| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: RKIT/agent.depg.1, Spy.Banker.Gen und andere ...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.07.2012, 15:13
| #1 |
 |  RKIT/agent.depg.1, Spy.Banker.Gen und andere ... Hallo Trojaner-Boarder! ich hoffe, Ihr könnt mir helfen. Auf unserem Rechner scheinen sich Schädlinge auszubreiten. Ich habe bisher folgendes gemacht: Jeden Abend prüft Avira Free Antivirus und findet fast täglich seit ca. einer Woche Malware. Bisher habe ich die Dateien dann immer in Quarantäne geschoben, nicht gelöscht. Heute habe ich den neuesten Fund mal gegoogelt (RKIT/agent.depg.1 in BAcroIEHelpe171.dll) und bin so zu Euch gekommen, weil ein anderer User hier exakt das Problem hat. So habe ich dann auch zunächst, das getan, was ihm hier geraten wurde: 1. Vollscan mit Malwarebytes Anti-Malware, 9 Funde in Quarantäne verschoben 2. Systemscan mit OTL Ich hoffe, ich habe alles richtig gemacht, auch bzgl. des Postings hier. Wie kann ich jetzt weitermachen? Vielen Dank jetzt schon für Eure Mühen :-) Kathrin Hier die Logfiles: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.20.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Katinka :: KATINKA-PC [Administrator] Schutz: Aktiviert 20.07.2012 13:23:26 mbam-log-2012-07-20 (15-29-22).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 485774 Laufzeit: 2 Stunde(n), 4 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Trojan.Agent) -> Daten: C:\Users\Katinka\AppData\Roaming\appconf32.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 8 C:\Users\Katrin\AppData\Roaming\ntuser.dat (Misused.Legit) -> Keine Aktion durchgeführt. D:\Downloads\SmileyCentralPFSetup2.3.50.45.ZNfox000.exe (PUP.MyWebSearch) -> Keine Aktion durchgeführt. H:\Sicherung alter PC Stand 280110\Sicherung Eigene Dateien\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\i23lyo5g.default\Cache\D0AEA429d01 (PUP.MyWebSearch) -> Keine Aktion durchgeführt. H:\Sicherung alter PC Stand 280110\Sicherung Laufwerk D\Downloads\SmileyCentralPFSetup2.3.50.45.ZNfox000.exe (PUP.MyWebSearch) -> Keine Aktion durchgeführt. H:\Sicherung Laufwek D\Downloads\SmileyCentralPFSetup2.3.50.45.ZNfox000.exe (PUP.MyWebSearch) -> Keine Aktion durchgeführt. C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Keine Aktion durchgeführt. C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Keine Aktion durchgeführt. C:\Windows\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Keine Aktion durchgeführt. (Ende) ______________________________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.07.2012 15:38:59 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Katinka\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,61% Memory free 4,00 Gb Paging File | 2,77 Gb Available in Paging File | 69,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 150,04 Gb Total Space | 111,55 Gb Free Space | 74,34% Space Free | Partition Type: NTFS Drive D: | 108,88 Gb Total Space | 102,74 Gb Free Space | 94,36% Space Free | Partition Type: NTFS Drive E: | 39,06 Gb Total Space | 35,30 Gb Free Space | 90,38% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive H: | 232,88 Gb Total Space | 176,72 Gb Free Space | 75,88% Space Free | Partition Type: NTFS Computer Name: KATINKA-PC | User Name: Katinka | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Katinka\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe (Adobe Systems, Inc.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\ASUS\WLAN Card Utilities\Center.exe (ASUSTeK COMPUTER INC.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\ASUS\WLAN Card Utilities\ASWLCCSVC.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\Katinka\AppData\Roaming\13001.027\components\AcroFF027.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ASWLCCSvc) -- C:\Programme\ASUS\WLAN Card Utilities\ASWLCCSVC.exe () SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (RkHit) -- C:\Windows\system32\drivers\RKHit.