortcutTarget: Wuala.lnk -> (No File)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
========================== Services (Whitelisted) =================
S2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-03] ()
S2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140064 2012-07-12] (Panda Security, S.L.)
S2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [36640 2012-07-12] (Panda Security, S.L.)
S2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()
==================== Drivers (Whitelisted) ====================
S1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-27] ()
S1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-02] ()
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2010-05-20] (Broadcom Corporation.)
S1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
S3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [82472 2012-06-27] (Panda Security, S.L.)
S1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [120744 2012-06-27] (Panda Security, S.L.)
S1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [122664 2012-06-27] (Panda Security, S.L.)
S1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [28712 2012-06-27] (Panda Security, S.L.)
S1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [93992 2012-06-27] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [60968 2012-06-27] (Panda Security, S.L.)
S1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [104104 2012-06-27] (Panda Security, S.L.)
S1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [286376 2012-06-27] (Panda Security, S.L.)
S1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [153000 2012-06-27] (Panda Security, S.L.)
S1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [106536 2012-06-27] (Panda Security, S.L.)
S1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [206632 2012-07-12] (Panda Security, S.L.)
S1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [92840 2012-06-27] (Panda Security, S.L.)
S2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [148520 2012-07-12] (Panda Security, S.L.)
S2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [103464 2012-07-12] (Panda Security, S.L.)
S1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [174632 2012-07-12] (Panda Security, S.L.)
S2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114216 2012-07-12] (Panda Security, S.L.)
S2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [120872 2012-07-12] (Panda Security, S.L.)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2030-01-01 03:50 - 2010-11-20 04:40 - 00383786 __RSH C:\bootmgr
2013-07-19 22:21 - 2013-07-19 22:21 - 00000000 ____D C:\FRST
2013-07-19 07:08 - 2013-07-19 07:08 - 00004800 _____ C:\Users\<user>\Desktop\gmer.txt
2013-07-19 04:03 - 2013-07-19 04:03 - 00049474 _____ C:\Users\<user>\Desktop\Extras.Txt
2013-07-19 04:01 - 2013-07-19 04:01 - 00060882 _____ C:\Users\<user>\Desktop\OTL.Txt
2013-07-19 03:34 - 2013-07-19 03:00 - 00377856 _____ C:\Users\<user>\Desktop\gmer_2.1.19163.exe
2013-07-19 03:34 - 2013-07-19 02:59 - 00602112 _____ (OldTimer Tools) C:\Users\<user>\Desktop\OTL.exe
2013-07-16 09:11 - 2013-07-16 09:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Xafezye
2013-07-16 09:11 - 2013-07-16 09:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Pywe
2013-07-16 09:10 - 2013-07-19 03:06 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Viyh
2013-07-16 09:10 - 2013-07-18 23:09 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Ifu
2013-07-16 05:38 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-16 05:38 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-16 05:38 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-16 05:38 - 2013-06-11 15:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-16 05:38 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-16 05:38 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-16 05:38 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-16 05:38 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-16 05:37 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-16 05:37 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-16 05:37 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-16 05:37 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-16 05:37 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-16 05:37 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-16 05:37 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-16 05:37 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-15 22:44 - 2013-06-04 19:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-15 22:44 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-15 22:44 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-15 22:44 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
==================== One Month Modified Files and Folders =======
2030-01-01 03:50 - 2009-07-13 20:57 - 00029696 ___SH C:\Windows\System32\config\BCD-Template.LOG
2030-01-01 03:50 - 2009-07-13 20:52 - 00032768 _____ C:\Windows\System32\config\BCD-Template
2013-07-19 22:21 - 2013-07-19 22:21 - 00000000 ____D C:\FRST
2013-07-19 12:11 - 2012-03-17 16:59 - 01626497 _____ C:\Windows\WindowsUpdate.log
2013-07-19 12:11 - 2009-07-13 20:34 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-19 12:11 - 2009-07-13 20:34 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-19 11:41 - 2009-07-27 02:11 - 01530778 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-19 11:36 - 2012-06-01 15:42 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering
2013-07-19 11:35 - 2009-07-13 20:39 - 00088788 _____ C:\Windows\setupact.log
2013-07-19 07:08 - 2013-07-19 07:08 - 00004800 _____ C:\Users\<user>\Desktop\gmer.txt
2013-07-19 07:08 - 2012-03-17 02:44 - 00000000 ___RD C:\Users\<user>\Desktop
2013-07-19 05:24 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-19 04:03 - 2013-07-19 04:03 - 00049474 _____ C:\Users\<user>\Desktop\Extras.Txt
2013-07-19 04:01 - 2013-07-19 04:01 - 00060882 _____ C:\Users\<user>\Desktop\OTL.Txt
2013-07-19 03:06 - 2013-07-16 09:10 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Viyh
2013-07-19 03:05 - 2012-03-17 02:44 - 00000000 ____D C:\users\<user>
2013-07-19 03:00 - 2013-07-19 03:34 - 00377856 _____ C:\Users\<user>\Desktop\gmer_2.1.19163.exe
2013-07-19 02:59 - 2013-07-19 03:34 - 00602112 _____ (OldTimer Tools) C:\Users\<user>\Desktop\OTL.exe
2013-07-18 23:09 - 2013-07-16 09:10 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Ifu
2013-07-18 23:01 - 2012-08-20 06:55 - 00000000 ____D C:\Users\<user>\Documents\<user>
2013-07-16 09:11 - 2013-07-16 09:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Xafezye
2013-07-16 09:11 - 2013-07-16 09:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Pywe
2013-07-16 08:59 - 2009-07-13 20:33 - 00315344 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-16 08:57 - 2011-04-20 17:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-16 08:57 - 2009-07-13 20:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-16 05:33 - 2012-07-16 01:40 - 75699896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-16 05:24 - 2012-03-26 09:27 - 00000000 ____D C:\Users\<user>\AppData\Roaming\SoftGrid Client
2013-07-15 23:53 - 2012-08-20 07:15 - 00000000 ____D C:\Users\<user>\Documents\Kram
Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-05-15 14:18:24
Restore point made on: 2013-06-13 06:39:10
Restore point made on: 2013-06-23 22:11:23
Restore point made on: 2013-07-16 02:38:00
Restore point made on: 2013-07-16 05:25:49
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 2038.12 MB
Available physical RAM: 1651.7 MB
Total Pagefile: 2038.12 MB
Available Pagefile: 1654.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.59 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:100 GB) (Free:63.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:183.07 GB) (Free:182.96 GB) NTFS
Drive e: (USB-Stick) (Removable) (Total:0.03 GB) (Free:0.01 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D1FFC8CF)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=183 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)
========================================================
Disk: 1 (Size: 31 MB) (Disk ID: 617A130E)
Partition 1: (Active) - (Size=31 MB) - (Type=04)
LastRegBack: 2013-07-16 02:29
==================== End Of Log ============================
|
|
20.07.2013, 10:18
| #4 |
| /// the machine /// TB-Ausbilder | Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Hi, warum lässt du FRST aus der Recovery laufen, der Rechner bootet doch normal?  Bitte vom Desktop aus laufen lassen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.07.2013, 10:24
| #5 |
| | Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Weil es so in der verlinkten Anleitung stand ...  Ich mach's nochmal, geht ja relativ schnell. |
|
20.07.2013, 10:52
| #6 |
| /// the machine /// TB-Ausbilder | Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Ok
__________________ --> Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) |
|
20.07.2013, 18:27
| #7 |
| | Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) So, hier jetzt das Ergebnis des FRST Scans nach normalem Start des Rechners. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-07-2013
Ran by <user> (administrator) on 20-07-2013 19:14:24
Running from E:\
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\windows\system32\AsusService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotkeyService.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
(ASUS) C:\Program Files\ASUS\CapsHook\CapsHook.exe
(AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(ASUSTek Computer Inc.) C:\Program Files\Asus\APRP\aprp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Panda Security) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(syncables, LLC) C:\Program Files\syncables\syncables desktop\syncables.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(LaCie) C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe
(Sun Microsystems, Inc.) C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Microsoft Corporation) \\?\C:\windows\system32\wbem\WMIADAP.EXE
==================== Registry (Whitelisted) ==================
HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.)
