| |
| |||||||
Log-Analyse und Auswertung: Tr/Dropper.gen und TR/Frill.B.2 von AntiVir entecktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.04.2011, 23:07
| #1 | |||
 |  Tr/Dropper.gen und TR/Frill.B.2 von AntiVir enteckt Schönen guten Abend, jetzt hats mich auch erwischt. AntiVir hat auf meinem Rechner den Virus TR/Dropper.gen gefunden: Zitat:
Auffällig dabei, das bereits vor 2 Tagen die oben erwähnten setup465906240.exe und ähnliche Änderungen auf dem System vornehmen wollten (von win7 gemeldet), was ich, weil ich sie nicht kannte, verweigert habe. Heute dann die erste Meldung von AntiVir und beim durchlaufen lassen von Malewarebytes, dann die 2 weiteren. Malewarebytes lieferte folgende Ergebnisse: Zitat:
Code:
ATTFilter OTL Extras logfile created on: 17.04.2011 23:49:39 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\xxx\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 57,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,92 Gb Total Space | 33,23 Gb Free Space | 22,62% Space Free | Partition Type: NTFS
Drive D: | 78,85 Gb Total Space | 3,99 Gb Free Space | 5,06% Space Free | Partition Type: NTFS
Drive E: | 107,43 Gb Total Space | 15,65 Gb Free Space | 14,57% Space Free | Partition Type: FAT32
Drive F: | 143,82 Gb Total Space | 38,57 Gb Free Space | 26,82% Space Free | Partition Type: NTFS
Drive G: | 7,35 Gb Total Space | 0,98 Gb Free Space | 13,35% Space Free | Partition Type: NTFS
Drive M: | 149,01 Gb Total Space | 57,36 Gb Free Space | 38,49% Space Free | Partition Type: FAT32
Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{158F08C7-7ACE-40D2-A9C3-5818A3EBA23E}_is1" = Linguarde 2.4.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BD9DC95-0815-4659-B8A5-4107A7C46440}" = Mediaraptor
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{69E8BEBD-B3AA-4981-BA49-AD0AEA731031}" = Nero BackItUp 2 Essentials
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"7-Zip" = 7-Zip 9.19 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"facemoods" = Facemoods Toolbar
"Free Download Manager_is1" = Free Download Manager 3.0
"ImageMagick 6.6.7 Q16_is1" = ImageMagick 6.6.7-0 Q16 (2011-01-15)
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Miranda IM" = Miranda IM 0.9.11
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"R for Windows 2.12.1_is1" = R for Windows 2.12.1
"Recuva" = Recuva
"Steam App 8930" = Sid Meier's Civilization V
"TeamViewer 6" = TeamViewer 6
"TeraCopy_is1" = TeraCopy 2.12
"TYPO3Winstaller_4.4.6" = TYPO3Winstaller - TYPO3 4.4.6
"VLC media player" = VLC media player 1.1.7
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 31.03.2011 09:10:32 | Computer Name = xxx-PC | Source = RasClient | ID = 20227
Description =
Error - 31.03.2011 09:12:31 | Computer Name = xxx-PC | Source = RasClient | ID = 20227
Description =
Error - 31.03.2011 10:11:58 | Computer Name = xxx-PC | Source = RasClient | ID = 20227
Description =
Error - 31.03.2011 15:31:36 | Computer Name = xxx-PC | Source = RasClient | ID = 20227
Description =
Error - 31.03.2011 15:31:36 | Computer Name = xxx-PC | Source = RasClient | ID = 20227
Description =
Error - 04.04.2011 08:56:07 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 10.0.1.434,
Zeitstempel: 0x4d456f48 Name des fehlerhaften Moduls: AcroRd32.dll, Version: 10.0.1.434,
Zeitstempel: 0x4d457cd0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00461c77 ID des fehlerhaften
Prozesses: 0x464 Startzeit der fehlerhaften Anwendung: 0x01cbf2be0e1e7440 Pfad der
fehlerhaften Anwendung: C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe Pfad
des fehlerhaften Moduls: C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.dll
Berichtskennung:
e7f3d4cc-5eba-11e0-8d9e-001d601316f3
Error - 04.04.2011 11:56:10 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 10.0.1.434,
Zeitstempel: 0x4d456f48 Name des fehlerhaften Moduls: AcroRd32.dll, Version: 10.0.1.434,
Zeitstempel: 0x4d457cd0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000674f8 ID des fehlerhaften
Prozesses: 0x134c Startzeit der fehlerhaften Anwendung: 0x01cbf2c7b77f15e0 Pfad der
fehlerhaften Anwendung: C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe Pfad
des fehlerhaften Moduls: C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.dll
Berichtskennung:
0eb6b700-5ed4-11e0-8d9e-001d601316f3
Error - 13.04.2011 08:05:12 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Kies_2.0.0.11011_16_5(2).exe, Version:
16.0.0.400, Zeitstempel: 0x4ab8598a Name des fehlerhaften Moduls: ISSetup.dll, Version:
16.0.0.400, Zeitstempel: 0x4ab84b86 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000a3399
ID
des fehlerhaften Prozesses: 0xed0 Startzeit der fehlerhaften Anwendung: 0x01cbf9d2673c6dc8
Pfad
der fehlerhaften Anwendung: C:\Downloads\kies\Kies_2.0.0.11011_16_5(2).exe Pfad
des fehlerhaften Moduls: C:\Users\xxx\AppData\Local\Temp\{FDA4D229-88B0-4499-9E73-9D3E50925A0A}\ISSetup.dll
Berichtskennung:
48c59468-65c6-11e0-b011-001d601316f3