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (PCASp50) -- C:\Windows\System32\drivers\PcaSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 5F 50 EF A1 5F CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.02.10 22:37:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 02:41:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.11 01:11:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.19 11:33:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.19 11:33:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.19 11:33:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.19 11:33:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.19 11:33:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.19 11:33:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.19 11:33:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.19 11:33:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.19 11:33:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.19 11:33:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.19 11:33:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.19 11:33:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.19 11:33:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.19 11:33:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.19 11:33:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Katinka\AppData\Roaming\13001.027 [2012.07.18 12:36:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 02:41:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.11 01:11:11 | 000,000,000 | ---D | M] [2012.05.12 12:59:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katinka\AppData\Roaming\mozilla\Extensions [2012.07.14 02:31:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katinka\AppData\Roaming\mozilla\Firefox\Profiles\taoop2g5.default\extensions [2012.07.14 02:31:12 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Katinka\AppData\Roaming\mozilla\Firefox\Profiles\taoop2g5.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.05.02 22:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.18 12:36:56 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\KATINKA\APPDATA\ROAMING\13001.027 [2012.06.16 02:41:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.03 16:03:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.01.29 19:21:33 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2011.05.07 00:50:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.07 00:50:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.05.07 00:50:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.05.07 00:50:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.07 00:50:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.07 00:50:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Control Center] C:\Programme\ASUS\WLAN Card Utilities\CenterAgent.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2592A00C-BF48-485F-99FA-3558E9C5DE43}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D91AA26A-92FE-462A-9F30-7FB7D71ED2D5}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.20 15:36:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Katinka\Desktop\OTL.exe [2012.07.20 15:34:37 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.07.20 13:22:07 | 000,000,000 | ---D | C] -- C:\Users\Katinka\AppData\Roaming\Malwarebytes [2012.07.20 13:21:55 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.20 13:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.20 13:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.20 13:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.18 12:36:56 | 000,000,000 | ---D | C] -- C:\Users\Katinka\AppData\Roaming\13001.027 [2012.07.17 17:48:17 | 000,000,000 | ---D | C] -- C:\Users\Katinka\AppData\Roaming\13001.026 [2012.07.14 21:05:29 | 000,000,000 | ---D | C] -- C:\Users\Katinka\AppData\Roaming\13001.025 [2012.07.14 02:31:15 | 000,000,000 | ---D | C] -- C:\Users\Katinka\AppData\Roaming\QuickScan [2012.07.14 02:10:12 | 000,000,000 | ---D | C] -- C:\Users\Katinka\AppData\Roaming\Curiolab [2012.07.13 17:03:10 | 000,000,000 | ---D | C] -- C:\Users\Katinka\AppData\Roaming\13001.024 [2012.07.13 00:07:08 | 000,000,000 | ---D | C] -- C:\Users\Katinka\AppData\Roaming\13001.023 [2012.07.13 00:06:39 | 000,000,000 | ---D | C] -- C:\Users\Katinka\AppData\Roaming\xmldm [2012.07.13 00:06:38 | 000,000,000 | ---D | C] -- C:\Users\Katinka\AppData\Roaming\kock [2012.07.12 03:02:23 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.07.11 10:34:46 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.07.11 10:34:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2012.07.11 10:34:43 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll [2012.07.08 19:56:39 | 000,000,000 | ---D | C] -- C:\Users\Katinka\AppData\Roaming\Avira [2012.07.08 19:53:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.07.08 19:52:40 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.07.08 19:52:39 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.07.08 19:52:39 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.07.08 19:52:39 