ductor)
HKLM\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-03-23] ()
HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-04-21] (ASUSTek Computer Inc.)
HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM\...\Run: [Panda Security URL Filtering] - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [217256 2012-03-19] (Panda Security)
HKLM\...\Run: [PSUAMain] - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37152 2012-07-13] (Panda Security, S.L.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [Syncables] - C:\Program Files\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk
ShortcutTarget: Wuala.lnk -> C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe (LaCie)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKCU - {BB4AD99B-51CA-46A7-9BB3-AD5F7680E89D} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=4EB513DA-586A-4A91-AAA6-031BE75693A8&apn_sauid=4374B2D2-D1D9-43DB-9668-01F1287A8AD6
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default
FF user.js: detected! => C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default\user.js
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: Ask Toolbar - C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default\Extensions\toolbar@ask.com
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
========================== Services (Whitelisted) =================
R2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-04] ()
S2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140064 2012-07-13] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [36640 2012-07-13] (Panda Security, S.L.)
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-28] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] ()
R3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2010-05-21] (Broadcom Corporation.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [82472 2012-06-27] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [120744 2012-06-27] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [122664 2012-06-27] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [28712 2012-06-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [93992 2012-06-27] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [60968 2012-06-27] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [104104 2012-06-27] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [286376 2012-06-27] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [153000 2012-06-27] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [106536 2012-06-27] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [206632 2012-07-12] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [92840 2012-06-27] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [148520 2012-07-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [103464 2012-07-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [174632 2012-07-13] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114216 2012-07-13] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [120872 2012-07-13] (Panda Security, S.L.)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2030-01-01 13:50 - 2010-11-20 14:40 - 00383786 __RSH C:\bootmgr
2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST
2013-07-19 17:08 - 2013-07-19 17:08 - 00004800 _____ C:\Users\<user>\Desktop\gmer.txt
2013-07-19 14:03 - 2013-07-19 14:03 - 00049474 _____ C:\Users\<user>\Desktop\Extras.Txt
2013-07-19 14:01 - 2013-07-19 14:01 - 00060882 _____ C:\Users\<user>\Desktop\OTL.Txt
2013-07-19 13:34 - 2013-07-19 13:00 - 00377856 _____ C:\Users\<user>\Desktop\gmer_2.1.19163.exe
2013-07-19 13:34 - 2013-07-19 12:59 - 00602112 _____ (OldTimer Tools) C:\Users\<user>\Desktop\OTL.exe
2013-07-16 19:11 - 2013-07-16 19:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Xafezye
2013-07-16 19:11 - 2013-07-16 19:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Pywe
2013-07-16 19:10 - 2013-07-19 13:06 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Viyh
2013-07-16 19:10 - 2013-07-19 09:09 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Ifu
2013-07-16 15:38 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-16 15:38 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-16 15:38 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-16 15:38 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-16 15:38 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-16 15:37 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-16 15:37 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-16 15:37 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-16 15:37 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-16 08:44 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-16 08:44 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-16 08:44 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-16 08:44 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
==================== One Month Modified Files and Folders =======
2030-01-01 13:50 - 2009-07-14 06:57 - 00029696 ___SH C:\windows\system32\config\BCD-Template.LOG
2030-01-01 13:50 - 2009-07-14 06:52 - 00032768 _____ C:\windows\system32\config\BCD-Template
2013-07-20 19:13 - 2012-10-05 21:39 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-20 19:12 - 2012-06-02 01:42 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering
2013-07-20 11:29 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-20 11:29 - 2009-07-14 06:39 - 00088844 _____ C:\windows\setupact.log
2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST
2013-07-19 22:11 - 2012-03-18 02:59 - 01642610 _____ C:\windows\WindowsUpdate.log
2013-07-19 22:11 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-19 22:11 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-19 21:41 - 2009-07-27 12:11 - 01530778 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-19 17:08 - 2013-07-19 17:08 - 00004800 _____ C:\Users\<user>\Desktop\gmer.txt
2013-07-19 17:08 - 2012-03-17 12:44 - 00000000 ___RD C:\Users\<user>\Desktop
2013-07-19 15:24 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-07-19 14:03 - 2013-07-19 14:03 - 00049474 _____ C:\Users\<user>\Desktop\Extras.Txt
2013-07-19 14:01 - 2013-07-19 14:01 - 00060882 _____ C:\Users\<user>\Desktop\OTL.Txt
2013-07-19 13:06 - 2013-07-16 19:10 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Viyh
2013-07-19 13:05 - 2012-03-17 12:44 - 00000000 ____D C:\Users\<user>
2013-07-19 13:05 - 2009-07-14 06:53 - 00001134 ____N C:\windows\Tasks\SCHEDLGU.TXT
2013-07-19 13:00 - 2013-07-19 13:34 - 00377856 _____ C:\Users\<user>\Desktop\gmer_2.1.19163.exe
2013-07-19 12:59 - 2013-07-19 13:34 - 00602112 _____ (OldTimer Tools) C:\Users\<user>\Desktop\OTL.exe
2013-07-19 09:09 - 2013-07-16 19:10 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Ifu
2013-07-19 09:01 - 2012-08-20 16:55 - 00000000 ____D C:\Users\<user>\Documents\<user>
2013-07-16 19:11 - 2013-07-16 19:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Xafezye
2013-07-16 19:11 - 2013-07-16 19:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Pywe
2013-07-16 18:59 - 2009-07-14 06:33 - 00315344 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-16 18:57 - 2011-04-21 03:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-16 18:57 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-16 15:33 - 2012-07-16 11:40 - 75699896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-16 15:24 - 2012-03-26 19:27 - 00000000 ____D C:\Users\<user>\AppData\Roaming\SoftGrid Client
2013-07-16 09:53 - 2012-08-20 17:15 - 00000000 ____D C:\Users\<user>\Documents\Kram
Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-16 12:29
==================== End Of Log ============================
--- --- --- --- --- --- |
|
20.07.2013, 20:11
| #8 | |
| /// the machine /// TB-Ausbilder | Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Und wenn Du unsere Tools jetzt noch vom Desktop ausführst ist alles in Butter Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.07.2013, 23:20
| #9 |
| | Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Ooops ... Ich weiß nicht, ob's von Bedeutung ist, aber hier dann nochmal das FRST Logfile, ausgeführt vom Desktop: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-07-2013
Ran by <user> (administrator) on 20-07-2013 23:03:30
Running from C:\Users\<user>\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\windows\system32\AsusService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotkeyService.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
(AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(ASUSTek Computer Inc.) C:\Program Files\Asus\APRP\aprp.exe
(ASUS) C:\Program Files\ASUS\CapsHook\CapsHook.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Panda Security) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(syncables, LLC) C:\Program Files\syncables\syncables desktop\syncables.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(LaCie) C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe
(Sun Microsystems, Inc.) C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
==================== Registry (Whitelisted) ==================
HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.)
ductor)
HKLM\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-03-23] ()
HKLM\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-04-21] (ASUSTek Computer Inc.)
HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM\...\Run: [Panda Security URL Filtering] - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [217256 2012-03-19] (Panda Security)
HKLM\...\Run: [PSUAMain] - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37152 2012-07-13] (Panda Security, S.L.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [Syncables] - C:\Program Files\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk
ShortcutTarget: Wuala.lnk -> C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe (LaCie)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKCU - {BB4AD99B-51CA-46A7-9BB3-AD5F7680E89D} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=4EB513DA-586A-4A91-AAA6-031BE75693A8&apn_sauid=4374B2D2-D1D9-43DB-9668-01F1287A8AD6
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default
FF user.js: detected! => C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default\user.js
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: Ask Toolbar - C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default\Extensions\toolbar@ask.com
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
========================== Services (Whitelisted) =================
R2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-04] ()
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140064 2012-07-13] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [36640 2012-07-13] (Panda Security, S.L.)
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-28] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] ()
R3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2010-05-21] (Broadcom Corporation.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [82472 2012-06-27] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [120744 2012-06-27] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [122664 2012-06-27] (Panda Security, S.L.)
S1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [28712 2012-06-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [93992 2012-06-27] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [60968 2012-06-27] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [104104 2012-06-27] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [286376 2012-06-27] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [153000 2012-06-27] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [106536 2012-06-27] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [206632 2012-07-12] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [92840 2012-06-27] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [148520 2012-07-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [103464 2012-07-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [174632 2012-07-13] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114216 2012-07-13] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [120872 2012-07-13] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [46280 2011-03-10] (Panda Security)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2030-01-01 13:50 - 2010-11-20 14:40 - 00383786 __RSH C:\bootmgr
2013-07-20 23:01 - 2011-03-10 18:04 - 00046280 _____ (Panda Security) C:\windows\system32\Drivers\PSKMAD.sys
2013-07-20 22:55 - 2013-07-20 22:45 - 05093416 _____ (Swearware) C:\Users\<user>\Desktop\ComboFix.exe
2013-07-20 22:55 - 2013-07-19 21:37 - 01219758 _____ (Farbar) C:\Users\<user>\Desktop\FRST.exe
2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST
2013-07-19 17:08 - 2013-07-19 17:08 - 00004800 _____ C:\Users\<user>\Desktop\gmer.txt
2013-07-19 14:03 - 2013-07-19 14:03 - 00049474 _____ C:\Users\<user>\Desktop\Extras.Txt
2013-07-19 14:01 - 2013-07-19 14:01 - 00060882 _____ C:\Users\<user>\Desktop\OTL.Txt
2013-07-16 19:11 - 2013-07-16 19:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Xafezye
2013-07-16 19:11 - 2013-07-16 19:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Pywe
2013-07-16 19:10 - 2013-07-19 13:06 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Viyh
2013-07-16 19:10 - 2013-07-19 09:09 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Ifu
2013-07-16 15:38 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-16 15:38 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-16 15:38 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-16 15:38 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-16 15:38 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-16 15:37 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-16 15:37 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-16 15:37 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-16 15:37 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-16 08:44 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-16 08:44 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-16 08:44 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-16 08:44 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
==================== One Month Modified Files and Folders =======
2030-01-01 13:50 - 2009-07-14 06:57 - 00029696 ___SH C:\windows\system32\config\BCD-Template.LOG
2030-01-01 13:50 - 2009-07-14 06:52 - 00032768 _____ C:\windows\system32\config\BCD-Template
2013-07-20 23:01 - 2012-06-02 01:42 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering
2013-07-20 23:01 - 2012-03-17 12:44 - 00000000 ___RD C:\Users\<user>\Desktop
2013-07-20 23:00 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-20 23:00 - 2009-07-14 06:39 - 00088956 _____ C:\windows\setupact.log
2013-07-20 22:59 - 2012-03-18 02:59 - 01650723 _____ C:\windows\WindowsUpdate.log
2013-07-20 22:59 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-20 22:59 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-20 22:53 - 2012-10-05 21:39 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-20 22:45 - 2013-07-20 22:55 - 05093416 _____ (Swearware) C:\Users\<user>\Desktop\ComboFix.exe
2013-07-20 19:16 - 2009-07-27 12:11 - 01530778 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST
2013-07-19 21:37 - 2013-07-20 22:55 - 01219758 _____ (Farbar) C:\Users\<user>\Desktop\FRST.exe
2013-07-19 17:08 - 2013-07-19 17:08 - 00004800 _____ C:\Users\<user>\Desktop\gmer.txt
2013-07-19 15:24 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-07-19 14:03 - 2013-07-19 14:03 - 00049474 _____ C:\Users\<user>\Desktop\Extras.Txt
2013-07-19 14:01 - 2013-07-19 14:01 - 00060882 _____ C:\Users\<user>\Desktop\OTL.Txt
2013-07-19 13:06 - 2013-07-16 19:10 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Viyh
2013-07-19 13:05 - 2012-03-17 12:44 - 00000000 ____D C:\Users\<user>
2013-07-19 13:05 - 2009-07-14 06:53 - 00001638 ____N C:\windows\Tasks\SCHEDLGU.TXT
2013-07-19 09:09 - 2013-07-16 19:10 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Ifu
2013-07-19 09:01 - 2012-08-20 16:55 - 00000000 ____D C:\Users\<user>\Documents\<user>
2013-07-16 19:11 - 2013-07-16 19:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Xafezye
2013-07-16 19:11 - 2013-07-16 19:11 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Pywe
2013-07-16 18:59 - 2009-07-14 06:33 - 00315344 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-16 18:57 - 2011-04-21 03:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-16 18:57 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-16 15:33 - 2012-07-16 11:40 - 75699896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-16 15:24 - 2012-03-26 19:27 - 00000000 ____D C:\Users\<user>\AppData\Roaming\SoftGrid Client
2013-07-16 09:53 - 2012-08-20 17:15 - 00000000 ____D C:\Users\<user>\Documents\Kram
Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-16 12:29
==================== End Of Log ============================
--- --- --- Und dann (ebenfalls ausgeführt vom Desktop ... die Lernkuve steigt!  ) das Logfile von ComboFix:Combofix Logfile: Code:
ATTFilter ComboFix 13-07-20.03 - <user> 20.07.2013 23:22:41.1.4 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.2038.988 [GMT 2:00]
ausgeführt von:: c:\users\<user>\Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\<user>\AppData\Roaming\Pywe
c:\users\<user>\AppData\Roaming\Pywe\dyogca.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-20 bis 2013-07-20 ))))))))))))))))))))))))))))))
.