Error - 13.04.2011 08:48:41 | Computer Name = xxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NBKeyScan.exe, Version: 2.7.7.3,
Zeitstempel: 0x465590fe Name des fehlerhaften Moduls: JMUsbDll.dll, Version: 1.0.8.2,
Zeitstempel: 0x45efb96d Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000afaf ID des fehlerhaften
Prozesses: 0x774 Startzeit der fehlerhaften Anwendung: 0x01cbf9c752988b00 Pfad der
fehlerhaften Anwendung: C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Nero\Nero 7\Nero BackItUp\JMUsbDll.dll
Berichtskennung:
5b5c8658-65cc-11e0-b011-001d601316f3
Error - 14.04.2011 18:53:16 | Computer Name = xxx-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.4095 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 11b0 Startzeit:
01cbfa931e800ce0 Endzeit: 150 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
f73bf631-66e9-11e0-995d-001d601316f3
[ System Events ]
Error - 14.04.2011 21:28:08 | Computer Name = xxx-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 14.04.2011 21:28:08 | Computer Name = xxx-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 15.04.2011 06:30:37 | Computer Name = xxx-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 15.04.2011 06:30:37 | Computer Name = xxx-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 15.04.2011 23:17:49 | Computer Name = xxx-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 15.04.2011 23:17:49 | Computer Name = xxx-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 16.04.2011 08:40:11 | Computer Name = xxx-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 16.04.2011 08:40:11 | Computer Name = xxx-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 17.04.2011 05:02:18 | Computer Name = xxx-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 17.04.2011 05:02:18 | Computer Name = xxx-PC | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.04.2011 23:49:39 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\xxx\Desktop An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 57,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 146,92 Gb Total Space | 33,23 Gb Free Space | 22,62% Space Free | Partition Type: NTFS Drive D: | 78,85 Gb Total Space | 3,99 Gb Free Space | 5,06% Space Free | Partition Type: NTFS Drive E: | 107,43 Gb Total Space | 15,65 Gb Free Space | 14,57% Space Free | Partition Type: FAT32 Drive F: | 143,82 Gb Total Space | 38,57 Gb Free Space | 26,82% Space Free | Partition Type: NTFS Drive G: | 7,35 Gb Total Space | 0,98 Gb Free Space | 13,35% Space Free | Partition Type: NTFS Drive M: | 149,01 Gb Total Space | 57,36 Gb Free Space | 38,49% Space Free | Partition Type: FAT32 Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Linguarde\linguarde.exe (MindSpec Corporation) PRC - C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Programme\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG) ========== Modules (SafeList) ========== MOD - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation) DRV - (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) -- C:\Windows\System32\drivers\ssceserd.sys (MCCI Corporation) DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddr IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 5D 79 3C 0E E8 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.sueden-09.de/forum/phpBB3/index.php?sid=b5a1a8f3013d83249af0b472246131a1" FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.02.18 FF - prefs.js..extensions.enabledItems: My-Translator@eugenche.com:0.2.3 FF - HKLM\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.03.07 13:20:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 13:00:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 13:00:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.03.06 21:18:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.11.16 20:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions [2010.11.16 20:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.04.17 11:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\1alpbvzx.default\extensions [2011.03.07 18:09:23 | 000,000,000 | ---D | M] (My-Translator) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\1alpbvzx.default\extensions\My-Translator@eugenche.com [2010.12.18 14:38:22 | 000,000,000 | ---D | M] (vShare) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\1alpbvzx.default\extensions\vshare@toolbar [2011.02.24 20:42:47 | 000,001,997 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\1alpbvzx.default\searchplugins\wolframalpha.xml [2010.12.27 22:18:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.12.27 22:18:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.12.10 19:21:48 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION [2010.12.27 22:18:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.07 13:20:17 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2010.12.27 22:18:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.10.27 07:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.27 07:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.24 15:27:28 | 000,002,046 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchddr.xml [2010.10.27 07:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.27 07:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.27 07:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll (facemoods.com) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKCU..\Run: [{FA90A000-FDBE-A938-0DAA-CB46E10118EB}] C:\Users\xxx\AppData\Roaming\Safox\anku.exe () O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [Linguarde] C:\Program Files\Linguarde\linguarde.exe (MindSpec Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.06.20 15:50:58 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O32 - Unable to obtain root file information for disk M:\ O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.17 23:44:26 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2011.04.17 23:32:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Avira [2011.04.17 19:20:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2011.04.17 19:20:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.17 19:20:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.17 19:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.17 19:20:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.17 19:20:00 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.17 19:18:21 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\xxx\Desktop\mbam-setup.exe [2011.04.15 03:04:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.04.14 21:30:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Safox [2011.04.14 21:30:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Nebi [2011.04.14 13:05:42 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.14 13:05:42 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.14 13:05:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.14 13:05:38 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.14 13:05:38 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.14 13:05:30 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.14 13:05:30 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.14 13:05:30 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.14 13:05:30 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.14 13:05:30 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.14 13:05:30 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.14 13:05:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.14 13:05:30 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.14 13:05:30 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.14 13:05:30 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.14 13:05:30 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.14 13:05:01 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.14 13:04:55 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe [2011.04.14 13:04:52 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.04.14 13:04:46 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.14 13:04:46 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.13 14:18:17 | 000,000,000 | ---D | C] -- C:\Temp [2011.04.13 14:11:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32 [2011.04.13 14:09:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Samsung [2011.04.13 14:08:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\samsung [2011.04.13 14:06:18 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscemdm.sys [2011.04.13 14:06:18 | 000,100,352 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssceserd.sys [2011.04.13 14:06:18 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscemdfl.sys [2011.04.13 14:06:18 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscewhnt.sys [2011.04.13 14:06:18 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscewh.sys [2011.04.13 14:06:17 | 000,098,560 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscebus.sys [2011.04.13 14:06:17 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscecmnt.sys [2011.04.13 14:06:17 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscecm.sys [2011.04.13 14:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2011.04.13 14:04:59 | 000,222,568 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe [2011.04.13 14:04:45 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll [2011.04.13 14:04:29 | 000,820,560 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll [2011.04.13 14:04:29 | 000,000,000 | ---D | C] -- C:\Programme\MarkAny [2011.04.13 14:03:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Samsung [2011.04.13 14:03:13 | 000,000,000 | ---D | C] -- C:\Programme\Samsung [2011.04.13 14:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2011.04.13 14:01:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Downloaded Installations [2011.04.01 00:43:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Damit [2011.03.30 20:22:42 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Bilder Weihnachtsfeier VideoTown [2011.03.24 17:23:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\MindSpec [2011.03.24 17:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MindSpec [2011.03.24 17:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Linguarde [2011.03.24 17:22:59 | 000,000,000 | ---D | C] -- C:\Programme\Linguarde [2011.03.24 15:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader [2011.03.24 15:27:27 | 000,000,000 | ---D | C] -- C:\Programme\facemoods.com [2011.03.24 15:27:22 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader [2011.03.23 13:21:32 | 000,000,000 | ---D | C] -- C:\Programme\PixiePack Codec Pack [2011.03.23 13:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution [2011.03.23 13:20:38 | 000,000,000 | ---D | C] -- C:\Programme\Mediaraptor 4 [2011.03.23 13:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mediaraptor 4 [2011.03.23 13:17:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\RapidSolution ========== Files - Modified Within 30 Days ========== [2011.04.17 23:47:07 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\bxik.sys [2011.04.17 23:44:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2011.04.17 23:28:12 | 000,109,165 | ---- | M] () -- C:\Users\xxx\Desktop\trojaner.JPG [2011.04.17 23:07:04 | 000,027,401 | ---- | M] () -- C:\Users\xxx\Desktop\Gebrauchtwagen-Kaufvertrag.pdf [2011.04.17 23:01:29 | 000,013,203 | ---- | M] () -- C:\Users\xxx\Desktop\autokaufvertrag.pdf [2011.04.17 22:37:33 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.17 22:37:33 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.17 22:37:33 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.17 22:37:33 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.17 19:20:04 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.17 19:18:28 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\xxx\Desktop\mbam-setup.exe [2011.04.17 11:10:01 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.17 11:10:01 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.17 11:02:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.17 11:02:14 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys [2011.04.16 16:25:13 | 000,737,464 | ---- | M] () -- C:\Users\xxx\Desktop\US1-13.SSW.jpg [2011.04.16 16:15:04 | 000,203,583 | ---- | M] () -- C:\Users\xxx\Desktop\US3-13.SSW.jpg [2011.04.16 16:13:34 | 000,194,378 | ---- | M] () -- C:\Users\xxx\Desktop\US2-13.SSW.jpg [2011.04.16 16:03:52 | 001,159,232 | ---- | M] () -- C:\Users\xxx\Desktop\US-13.SSW.JPG [2011.04.15 03:28:12 | 000,337,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.13 14:13:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_wpdcomp_01_09_00.Wdf [2011.04.13 14:12:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.04.13 14:07:27 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2011.03.28 17:18:45 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011.03.26 19:16:27 | 000,055,732 | ---- | M] () -- C:\Users\xxx\Desktop\aok_beitraege.JPG [2011.03.24 17:23:00 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Linguarde.lnk [2011.03.24 16:33:58 | 000,001,467 | ---- | M] () -- C:\Users\xxx\Desktop\Studienarbeit xxx.lnk [2011.03.24 15:28:00 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk [2011.03.24 13:57:35 | 000,052,644 | ---- | M] () -- C:\Users\xxx\Desktop\imma ss20110001.jpg [2011.03.23 13:21:01 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\Mediaraptor 4.lnk ========== Files Created - No Company Name ========== [2011.04.17 23:47:07 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\bxik.sys [2011.04.17 23:28:10 | 000,109,165 | ---- | C] () -- C:\Users\xxx\Desktop\trojaner.JPG [2011.04.17 23:06:59 | 000,027,401 | ---- | C] () -- C:\Users\xxx\Desktop\Gebrauchtwagen-Kaufvertrag.pdf [2011.04.17 23:01:24 | 000,013,203 | ---- | C] () -- C:\Users\xxx\Desktop\autokaufvertrag.pdf [2011.04.17 19:20:04 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.16 16:13:33 | 000,203,583 | ---- | C] () -- C:\Users\xxx\Desktop\US3-13.SSW.jpg [2011.04.16 15:56:33 | 001,159,232 | ---- | C] () -- C:\Users\xxx\Desktop\US-13.SSW.JPG [2011.04.16 15:56:33 | 000,194,378 | ---- | C] () -- C:\Users\xxx\Desktop\US2-13.SSW.jpg [2011.04.16 15:55:58 | 000,737,464 | ---- | C] () -- C:\Users\xxx\Desktop\US1-13.SSW.jpg [2011.04.13 14:13:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_wpdcomp_01_09_00.Wdf [2011.04.13 14:12:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.04.13 14:07:27 | 000,001,936 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2011.04.13 14:04:59 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.04.13 14:04:59 | 000,042,112 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011.03.28 17:18:41 | 000,196,608 | ---- | C] () -- C:\Windows\System32\Ikeext.etl [2011.03.26 19:16:26 | 000,055,732 | ---- | C] () -- C:\Users\xxx\Desktop\aok_beitraege.JPG [2011.03.24 17:23:00 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\Linguarde.lnk [2011.03.24 16:33:37 | 000,001,467 | ---- | C] () -- C:\Users\xxx\Desktop\Studienarbeit xxx.lnk [2011.03.24 15:28:00 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk [2011.03.24 13:57:35 | 000,052,644 | ---- | C] () -- C:\Users\xxx\Desktop\imma ss20110001.jpg [2011.03.23 13:21:01 | 000,000,982 | ---- | C] () -- C:\Users\Public\Desktop\Mediaraptor 4.lnk [2011.01.04 16:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.01.04 16:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.01.04 16:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.01.04 16:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.01.04 16:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.11.15 20:22:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.11.25 14:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.07.14 10:47:43 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,337,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.18 20:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.02.18 18:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2009.02.03 21:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe < End of report > Ich würde mich wirklich sehr freuen, wenn sich einer von euch Profis das mal ansehen könnte, bevor ich vielleicht unnötig, meine Systempartition neu aufsetzten muß. Ich hoffe ich habe nichts wichtiges vergessen. Vielen Dank schonmal Nachtrag von heute früh: Zitat:
 |
|
18.04.2011, 14:20
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Tr/Dropper.gen und TR/Frill.B.2 von AntiVir enteckt Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
18.04.2011, 14:27
| #3 |
| | Tr/Dropper.gen und TR/Frill.B.2 von AntiVir enteckt Nein, da gibt es nur die eine. Sollten es mehrere sein?
__________________ |
|
18.04.2011, 14:47
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tr/Dropper.gen und TR/Frill.B.2 von AntiVir entecktZitat:
Wenn du nur einen Scan gemacht hast, kann es natürlich auch nur ein Log geben!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.04.2011, 14:49
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tr/Dropper.gen und TR/Frill.B.2 von AntiVir enteckt Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
[2011.04.17 23:47:07 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\bxik.sys
[2011.04.14 21:30:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Safox
[2011.04.14 21:30:12 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Nebi
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.06.20 15:50:58 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O4 - HKCU..\Run: [{FA90A000-FDBE-A938-0DAA-CB46E10118EB}] C:\Users\xxx\AppData\Roaming\Safox\anku.exe ()
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.04.2011, 14:52
| #6 | |
| | Tr/Dropper.gen und TR/Frill.B.2 von AntiVir enteckt Achso. Nein, habe nur den einen Scan durchgeführt. Da AntiVir mir nun schon wieder einen neuen Fund meldet, habe ich mich jetzt dazu entschieden ein älteres Systemabbild wieder herzustellen. Danach lase ich Malewarebytes und OTL nochmal durchlaufen und poste hier nochmal. Zitat:
|
|
18.04.2011, 15:12
| #7 |
| | Tr/Dropper.gen und TR/Frill.B.2 von AntiVir enteckt Ok, also OTL-Fix durchgeführt. Wurde als Benutzer abgemeldet, nach Anmeldung lagen keine Logs von OTL vor. Habe dann nochmal einen Scan durchgeführt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.04.2011 16:07:11 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Robert\Desktop An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 146,92 Gb Total Space | 32,98 Gb Free Space | 22,45% Space Free | Partition Type: NTFS Drive D: | 78,85 Gb Total Space | 3,99 Gb Free Space | 5,06% Space Free | Partition Type: NTFS Drive E: | 107,43 Gb Total Space | 15,65 Gb Free Space | 14,57% Space Free | Partition Type: FAT32 Drive F: | 143,82 Gb Total Space | 19,20 Gb Free Space | 13,35% Space Free | Partition Type: NTFS Drive G: | 7,35 Gb Total Space | 0,98 Gb Free Space | 13,35% Space Free | Partition Type: NTFS Drive M: | 149,01 Gb Total Space | 2,34 Gb Free Space | 1,57% Space Free | Partition Type: FAT32 Computer Name: ROBERT-PC | User Name: Robert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Robert\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Linguarde\linguarde.exe (MindSpec Corporation) PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Programme\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG) ========== Modules (SafeList) ========== MOD - C:\Users\Robert\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation) DRV - (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) -- C:\Windows\System32\drivers\ssceserd.sys (MCCI Corporation) DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 5D 79 3C 0E E8 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.sueden-09.de/forum/phpBB3/index.php?sid=b5a1a8f3013d83249af0b472246131a1" FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.02.18 FF - prefs.js..extensions.enabledItems: My-Translator@eugenche.com:0.2.3 FF - HKLM\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.03.07 