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.07.08 19:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.06.24 01:09:45 | 000,000,000 | ---D | C] -- C:\Users\Katinka\AppData\Local\Macromedia [1 C:\Users\Katinka\AppData\Roaming\*.tmp files -> C:\Users\Katinka\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.20 15:40:25 | 000,015,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.20 15:40:25 | 000,015,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.20 15:36:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Katinka\Desktop\OTL.exe [2012.07.20 15:34:37 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.07.20 15:33:14 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.20 15:33:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.20 15:32:55 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys [2012.07.20 15:28:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.20 14:57:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.20 13:21:55 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.20 02:30:36 | 000,000,034 | ---- | M] () -- C:\Users\Katinka\AppData\Roaming\blckdom.res [2012.07.18 18:00:02 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\SyncBack Gesamtsicherung.job [2012.07.13 22:48:05 | 000,000,051 | ---- | M] () -- C:\Users\Katinka\AppData\Roaming\urhtps.dat [2012.07.13 13:01:45 | 001,389,055 | ---- | M] () -- C:\Users\Katinka\Desktop\Kursinfo_S12.pdf [2012.07.12 04:17:31 | 000,362,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.12 01:57:08 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.07.12 01:57:08 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.07.08 18:01:05 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad [2012.07.05 20:04:26 | 001,500,792 | R--- | M] () -- C:\Users\Katinka\Desktop\kinderyoga-postkarte2.pdf [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.24 16:24:28 | 000,344,407 | ---- | M] () -- C:\Users\Katinka\Desktop\pingus.jpg [2012.06.24 16:21:08 | 004,383,046 | ---- | M] () -- C:\Users\Katinka\Desktop\P1030872.jpg [2012.06.24 04:31:44 | 000,001,564 | ---- | M] () -- C:\Users\Katinka\Desktop\2_AnmeldeH12.lnk [1 C:\Users\Katinka\AppData\Roaming\*.tmp files -> C:\Users\Katinka\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.20 13:21:55 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.13 13:15:53 | 000,000,051 | ---- | C] () -- C:\Users\Katinka\AppData\Roaming\urhtps.dat [2012.07.13 13:06:51 | 001,389,055 | ---- | C] () -- C:\Users\Katinka\Desktop\Kursinfo_S12.pdf [2012.07.13 00:06:50 | 000,000,034 | ---- | C] () -- C:\Users\Katinka\AppData\Roaming\blckdom.res [2012.07.08 17:54:22 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad [2012.07.05 20:04:28 | 001,500,792 | R--- | C] () -- C:\Users\Katinka\Desktop\kinderyoga-postkarte2.pdf [2012.06.24 04:31:49 | 000,001,564 | ---- | C] () -- C:\Users\Katinka\Desktop\2_AnmeldeH12.lnk [2012.03.13 17:06:39 | 000,002,048 | -HS- | C] () -- C:\Users\Katrin\AppData\Local\b38b0acd\@ [2011.11.29 18:17:47 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB18105$] -> Error: Cannot create file handle -> Unknown point type < End of report > ____________________________________________________OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.07.2012 15:38:59 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Katinka\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,61% Memory free
4,00 Gb Paging File | 2,77 Gb Available in Paging File | 69,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 150,04 Gb Total Space | 111,55 Gb Free Space | 74,34% Space Free | Partition Type: NTFS
Drive D: | 108,88 Gb Total Space | 102,74 Gb Free Space | 94,36% Space Free | Partition Type: NTFS
Drive E: | 39,06 Gb Total Space | 35,30 Gb Free Space | 90,38% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive H: | 232,88 Gb Total Space | 176,72 Gb Free Space | 75,88% Space Free | Partition Type: NTFS
Computer Name: KATINKA-PC | User Name: Katinka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14BDCAB6-561F-4767-A2ED-030CFB248297}" = rport=139 | protocol=6 | dir=out | app=system |
"{2158CCFA-8055-43A6-BA66-AAD633F77194}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{42D6D01E-017B-4F98-BA85-C1C09AD2541E}" = lport=137 | protocol=17 | dir=in | app=system |
"{4AE40ABE-94D1-4134-AE90-27A92F09FA29}" = rport=138 | protocol=17 | dir=out | app=system |
"{65221001-24EF-4ECD-9831-82BCCA4AA11B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{853FFA5D-5BF5-4970-8454-A85531C8EF47}" = lport=138 | protocol=17 | dir=in | app=system |