.
2030-01-01 11:50 . 2030-01-01 11:50 -------- d-----w- C:\Boot
2013-07-20 21:45 . 2013-07-20 21:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-20 21:07 . 2011-03-10 16:04 46280 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2013-07-20 06:21 . 2013-07-20 06:21 -------- d-----w- C:\FRST
2013-07-16 17:11 . 2013-07-16 17:11 -------- d-----w- c:\users\<user>\AppData\Roaming\Xafezye
2013-07-16 17:10 . 2013-07-19 11:06 -------- d-----w- c:\users\<user>\AppData\Roaming\Viyh
2013-07-16 17:10 . 2013-07-19 07:09 -------- d-----w- c:\users\<user>\AppData\Roaming\Ifu
2013-07-16 13:38 . 2013-06-07 02:37 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-16 13:38 . 2013-06-11 23:43 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-07-16 13:38 . 2013-06-11 23:43 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-07-16 13:38 . 2013-06-11 23:43 108032 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-07-16 13:38 . 2013-06-11 23:42 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-07-16 13:38 . 2013-06-11 23:42 257536 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2013-07-16 13:38 . 2013-06-11 23:42 235520 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-07-16 13:37 . 2013-06-11 23:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-07-16 13:37 . 2013-06-11 22:51 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-07-16 13:37 . 2013-06-11 23:43 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-07-16 13:37 . 2013-06-12 00:23 770648 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2013-07-16 13:37 . 2013-06-11 23:43 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-07-16 06:44 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-07-16 06:44 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-16 06:44 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll
2013-07-16 06:44 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-07-16 06:43 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-16 06:43 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-16 06:43 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-16 06:43 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 13:13 . 2012-10-05 19:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 13:13 . 2012-10-05 19:39 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-14 19:10 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 04:45 . 2013-06-12 19:58 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-12 19:58 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 19:58 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 03:08 . 2013-06-12 19:58 903168 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 19:58 43008 ----a-w- c:\windows\system32\certenc.dll
2013-05-12 14:44 . 2013-05-12 14:44 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-12 14:44 . 2013-05-12 14:44 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-05-12 14:44 . 2013-05-12 14:44 158720 ----a-w- c:\windows\system32\msls31.dll
2013-05-12 14:44 . 2013-05-12 14:44 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-05-12 14:44 . 2013-05-12 14:44 138752 ----a-w- c:\windows\system32\wextract.exe
2013-05-12 14:44 . 2013-05-12 14:44 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-05-12 14:44 . 2013-05-12 14:44 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-12 14:44 . 2013-05-12 14:44 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-05-12 14:44 . 2013-05-12 14:44 12800 ----a-w- c:\windows\system32\mshta.exe
2013-05-12 14:44 . 2013-05-12 14:44 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-12 14:44 . 2013-05-12 14:44 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-12 14:44 . 2013-05-12 14:44 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-12 14:44 . 2013-05-12 14:44 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-05-12 14:44 . 2013-05-12 14:44 361984 ----a-w- c:\windows\system32\html.iec
2013-05-12 14:44 . 2013-05-12 14:44 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-12 14:44 . 2013-05-12 14:44 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-12 14:44 . 2013-05-12 14:44 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-10 03:20 . 2013-06-12 19:59 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-08 05:38 . 2013-06-12 19:57 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06 . 2013-06-12 19:58 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-06 05:06 . 2013-06-12 19:58 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-26 04:55 . 2013-06-12 19:59 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-04-25 23:30 . 2013-06-12 19:59 1505280 ----a-w- c:\windows\system32\d3d11.dll
2012-07-14 00:15 . 2012-07-23 21:10 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2012-03-15 21:02 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2012-03-15
86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-05-02 12:10 1688576 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-05-02 12:10 1688576 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-05-02 12:10 1688576 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2012-05-02 12:10 1688576 ----a-w- c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{9F26BD00-946A-4855-AA63-E319DF22B493}"
[HKEY_CLASSES_ROOT\CLSID\{9F26BD00-946A-4855-AA63-E319DF22B493}]
2012-04-09 14:27 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 14:27 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Syncables"="c:\program files\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-04-13 548744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HotkeyMon"="AsusSender.exe" [2011-03-11 34728]
"HotkeyService"="AsusSender.exe" [2011-03-11 34728]
"SuperHybridEngine"="AsusSender.exe" [2011-03-11 34728]
"LiveUpdate"="AsusSender.exe" [2011-03-11 34728]
"CapsHook"="AsusSender.exe" [2011-03-11 34728]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2011-01-06 414384]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-08-24 9722472]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-03-23 45448]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2011-04-21 2018032]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-19 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-19 174360]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-19 150808]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X]
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X]
.
c:\users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Wuala.lnk - c:\users\<user>\AppData\Roaming\Wuala\Wuala.exe -silent [2012-5-4 453552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-5-21 828704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [2012-06-27 28712]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-22 81704]
R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2012-06-27 60968]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-08-03 11832]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-04-09 299024]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2012-06-27 82472]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2012-06-27 120744]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2012-06-27 122664]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2012-06-27 93992]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2012-06-27 104104]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2012-06-27 286376]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2012-06-27 153000]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2012-06-27 106536]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2012-07-12 206632]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2012-06-27 92840]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2012-07-13 174632]
S2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2011-03-03 224680]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04
822624]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-07-13
140064]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-07-13 148520]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2012-07-13 103464]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2012-07-13 114216]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2012-07-13 120872]
S2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-07-13 36640]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01
508776]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-01-12 91464]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-05-21 293928]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-05-21 33320]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 109960]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-09-27
68208]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10
-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - PSKMAD
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-05 13:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-21 00:01:18
ComboFix-quarantined-files.txt 2013-07-20 22:01
.
Vor Suchlauf: 9 Verzeichnis(se), 75.240.558.592 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 76.397.649.920 Bytes frei
.
- - End Of File - - A37759171B669A2D03CE3B42EA628D38
A36C5E4F47E84449FF07ED3517B43A31 |
|
21.07.2013, 14:49
| #10 |
| /// the machine /// TB-Ausbilder | Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Supi Combofix-Skript
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.07.2013, 21:53
| #11 |
| | Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) ComboFix: Code:
ATTFilter Combofix Logfile: dann AdwCleaner: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 21/07/2013 um 22:21:28 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : <user> - PORTABLE-IK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\<user>\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\<user>\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\2BDF3E992C0908741B7C11F4B4E0F775
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\BEABAA33A5E68374DBF197F2A00CD011
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\CB61AF52AD64B6B45930BE969F316720
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18
\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v14.0.1 (en-GB)
Datei : C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default\prefs.js
C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
*************************
AdwCleaner[S1].txt - [7128 octets] - [21/07/2013 22:21:28]
########## EOF - C:\AdwCleaner[S1].txt - [7188 octets] ##########
[/CODE] dann JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.9 (07.20.2013:3)
OS: Windows 7 Starter x86
Ran by <user> on 21.07.2013 at 22:27:42,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB4AD99B-51CA-46A7-9BB3-
AD5F7680E89D}
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\<user>\AppData\Roaming\mozilla\firefox\profiles\tmpnzboc.default\minidumps [10 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.07.2013 at 22:34:46,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und zum Abschluss noch ein FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-07-2013
Ran by <user> (administrator) on 21-07-2013 22:38:05
Running from C:\Users\<user>\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\windows\system32\AsusService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotkeyService.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(ASUS) C:\Program Files\ASUS\CapsHook\CapsHook.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Panda Security) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(syncables, LLC) C:\Program Files\syncables\syncables desktop\syncables.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(LaCie) C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe
(Sun Microsystems, Inc.) C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
==================== Registry (Whitelisted) ==================
HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek
Computer Inc.)