13:20:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 13:00:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 13:00:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.03.06 21:18:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.11.16 20:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\mozilla\Extensions [2010.11.16 20:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.04.18 11:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\mozilla\Firefox\Profiles\1alpbvzx.default\extensions [2011.03.07 18:09:23 | 000,000,000 | ---D | M] (My-Translator) -- C:\Users\Robert\AppData\Roaming\mozilla\Firefox\Profiles\1alpbvzx.default\extensions\My-Translator@eugenche.com [2010.12.18 14:38:22 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Robert\AppData\Roaming\mozilla\Firefox\Profiles\1alpbvzx.default\extensions\vshare@toolbar [2011.02.24 20:42:47 | 000,001,997 | ---- | M] () -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\1alpbvzx.default\searchplugins\wolframalpha.xml [2010.12.27 22:18:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.12.27 22:18:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.12.10 19:21:48 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION [2010.12.27 22:18:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.07 13:20:17 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2010.12.27 22:18:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.10.27 07:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.27 07:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.24 15:27:28 | 000,002,046 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchddr.xml [2010.10.27 07:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.27 07:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.27 07:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.04.18 16:02:36 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll (facemoods.com) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [Linguarde] C:\Program Files\Linguarde\linguarde.exe (MindSpec Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.02.27 13:56:48 | 000,000,119 | ---- | M] () - M:\Autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.18 16:02:35 | 000,000,000 | ---D | C] -- C:\_OTL [2011.04.17 23:44:26 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe [2011.04.17 23:32:12 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Avira [2011.04.17 19:20:09 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Malwarebytes [2011.04.17 19:20:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.17 19:20:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.17 19:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.17 19:20:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.17 19:20:00 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.17 19:18:21 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Robert\Desktop\mbam-setup.exe [2011.04.15 03:04:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.04.13 14:18:17 | 000,000,000 | ---D | C] -- C:\Temp [2011.04.13 14:11:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32 [2011.04.13 14:09:09 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Samsung [2011.04.13 14:08:57 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\samsung [2011.04.13 14:06:18 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscemdm.sys [2011.04.13 14:06:18 | 000,100,352 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssceserd.sys [2011.04.13 14:06:18 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscemdfl.sys [2011.04.13 14:06:18 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscewhnt.sys [2011.04.13 14:06:18 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscewh.sys [2011.04.13 14:06:17 | 000,098,560 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscebus.sys [2011.04.13 14:06:17 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscecmnt.sys [2011.04.13 14:06:17 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscecm.sys [2011.04.13 14:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2011.04.13 14:04:59 | 000,222,568 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe [2011.04.13 14:04:45 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll [2011.04.13 14:04:29 | 000,820,560 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll [2011.04.13 14:04:29 | 000,000,000 | ---D | C] -- C:\Programme\MarkAny [2011.04.13 14:03:13 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Samsung [2011.04.13 14:03:13 | 000,000,000 | ---D | C] -- C:\Programme\Samsung [2011.04.13 14:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2011.04.13 14:01:24 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Downloaded Installations [2011.04.01 00:43:56 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\Damit [2011.03.30 20:22:42 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\Bilder Weihnachtsfeier VideoTown [2011.03.24 17:23:09 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\MindSpec [2011.03.24 17:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MindSpec [2011.03.24 17:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Linguarde [2011.03.24 17:22:59 | 000,000,000 | ---D | C] -- C:\Programme\Linguarde [2011.03.24 15:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader [2011.03.24 15:27:27 | 000,000,000 | ---D | C] -- C:\Programme\facemoods.com [2011.03.24 15:27:22 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader [2011.03.23 13:21:32 | 000,000,000 | ---D | C] -- C:\Programme\PixiePack Codec Pack [2011.03.23 13:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution [2011.03.23 13:20:38 | 000,000,000 | ---D | C] -- C:\Programme\Mediaraptor 4 [2011.03.23 13:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mediaraptor 4 [2011.03.23 13:17:46 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\RapidSolution ========== Files - Modified Within 30 Days ========== [2011.04.18 16:06:16 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.18 16:06:16 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.18 16:02:36 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2011.04.18 15:58:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.18 15:58:32 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys [2011.04.18 14:30:49 | 000,705,056 | ---- | M] () -- C:\Users\Robert\Desktop\zulassungantrag__2011.pdf [2011.04.17 23:44:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe [2011.04.17 23:28:12 | 000,109,165 | ---- | M] () -- C:\Users\Robert\Desktop\trojaner.JPG [2011.04.17 23:07:04 | 000,027,401 | ---- | M] () -- C:\Users\Robert\Desktop\Gebrauchtwagen-Kaufvertrag.pdf [2011.04.17 23:01:29 | 000,013,203 | ---- | M] () -- C:\Users\Robert\Desktop\autokaufvertrag.pdf [2011.04.17 22:37:33 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.17 22:37:33 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.17 22:37:33 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.17 22:37:33 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.17 19:20:04 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.17 19:18:28 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Robert\Desktop\mbam-setup.exe [2011.04.16 16:25:13 | 000,737,464 | ---- | M] () -- C:\Users\Robert\Desktop\US1-13.SSW.jpg [2011.04.16 16:15:04 | 000,203,583 | ---- | M] () -- C:\Users\Robert\Desktop\US3-13.SSW.jpg [2011.04.16 16:13:34 | 000,194,378 | ---- | M] () -- C:\Users\Robert\Desktop\US2-13.SSW.jpg [2011.04.16 16:03:52 | 001,159,232 | ---- | M] () -- C:\Users\Robert\Desktop\US-13.SSW.JPG [2011.04.15 03:28:12 | 000,337,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.13 14:13:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_wpdcomp_01_09_00.Wdf [2011.04.13 14:12:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.04.13 14:07:27 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2011.03.28 17:18:45 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011.03.26 19:16:27 | 000,055,732 | ---- | M] () -- C:\Users\Robert\Desktop\aok_beitraege.JPG [2011.03.24 17:23:00 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Linguarde.lnk [2011.03.24 16:33:58 | 000,001,467 | ---- | M] () -- C:\Users\Robert\Desktop\Studienarbeit Robert.lnk [2011.03.24 15:28:00 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk [2011.03.24 13:57:35 | 000,052,644 | ---- | M] () -- C:\Users\Robert\Desktop\imma ss20110001.jpg [2011.03.23 13:21:01 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\Mediaraptor 4.lnk ========== Files Created - No Company Name ========== [2011.04.18 14:30:49 | 000,705,056 | ---- | C] () -- C:\Users\Robert\Desktop\zulassungantrag__2011.pdf [2011.04.17 23:28:10 | 000,109,165 | ---- | C] () -- C:\Users\Robert\Desktop\trojaner.JPG [2011.04.17 23:06:59 | 000,027,401 | ---- | C] () -- C:\Users\Robert\Desktop\Gebrauchtwagen-Kaufvertrag.pdf [2011.04.17 23:01:24 | 000,013,203 | ---- | C] () -- C:\Users\Robert\Desktop\autokaufvertrag.pdf [2011.04.17 19:20:04 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.16 16:13:33 | 000,203,583 | ---- | C] () -- C:\Users\Robert\Desktop\US3-13.SSW.jpg [2011.04.16 15:56:33 | 001,159,232 | ---- | C] () -- C:\Users\Robert\Desktop\US-13.SSW.JPG [2011.04.16 15:56:33 | 000,194,378 | ---- | C] () -- C:\Users\Robert\Desktop\US2-13.SSW.jpg [2011.04.16 15:55:58 | 000,737,464 | ---- | C] () -- C:\Users\Robert\Desktop\US1-13.SSW.jpg [2011.04.13 14:13:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_wpdcomp_01_09_00.Wdf [2011.04.13 14:12:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.04.13 14:07:27 | 000,001,936 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2011.04.13 14:04:59 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.04.13 14:04:59 | 000,042,112 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011.03.28 17:18:41 | 000,196,608 | ---- | C] () -- C:\Windows\System32\Ikeext.etl [2011.03.26 19:16:26 | 000,055,732 | ---- | C] () -- C:\Users\Robert\Desktop\aok_beitraege.JPG [2011.03.24 17:23:00 