"{89A943C3-823C-4881-96A2-46DA8893F142}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{99BFCA4C-164C-4901-B984-8E168F9BEE3A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B36FBF6F-E58E-488F-9533-5DE3629EDDF5}" = rport=445 | protocol=6 | dir=out | app=system |
"{B81E2D02-0647-48F3-8483-C91F118B51D9}" = rport=137 | protocol=17 | dir=out | app=system |
"{D229E686-1D92-4560-A612-C3BDA46F26E7}" = lport=139 | protocol=6 | dir=in | app=system |
"{E7281FBB-8241-4831-A488-020538D0B0E8}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0627822A-D931-4997-9F69-5681C7C3CBCA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{0782BB23-3725-49BF-94FD-81F9F6ACC741}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{112DB564-2BB8-468E-99C4-5362B5F64C9C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{18F3751A-7245-44D9-A19D-6460F7EF638A}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{264CC154-D587-41DE-9252-CDF298099469}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{28B2BE97-14DC-42E5-94A4-4412E178591C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2AF41BF9-CF77-49E1-BB4A-0FDA767943B6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{2E95A3A2-DD5A-4316-B899-9AD391F06B34}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{30D5496C-FEF0-43A7-9F3B-C16B7376DDB6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3CBCD0D3-1AAD-4275-BFC7-EE2FA121BF4D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{3DF32514-B2BA-44EF-8D4F-3D9B370C9DA6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{46328EA7-9EBF-4A53-816D-23648EE17097}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{47456680-9685-4679-A80B-0AB44DE984ED}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{482E29B1-0A0F-4401-A3BC-94B9AB3FC928}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{523D9832-FE25-4130-8DC0-AC55F6350FF6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{69C4123F-3224-4D4A-A929-E79992CCE722}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{7AC3029F-ACD6-4219-83F3-ECC763A70915}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{7E9C41E7-7F1F-4401-946E-52EA91E9B5CA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{8A0898CA-7D73-4940-93AA-91C030FE222C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{8ADF6CA0-814F-4FEB-969B-7EE4755DC3E5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{9D69E1AB-3B01-490F-BEBB-D39BB0DA4D49}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A1D48DE1-353D-4F27-AAFF-444A0978FF55}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{B64961CE-027D-4A68-AD8F-51C0C5F8DC5F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{C799746A-6D41-4018-931E-0E20CE7A1793}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{CD47C803-4783-4F2B-A403-5480AFE9D52D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{DC5CF8F4-B1FF-413F-B87A-C8BDCFB8CAEA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{DD2BAD97-9225-46C7-84CF-CCFF34C07CB2}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{DD9CAA33-A940-4081-8C88-F9CEF7C5CFE0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{DF18DA88-6F5A-4E13-9B3B-E95D13A03CB9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{EC6AB9A0-D6FB-4027-86A7-DD531150CFE7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"TCP Query User{99DF5713-4189-4797-BCCA-4092D2D4CDE9}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{C8CCD53C-8426-416E-A407-4C8A3C8DFE09}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{E4F77B98-2B11-4FED-9D74-81AE69745F9B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{CAE49392-C2A4-4960-8238-232E51BEA3E4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{EE72E0D4-CAB1-4625-828B-10BF610CCAF8}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{F087D791-3A32-449A-9B1F-5C3368142EA3}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{09F25F86-F957-4051-8AB2-0E0D948BBB5D}" = 1310
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D4553DF-2095-4D10-92C0-17934733B51D}" = 1310_Help
"{6D7E031C-4C05-4265-854A-FE9FDEA9984D}" = 1310Trb
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F722FA9-B994-4C9B-B292-FD32D6206EDF}" = ASUS WLAN Card Utilities/Driver
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"1&1 SmartFax" = 1&1 SmartFax
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BurnAware Free_is1" = BurnAware Free 2.4.3
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ElsterFormular für Privatanwender und Unternehmer 12.0.0.5880k" = ElsterFormular-Update
"Exterminate It!" = Exterminate It!