HKU\Default User\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek
Computer Inc.)
M\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-04-21] (ASUSTek Computer Inc.)
HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM\...\Run: [Panda Security URL Filtering] - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [217256 2012-03-
19] (Panda Security)
HKLM\...\Run: [PSUAMain] - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37152 2012-07-13] (Panda Security,
S.L.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle
Corporation)
HKCU\...\Run: [Syncables] - C:\Program Files\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk
ShortcutTarget: Wuala.lnk -> C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe (LaCie)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}
&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}
&form=ASUTDF&pc=NP07&src=IE-SearchBox
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle
Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security
Toolbar\PandaSecurityDx.dll ()
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle
Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security
Toolbar\PandaSecurityDx.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft
Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft
Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft
Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
========================== Services (Whitelisted) =================
R2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-04] ()
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140064 2012-07-13] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [36640 2012-07-13] (Panda Security, S.L.)
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-28] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] ()
R3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2010-05-21] (Broadcom Corporation.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [82472 2012-06-27] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [120744 2012-06-27] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [122664 2012-06-27] (Panda Security, S.L.)
S1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [28712 2012-06-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [93992 2012-06-27] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [60968 2012-06-27] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [104104 2012-06-27] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [286376 2012-06-27] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [153000 2012-06-27] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [106536 2012-06-27] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [206632 2012-07-12] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [92840 2012-06-27] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [148520 2012-07-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [103464 2012-07-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [174632 2012-07-13] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114216 2012-07-13] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [120872 2012-07-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [46280 2011-03-10] (Panda Security)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink)
S3 catchme; \??\C:\Users\<user>~1\AppData\Local\Temp\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2030-01-01 13:50 - 2010-11-20 14:40 - 00383786 __RSH C:\bootmgr
2013-07-21 22:34 - 2013-07-21 22:34 - 00001037 _____ C:\Users\<user>\Desktop\JRT.txt
2013-07-21 22:27 - 2013-07-21 22:27 - 00000000 ____D C:\windows\ERUNT
2013-07-21 22:25 - 2011-03-10 18:04 - 00046280 _____ (Panda Security) C:\windows\system32\Drivers\PSKMAD.sys
2013-07-21 22:21 - 2013-07-21 22:22 - 00007257 _____ C:\AdwCleaner[S1].txt
2013-07-21 21:44 - 2013-07-21 17:33 - 00666633 _____ C:\Users\<user>\Desktop\adwcleaner.exe
2013-07-21 21:44 - 2013-07-21 17:33 - 00559550 _____ (Oleg N. Scherbakov) C:\Users\<user>\Desktop\JRT.exe
2013-07-21 21:42 - 2013-07-21 17:30 - 05093416 ____R (Swearware) C:\Users\<user>\Desktop\ComboFix.exe
2013-07-20 23:16 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-07-20 23:16 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-07-20 23:16 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-07-20 23:15 - 2013-07-21 22:15 - 00000000 ____D C:\Qoobox
2013-07-20 23:15 - 2013-07-20 23:57 - 00000000 ____D C:\windows\erdnt
2013-07-20 22:55 - 2013-07-19 21:37 - 01219758 _____ (Farbar) C:\Users\<user>\Desktop\FRST.exe
2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST
2013-07-16 15:38 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-16 15:38 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-16 15:38 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-16 15:38 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-16 15:38 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-16 15:37 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-16 15:37 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-16 15:37 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-16 15:37 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-16 08:44 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-16 08:44 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-16 08:44 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-16 08:44 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
==================== One Month Modified Files and Folders =======
2030-01-01 13:50 - 2009-07-14 06:57 - 00029696 ___SH C:\windows\system32\config\BCD-Template.LOG
2030-01-01 13:50 - 2009-07-14 06:52 - 00032768 _____ C:\windows\system32\config\BCD-Template
2013-07-21 22:34 - 2013-07-21 22:34 - 00001037 _____ C:\Users\<user>\Desktop\JRT.txt
2013-07-21 22:34 - 2012-03-17 12:44 - 00000000 ___RD C:\Users\<user>\Desktop
2013-07-21 22:34 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-
439d-8115-601632D005A0
2013-07-21 22:34 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-
439d-8115-601632D005A0
2013-07-21 22:31 - 2009-07-27 12:11 - 01530778 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-21 22:27 - 2013-07-21 22:27 - 00000000 ____D C:\windows\ERUNT
2013-07-21 22:24 - 2012-10-05 21:39 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-21 22:24 - 2012-06-02 01:42 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering
2013-07-21 22:24 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-21 22:24 - 2009-07-14 06:39 - 00089124 _____ C:\windows\setupact.log
2013-07-21 22:23 - 2012-03-18 02:59 - 01681141 _____ C:\windows\WindowsUpdate.log
2013-07-21 22:23 - 2011-04-21 02:32 - 00124998 _____ C:\windows\PFRO.log
2013-07-21 22:22 - 2013-07-21 22:21 - 00007257 _____ C:\AdwCleaner[S1].txt
2013-07-21 22:15 - 2013-07-20 23:15 - 00000000 ____D C:\Qoobox
2013-07-21 22:10 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini
2013-07-21 17:33 - 2013-07-21 21:44 - 00666633 _____ C:\Users\<user>\Desktop\adwcleaner.exe
2013-07-21 17:33 - 2013-07-21 21:44 - 00559550 _____ (Oleg N. Scherbakov) C:\Users\<user>\Desktop\JRT.exe
2013-07-21 17:30 - 2013-07-21 21:42 - 05093416 ____R (Swearware) C:\Users\<user>\Desktop\ComboFix.exe
2013-07-21 00:01 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-07-20 23:57 - 2013-07-20 23:15 - 00000000 ____D C:\windows\erdnt
2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST
2013-07-19 21:37 - 2013-07-20 22:55 - 01219758 _____ (Farbar) C:\Users\<user>\Desktop\FRST.exe
2013-07-19 15:24 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-07-19 13:05 - 2012-03-17 12:44 - 00000000 ____D C:\Users\<user>
2013-07-19 13:05 - 2009-07-14 06:53 - 00002394 ____N C:\windows\Tasks\SCHEDLGU.TXT
2013-07-19 09:01 - 2012-08-20 16:55 - 00000000 ____D C:\Users\<user>\Documents\<user>
2013-07-16 18:59 - 2009-07-14 06:33 - 00315344 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-16 18:57 - 2011-04-21 03:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-16 18:57 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-16 15:33 - 2012-07-16 11:40 - 75699896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-16 15:24 - 2012-03-26 19:27 - 00000000 ____D C:\Users\<user>\AppData\Roaming\SoftGrid Client
2013-07-16 09:53 - 2012-08-20 17:15 - 00000000 ____D C:\Users\<user>\Documents\Kram
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-16 12:29
==================== End Of Log ============================
... jetzt bin ich ja gespannt ...  |
|
22.07.2013, 08:31
| #12 |
| /// the machine /// TB-Ausbilder | Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Onlinescan und wir sind durch ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.07.2013, 12:52
| #13 |
| | Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Ganz am Ende habe ich noch eine Frage gepostet. EST Scanner war fündig: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=133421a324d19e4caf945a1fb07b9187
# engine=14466
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-22 10:11:21
# local_time=2013-07-22 12:11:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1791 16777215 0 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 494027 126119072 0 0
# scanned=194457
# found=1
# cleaned=0
# scan_time=6374
sh=19925B1515BBA6EAFB9A557D09DCC37A1A2B88AB ft=1 fh=7a5a338cc62a7e85 vn="Win32/Spy.Zbot.ZR trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Ilka Kock\AppData\Roaming\Pywe\dyogca.exe.vir"
Code:
ATTFilter Results of screen317's Security Check version 0.99.70
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Panda Cloud Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Toolbar Cleaner 1.0
Java 7 Update 21
Java version out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 14.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Panda Security Panda Cloud Antivirus PSANHost.exe
Panda Security Panda Cloud Antivirus PSUAService.exe
Panda Security Panda Cloud Antivirus PSUAMain.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-07-2013
Ran by <user> (administrator) on 22-07-2013 12:55:36
Running from C:\Users\<user>\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\windows\system32\AsusService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotkeyService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(ASUS) C:\Program Files\ASUS\CapsHook\CapsHook.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Panda Security) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(syncables, LLC) C:\Program Files\syncables\syncables desktop\syncables.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(LaCie) C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe
(Sun Microsystems, Inc.) C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
==================== Registry (Whitelisted) ==================
HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.)