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\Linguarde.lnk [2011.03.24 16:33:37 | 000,001,467 | ---- | C] () -- C:\Users\Robert\Desktop\Studienarbeit Robert.lnk [2011.03.24 15:28:00 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk [2011.03.24 13:57:35 | 000,052,644 | ---- | C] () -- C:\Users\Robert\Desktop\imma ss20110001.jpg [2011.03.23 13:21:01 | 000,000,982 | ---- | C] () -- C:\Users\Public\Desktop\Mediaraptor 4.lnk [2011.01.04 16:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.01.04 16:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.01.04 16:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.01.04 16:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.01.04 16:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.11.15 20:22:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.11.25 14:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.07.14 10:47:43 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,337,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.18 20:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.02.18 18:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2009.02.03 21:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe ========== LOP Check ========== [2010.12.27 22:37:10 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\.visualvm [2011.01.13 20:28:31 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Canneverbe Limited [2011.04.16 15:56:33 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Canon [2011.04.18 15:56:51 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Free Download Manager [2010.12.06 17:21:02 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\IrfanView [2011.03.24 17:23:09 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\MindSpec [2010.11.28 16:45:24 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Miranda [2011.03.11 18:26:23 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\PMS [2011.04.13 14:03:13 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Samsung [2011.03.08 00:10:47 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Swiss Academic Software [2011.03.01 11:58:58 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\TeamViewer [2011.04.18 13:34:19 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\TeraCopy [2010.11.16 20:04:57 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Thunderbird [2011.03.11 20:41:38 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\WordToPDF [2011.02.16 13:07:50 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
18.04.2011, 15:42
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tr/Dropper.gen und TR/Frill.B.2 von AntiVir enteckt Das Fixlog sollte in C:\_OTL zu finden sein.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.04.2011, 16:03
| #9 |
| | Tr/Dropper.gen und TR/Frill.B.2 von AntiVir enteckt Leider nein, da sind zwar ein paar Ordner angelegt (C_, C_Windows, C_Users, D_), aber keine Log-Files. Soll ich den OTL Fix nochmal durchlaufen lassen? |
|
18.04.2011, 16:10
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tr/Dropper.gen und TR/Frill.B.2 von AntiVir enteckt Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen! 2.) Ordner C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.04.2011, 16:22
| #11 | |
| | Tr/Dropper.gen und TR/Frill.B.2 von AntiVir enteckt Erledigt. Hatte vorher noch einen MWB-Quickscan durchgeführt, falls der dir noch hilft (beim helfen - dank dir übrigens vielmals): Zitat:
|
|
18.04.2011, 16:29
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tr/Dropper.gen und TR/Frill.B.2 von AntiVir enteckt Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.04.2011, 16:37
| #13 | |
| | Tr/Dropper.gen und TR/Frill.B.2 von AntiVir enteckt Durchgeführt: Edit: Unhide war nicht nötig. Zitat:
|
|
18.04.2011, 16:40
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tr/Dropper.gen und TR/Frill.B.2 von AntiVir enteckt Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.04.2011, 18:15
| #15 |
| | Tr/Dropper.gen und TR/Frill.B.2 von AntiVir enteckt Tja also der CCleaner lief problemlos durch, bin genau nach Anleitung vorgegangen. Combofix kam das Blaue Fenster und das das System gescannt wird. Dann ist 1 Stunde lang nichts passiert und ich hab versucht es abzubrechen, konnte aber nicht mal den Prozess killen. Internetverbindung war down, nur Neustart hat geholfen  Ich starte cofi jetzt nochmal... |
|
| Themen zu Tr/Dropper.gen und TR/Frill.B.2 von AntiVir enteckt |
| 7-zip, adobe, antivir, autorun, avgntflt.sys, avira, bho, defender, document, error, excel, excel.exe, explorer, flash player, format, free download, google, install.exe, jdownloader, langs, location, logfile, malware.packer, microsoft office word, mozilla, mozilla thunderbird, object, oldtimer, otl.exe, plug-in, pup.keylogger, recuva, registry, rootkit.tdss.gen, rundll, saver, scan, sched.exe, searchplugins, security, shell32.dll, software, start menu, system, taskhost.exe, temp, tr/dropper.gen, usb, virus, webcheck |
Linear-Darstellung