"FileZilla Client" = FileZilla Client 3.5.3
"Foxit Reader" = Foxit Reader
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Image Analyzer" = Image Analyzer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NoteTab Light 6_is1" = NoteTab Light 6 (Remove only)
"RarZilla Free Unrar" = RarZilla Free Unrar
"Shop for HP Supplies" = Shop for HP Supplies
"Spesoft Free CD Ripper_is1" = Spesoft Free CD Ripper Version 2.60
"SyncBack_is1" = SyncBack
"VLC media player" = VLC media player 1.0.1
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.01.2012 08:52:42 | Computer Name = Katrin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 9.0.1.4371,
Zeitstempel: 0x4ef15e07 Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.1113,
Zeitstempel: 0x4afcef8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002ccd ID des fehlerhaften
Prozesses: 0x9ac Startzeit der fehlerhaften Anwendung: 0x01ccd2bb661c7b76 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe Pfad
des fehlerhaften Moduls: C:\PROGRA~1\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX Berichtskennung:
a56a68fc-3eae-11e1-bdc2-001966ef2012
Error - 14.01.2012 12:46:51 | Computer Name = Katrin-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 14.01.2012 19:37:45 | Computer Name = Katrin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\mozbackup\dll\DelZip179.dll".
Fehler in Manifest- oder Richtliniendatei "c:\program files\mozbackup\dll\DelZip179.dll"
in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist
ungültig.
Error - 14.01.2012 23:27:31 | Computer Name = Katrin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 9.0.1.4371,
Zeitstempel: 0x4ef15e07 Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.1113,
Zeitstempel: 0x4afcef8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002ccd ID des fehlerhaften
Prozesses: 0xddc Startzeit der fehlerhaften Anwendung: 0x01ccd3359b706a0c Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe Pfad
des fehlerhaften Moduls: C:\PROGRA~1\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX Berichtskennung:
dad27569-3f28-11e1-bdc2-001966ef2012
Error - 15.01.2012 08:11:06 | Computer Name = Katrin-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 16.01.2012 09:37:13 | Computer Name = Katrin-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 16.01.2012 11:01:39 | Computer Name = Katrin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 9.0.1.4371,
Zeitstempel: 0x4ef15e07 Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.1113,
Zeitstempel: 0x4afcef8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002ccd ID des fehlerhaften
Prozesses: 0x2bc Startzeit der fehlerhaften Anwendung: 0x01ccd45fbe3d0089 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe Pfad
des fehlerhaften Moduls: C:\PROGRA~1\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX Berichtskennung:
fdd5bbd7-4052-11e1-81aa-001966ef2012
Error - 16.01.2012 19:48:44 | Computer Name = Katrin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\mozbackup\dll\DelZip179.dll".
Fehler in Manifest- oder Richtliniendatei "c:\program files\mozbackup\dll\DelZip179.dll"
in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist
ungültig.