M\...\Run: [ASUSPRP] - C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-04-21] (ASUSTek Computer Inc.)
HKLM\...\Run: [ASUSWebStorage] - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM\...\Run: [Panda Security URL Filtering] - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [217256 2012-03-19] (Panda Security)
HKLM\...\Run: [PSUAMain] - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37152 2012-07-13] (Panda Security, S.L.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [Syncables] - C:\Program Files\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk
ShortcutTarget: Wuala.lnk -> C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe (LaCie)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
========================== Services (Whitelisted) =================
R2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-04] ()
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140064 2012-07-13] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [36640 2012-07-13] (Panda Security, S.L.)
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-28] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] ()
R3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2010-05-21] (Broadcom Corporation.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [82472 2012-06-27] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [120744 2012-06-27] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [122664 2012-06-27] (Panda Security, S.L.)
S1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [28712 2012-06-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [93992 2012-06-27] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [60968 2012-06-27] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [104104 2012-06-27] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [286376 2012-06-27] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [153000 2012-06-27] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [106536 2012-06-27] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [206632 2012-07-12] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [92840 2012-06-27] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [148520 2012-07-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [103464 2012-07-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [174632 2012-07-13] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114216 2012-07-13] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [120872 2012-07-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [46280 2011-03-10] (Panda Security)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink)
S3 catchme; \??\C:\Users\<user>~1\AppData\Local\Temp\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2030-01-01 13:50 - 2010-11-20 14:40 - 00383786 __RSH C:\bootmgr
2013-07-22 09:43 - 2013-07-22 09:43 - 00000000 ____D C:\Program Files\ESET
2013-07-22 09:43 - 2013-07-22 09:40 - 00891062 _____ C:\Users\<user>\Desktop\SecurityCheck.exe
2013-07-22 09:43 - 2013-07-22 09:39 - 02347384 _____ (ESET) C:\Users\<user>\Desktop\esetsmartinstaller_enu.exe
2013-07-22 09:42 - 2011-03-10 18:04 - 00046280 _____ (Panda Security) C:\windows\system32\Drivers\PSKMAD.sys
2013-07-21 22:27 - 2013-07-21 22:27 - 00000000 ____D C:\windows\ERUNT
2013-07-21 22:21 - 2013-07-21 22:22 - 00007257 _____ C:\AdwCleaner[S1].txt
2013-07-21 21:44 - 2013-07-21 17:33 - 00666633 _____ C:\Users\<user>\Desktop\adwcleaner.exe
2013-07-21 21:44 - 2013-07-21 17:33 - 00559550 _____ (Oleg N. Scherbakov) C:\Users\<user>\Desktop\JRT.exe
2013-07-21 21:42 - 2013-07-21 17:30 - 05093416 ____R (Swearware) C:\Users\<user>\Desktop\ComboFix.exe
2013-07-20 23:16 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-07-20 23:16 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-07-20 23:16 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-07-20 23:15 - 2013-07-21 22:15 - 00000000 ____D C:\Qoobox
2013-07-20 23:15 - 2013-07-20 23:57 - 00000000 ____D C:\windows\erdnt
2013-07-20 22:55 - 2013-07-19 21:37 - 01219758 _____ (Farbar) C:\Users\<user>\Desktop\FRST.exe
2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST
2013-07-16 15:38 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-16 15:38 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-16 15:38 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-16 15:38 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-16 15:38 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-16 15:37 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-16 15:37 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-16 15:37 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-16 15:37 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-16 08:44 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-16 08:44 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-16 08:44 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-16 08:44 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
==================== One Month Modified Files and Folders =======
2030-01-01 13:50 - 2009-07-14 06:57 - 00029696 ___SH C:\windows\system32\config\BCD-Template.LOG
2030-01-01 13:50 - 2009-07-14 06:52 - 00032768 _____ C:\windows\system32\config\BCD-Template
2013-07-22 12:38 - 2012-03-18 02:59 - 01705953 _____ C:\windows\WindowsUpdate.log
2013-07-22 12:13 - 2012-10-05 21:39 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-22 10:27 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-22 10:27 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-22 10:24 - 2009-07-27 12:11 - 01530778 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-22 10:19 - 2012-06-02 01:42 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering
2013-07-22 10:18 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-22 10:18 - 2009-07-14 06:39 - 00089236 _____ C:\windows\setupact.log
2013-07-22 09:43 - 2013-07-22 09:43 - 00000000 ____D C:\Program Files\ESET
2013-07-22 09:43 - 2012-03-17 12:44 - 00000000 ___RD C:\Users\<user>\Desktop
2013-07-22 09:40 - 2013-07-22 09:43 - 00891062 _____ C:\Users\<user>\Desktop\SecurityCheck.exe
2013-07-22 09:39 - 2013-07-22 09:43 - 02347384 _____ (ESET) C:\Users\<user>\Desktop\esetsmartinstaller_enu.exe
2013-07-21 22:27 - 2013-07-21 22:27 - 00000000 ____D C:\windows\ERUNT
2013-07-21 22:23 - 2011-04-21 02:32 - 00124998 _____ C:\windows\PFRO.log
2013-07-21 22:22 - 2013-07-21 22:21 - 00007257 _____ C:\AdwCleaner[S1].txt
2013-07-21 22:15 - 2013-07-20 23:15 - 00000000 ____D C:\Qoobox
2013-07-21 22:10 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini
2013-07-21 17:33 - 2013-07-21 21:44 - 00666633 _____ C:\Users\<user>\Desktop\adwcleaner.exe
2013-07-21 17:33 - 2013-07-21 21:44 - 00559550 _____ (Oleg N. Scherbakov) C:\Users\<user>\Desktop\JRT.exe
2013-07-21 17:30 - 2013-07-21 21:42 - 05093416 ____R (Swearware) C:\Users\<user>\Desktop\ComboFix.exe
2013-07-21 00:01 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-07-20 23:57 - 2013-07-20 23:15 - 00000000 ____D C:\windows\erdnt
2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST
2013-07-19 21:37 - 2013-07-20 22:55 - 01219758 _____ (Farbar) C:\Users\<user>\Desktop\FRST.exe
2013-07-19 15:24 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-07-19 13:05 - 2012-03-17 12:44 - 00000000 ____D C:\Users\<user>
2013-07-19 13:05 - 2009-07-14 06:53 - 00002898 ____N C:\windows\Tasks\SCHEDLGU.TXT
2013-07-19 09:01 - 2012-08-20 16:55 - 00000000 ____D C:\Users\<user>\Documents\Ilka
2013-07-16 18:59 - 2009-07-14 06:33 - 00315344 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-16 18:57 - 2011-04-21 03:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-16 18:57 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-16 15:33 - 2012-07-16 11:40 - 75699896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-16 15:24 - 2012-03-26 19:27 - 00000000 ____D C:\Users\<user>\AppData\Roaming\SoftGrid Client
2013-07-16 09:53 - 2012-08-20 17:15 - 00000000 ____D C:\Users\<user>\Documents\Kram
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-16 12:29
==================== End Of Log ============================
Frage: Diese Zeile Code:
ATTFilter S3 catchme; \??\C:\Users\<user>~1\AppData\Local\Temp\catchme.sys [x]
Wie ist das zu bewerten? |
|
22.07.2013, 14:02
| #14 |
| /// the machine /// TB-Ausbilder | Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Java, Adobe und Firefox updaten. Catchme ist Teil eines Rootkitscanners unserer Tools. Also Entwarnung Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Startup: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk
ShortcutTarget: Wuala.lnk -> C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe (LaCie)
C:\Users\<user>\AppData\Roaming\Wuala
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Neues FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.07.2013, 15:29
| #15 |
| | Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) Danke für die Erklärung! Java, Adobe und Firefox habe ich upgedatet. Die Frage nach den Problemen: Wirklich Probleme machte der Rechner vorher auch nicht, außer der Trojanermeldung von Panda. Panda meckert jetzt jedenfalls nicht mehr (Ergebnis nach "optimiertem Scan")! Also aus der Sicht: Keine Probleme! Frage: Da es ja nur ein kleines, rel. leistungsschwaches Netbook ist, hatte ich mich für das (dem Vernehmen nach) ressourcenschonende Panda entschieden. Ich hatte mal Avira, das hat das System zienmlich ausgebremst. Würdest Du für meinen Fall eine andere AntivirenSoftware anstatt Panda empfehlen, die möglichst ressourcenschonend arbeitet? Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-07-2013
Ran by <user> at 2013-07-22 15:58:53 Run:1
Running from C:\Users\<user>\Desktop
Boot Mode: Normal
==============================================
C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk => Moved successfully.
C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe => Moved successfully.
C:\Users\<user>\AppData\Roaming\Wuala => Moved successfully.
==== End of Fixlog ====
Augenscheinlich ist es nach einem Neustart aus dem Autostart und damit aus der Taskleiste verschwunden. Es dient dazu, veränderte Dateien zu erkennen und mit einem Cloud-Dienst zu syncen. FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-07-2013
Ran by <user> (administrator) on 22-07-2013 16:00:00
Running from C:\Users\<user>\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\windows\system32\AsusService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\HotkeyService\HotkeyService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
(ASUS) C:\Program Files\ASUS\CapsHook\CapsHook.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Panda Security) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(syncables, LLC) C:\Program Files\syncables\syncables desktop\syncables.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Microsoft Corporation) C:\windows\system32\msiexec.exe
==================== Registry (Whitelisted) ==================
HKU\Default\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [Reboot] - AsusSender.exe C:\Windows\Reboot.exe 60 [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [AskScreensaver] - C:\Program Files\Asus\AsusScreensaver\AsusScreensaver.exe [ 2011-01-27] (AsusTek Computer Inc.)
iles\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM\...\Run: [Panda Security URL Filtering] - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [217256 2012-03-19] (Panda Security)
HKLM\...\Run: [PSUAMain] - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [37152 2012-07-13] (Panda Security, S.L.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKCU\...\Run: [Syncables] - C:\Program Files\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\tmpnzboc.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========================== Services (Whitelisted) =================
R2 AsusService; C:\windows\system32\AsusService.exe [224680 2011-03-04] ()
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140064 2012-07-13] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [36640 2012-07-13] (Panda Security, S.L.)
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-28] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] ()
R3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [293928 2010-05-21] (Broadcom Corporation.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109960 2010-04-13] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [82472 2012-06-27] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [120744 2012-06-27] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [122664 2012-06-27] (Panda Security, S.L.)
S1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [28712 2012-06-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [93992 2012-06-27] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [60968 2012-06-27] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [104104 2012-06-27] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [286376 2012-06-27] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [153000 2012-06-27] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [106536 2012-06-27] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [206632 2012-07-12] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [92840 2012-06-27] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [148520 2012-07-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [103464 2012-07-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [174632 2012-07-13] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [114216 2012-07-13] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [120872 2012-07-13] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [46280 2011-03-10] (Panda Security)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink)
S3 catchme; \??\C:\Users\<user>~1\AppData\Local\Temp\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2030-01-01 13:50 - 2010-11-20 14:40 - 00383786 __RSH C:\bootmgr
2013-07-22 15:51 - 2013-07-22 15:51 - 00001989 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-07-22 15:50 - 2013-07-22 15:51 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-22 15:38 - 2013-07-22 15:38 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-07-22 15:38 - 2013-07-22 15:37 - 00263592 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-07-22 15:38 - 2013-07-22 15:37 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-07-22 15:38 - 2013-07-22 15:37 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-07-22 15:37 - 2013-07-22 15:37 - 00000000 ____D C:\Program Files\Java
2013-07-22 15:19 - 2011-03-10 18:04 - 00046280 _____ (Panda Security) C:\windows\system32\Drivers\PSKMAD.sys
2013-07-22 09:43 - 2013-07-22 09:43 - 00000000 ____D C:\Program Files\ESET
2013-07-22 09:43 - 2013-07-22 09:40 - 00891062 _____ C:\Users\<user>\Desktop\SecurityCheck.exe
2013-07-22 09:43 - 2013-07-22 09:39 - 02347384 _____ (ESET) C:\Users\<user>\Desktop\esetsmartinstaller_enu.exe
2013-07-21 22:27 - 2013-07-21 22:27 - 00000000 ____D C:\windows\ERUNT
2013-07-21 22:21 - 2013-07-21 22:22 - 00007257 _____ C:\AdwCleaner[S1].txt
2013-07-21 21:44 - 2013-07-21 17:33 - 00666633 _____ C:\Users\<user>\Desktop\adwcleaner.exe
2013-07-21 21:44 - 2013-07-21 17:33 - 00559550 _____ (Oleg N. Scherbakov) C:\Users\<user>\Desktop\JRT.exe
2013-07-21 21:42 - 2013-07-21 17:30 - 05093416 ____R (Swearware) C:\Users\<user>\Desktop\ComboFix.exe
2013-07-20 23:16 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-07-20 23:16 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-07-20 23:16 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-07-20 23:16 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-07-20 23:15 - 2013-07-21 22:15 - 00000000 ____D C:\Qoobox
2013-07-20 23:15 - 2013-07-20 23:57 - 00000000 ____D C:\windows\erdnt
2013-07-20 22:55 - 2013-07-19 21:37 - 01219758 _____ (Farbar) C:\Users\<user>\Desktop\FRST.exe
2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST
2013-07-16 15:38 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-16 15:38 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-16 15:38 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-16 15:38 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-16 15:38 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-16 15:38 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-16 15:37 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-16 15:37 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-16 15:37 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-16 15:37 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-16 15:37 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-16 08:44 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-16 08:44 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-16 08:44 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-16 08:44 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
==================== One Month Modified Files and Folders =======
2030-01-01 13:50 - 2009-07-14 06:57 - 00029696 ___SH C:\windows\system32\config\BCD-Template.LOG
2030-01-01 13:50 - 2009-07-14 06:52 - 00032768 _____ C:\windows\system32\config\BCD-Template
2013-07-22 16:00 - 2012-03-17 12:44 - 00000000 ___RD C:\Users\<user>\Desktop
2013-07-22 15:57 - 2012-03-17 12:44 - 00000000 ____D C:\Users\<user>\AppData\Roaming\Adobe
2013-07-22 15:57 - 2011-04-21 02:57 - 00000000 ____D C:\ProgramData\Adobe
2013-07-22 15:55 - 2012-03-17 12:44 - 00000000 ____D C:\Users\<user>~1\AppData\Local\Adobe
2013-07-22 15:54 - 2012-10-05 21:39 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-22 15:51 - 2013-07-22 15:51 - 00001989 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-07-22 15:51 - 2013-07-22 15:50 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-07-22 15:51 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-22 15:50 - 2011-04-21 02:56 - 00000000 ____D C:\Program Files\Adobe
2013-07-22 15:45 - 2012-10-05 21:39 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-07-22 15:45 - 2012-10-05 21:39 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-22 15:42 - 2012-07-23 23:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-22 15:42 - 2012-07-23 23:10 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-22 15:38 - 2013-07-22 15:38 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-07-22 15:38 - 2009-07-27 12:11 - 01530778 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-22 15:37 - 2013-07-22 15:38 - 00263592 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-07-22 15:37 - 2013-07-22 15:38 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-07-22 15:37 - 2013-07-22 15:38 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-07-22 15:37 - 2013-07-22 15:37 - 00000000 ____D C:\Program Files\Java
2013-07-22 15:37 - 2012-08-02 23:18 - 00867240 _____ (Oracle Corporation) C:\windows\system32\npdeployJava1.dll
2013-07-22 15:37 - 2012-08-02 23:18 - 00789416 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll
2013-07-22 15:27 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-22 15:27 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-22 15:22 - 2012-06-02 01:42 - 00000000 ____D C:\ProgramData\Panda Security URL Filtering
2013-07-22 15:19 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-22 15:19 - 2009-07-14 06:39 - 00089292 _____ C:\windows\setupact.log
2013-07-22 13:57 - 2012-03-18 02:59 - 01713419 _____ C:\windows\WindowsUpdate.log
2013-07-22 09:43 - 2013-07-22 09:43 - 00000000 ____D C:\Program Files\ESET
2013-07-22 09:40 - 2013-07-22 09:43 - 00891062 _____ C:\Users\<user>\Desktop\SecurityCheck.exe
2013-07-22 09:39 - 2013-07-22 09:43 - 02347384 _____ (ESET) C:\Users\<user>\Desktop\esetsmartinstaller_enu.exe
2013-07-21 22:27 - 2013-07-21 22:27 - 00000000 ____D C:\windows\ERUNT
2013-07-21 22:23 - 2011-04-21 02:32 - 00124998 _____ C:\windows\PFRO.log
2013-07-21 22:22 - 2013-07-21 22:21 - 00007257 _____ C:\AdwCleaner[S1].txt
2013-07-21 22:15 - 2013-07-20 23:15 - 00000000 ____D C:\Qoobox
2013-07-21 22:10 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini
2013-07-21 17:33 - 2013-07-21 21:44 - 00666633 _____ C:\Users\<user>\Desktop\adwcleaner.exe
2013-07-21 17:33 - 2013-07-21 21:44 - 00559550 _____ (Oleg N. Scherbakov) C:\Users\<user>\Desktop\JRT.exe
2013-07-21 17:30 - 2013-07-21 21:42 - 05093416 ____R (Swearware) C:\Users\<user>\Desktop\ComboFix.exe
2013-07-21 00:01 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-07-20 23:57 - 2013-07-20 23:15 - 00000000 ____D C:\windows\erdnt
2013-07-20 08:21 - 2013-07-20 08:21 - 00000000 ____D C:\FRST
2013-07-19 21:37 - 2013-07-20 22:55 - 01219758 _____ (Farbar) C:\Users\<user>\Desktop\FRST.exe
2013-07-19 15:24 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-07-19 13:05 - 2012-03-17 12:44 - 00000000 ____D C:\Users\<user>
2013-07-19 13:05 - 2009-07-14 06:53 - 00003150 ____N C:\windows\Tasks\SCHEDLGU.TXT
2013-07-19 09:01 - 2012-08-20 16:55 - 00000000 ____D C:\Users\<user>\Documents\<user>
2013-07-16 18:59 - 2009-07-14 06:33 - 00315344 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-16 18:57 - 2011-04-21 03:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-16 18:57 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-16 15:33 - 2012-07-16 11:40 - 75699896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-16 15:24 - 2012-03-26 19:27 - 00000000 ____D C:\Users\<user>\AppData\Roaming\SoftGrid Client
2013-07-16 09:53 - 2012-08-20 17:15 - 00000000 ____D C:\Users\<user>\Documents\Kram
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-16 12:29
==================== End Of Log ============================
|
|
| Themen zu Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) |
| adobe, antivirus, bho, bingbar, defender, dtcontx.f, error, explorer, failed, firefox, flash player, format, install.exe, installation, logfile, microsoft office starter 2010, mozilla, plug-in, programm, proxy, realtek, registry, rundll, security, software, svchost.exe, temp, trojaner, tunnel, udp, windows, wlansvc |
WARNUNG für die MITLESER: 
Linear-Darstellung