Error - 16.01.2012 21:58:21 | Computer Name = Katrin-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 16.01.2012 22:56:50 | Computer Name = Katrin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 9.0.1.4371,
Zeitstempel: 0x4ef15e07 Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.1113,
Zeitstempel: 0x4afcef8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002ccd ID des fehlerhaften
Prozesses: 0x6c0 Startzeit der fehlerhaften Anwendung: 0x01ccd4c3a783c9b9 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe Pfad
des fehlerhaften Moduls: C:\PROGRA~1\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX Berichtskennung:
e68ecf41-40b6-11e1-bd05-001966ef2012
[ System Events ]
Error - 20.07.2012 08:23:59 | Computer Name = Katinka-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 20.07.2012 08:24:05 | Computer Name = Katinka-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 20.07.2012 08:24:14 | Computer Name = Katinka-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 20.07.2012 08:24:20 | Computer Name = Katinka-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 20.07.2012 08:24:23 | Computer Name = Katinka-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 20.07.2012 08:24:33 | Computer Name = Katinka-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 20.07.2012 08:24:42 | Computer Name = Katinka-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 20.07.2012 08:24:48 | Computer Name = Katinka-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 20.07.2012 08:25:09 | Computer Name = Katinka-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 20.07.2012 09:32:54 | Computer Name = Katinka-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
< End of report >
|
|
23.07.2012, 09:47
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | RKIT/agent.depg.1, Spy.Banker.Gen und andere ...Zitat:
NICHTS voreilig aus der Quarantäne löschen! Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ |
|
27.07.2012, 00:50
| #3 |
| | RKIT/agent.depg.1, Spy.Banker.Gen und andere ... Hallo Arne, vielen Dank für Deine Antwort. Ich habe keine weiteren Logfiles von Malwarebytes. Die Funde hatte ich dann in Quarantäne verschoben.
__________________Zwischenzeitlich fuhr der Rechner nicht mehr hoch, so dass ich von der Windows 7-CD starten musste und eine Systemreparatur lief (das war am Sonntag, 22.7.12). Seitdem hat Malwarebytes nichts mehr gefunden. Auch die Dateien in der Malwarebytes-Quarantäne sind nicht mehr da. Wie kann ich überprüfen, ob der Rechner wirklich frei von Schädlingen ist? Beste Grüße! Kathrin |
|
27.07.2012, 08:48
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | RKIT/agent.depg.1, Spy.Banker.Gen und andere ... Führ bitte auch ESET aus, danach sehen wir weiter. Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden. ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
 + R Taste und kopiere folgenden Text in das Ausführen Fenster.Code:
ATTFilter "%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Code:
ATTFilter "%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.07.2012, 16:17
| #5 |
| | RKIT/agent.depg.1, Spy.Banker.Gen und andere ... Hi Arne, dankeschön nochmal :-) Gescannt, hier das log-file: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=3f3b9cd03f52c940b5c2f2a59a1152c8 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-27 03:05:27 # local_time=2012-07-27 05:05:27 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 390821 390821 0 0 # compatibility_mode=5893 16776573 100 94 1289 95019387 0 0 # compatibility_mode=8192 67108863 100 0 143 143 0 0 # scanned=209478 # found=3 # cleaned=0 # scan_time=13331 C:\Users\Katinka\AppData\Roaming\13001.027\components\AcroFF027.dll a variant of Win32/Spy.Banker.YCR trojan (unable to clean) 00000000000000000000000000000000 I H:\KATINKA-PC\Backup Set 2012-07-22 231636\Backup Files 2012-07-22 231636\Backup files 9.zip a variant of Win32/Spy.Banker.YCR trojan (unable to clean) 00000000000000000000000000000000 I H:\KATINKA-PC\Backup Set 2012-07-26 200002\Backup Files 2012-07-26 200002\Backup files 11.zip a variant of Win32/Spy.Banker.YCR trojan (unable to clean) 00000000000000000000000000000000 I Viele Grüße! Kathrin |
|
27.07.2012, 20:41
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | RKIT/agent.depg.1, Spy.Banker.Gen und andere ... Ja du hast ein Banking-Trojaner im System. Machst du OnlineBanking mit diesem Rechner?
__________________ --> RKIT/agent.depg.1, Spy.Banker.Gen und andere ... |
|
27.07.2012, 20:57
| #7 |
| | RKIT/agent.depg.1, Spy.Banker.Gen und andere ... ja, mach ich ... |
|
27.07.2012, 22:18
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | RKIT/agent.depg.1, Spy.Banker.Gen und andere ... Dann solltest du gründlich überlegen, ob du ein unnötiges Risiko eingehen willst durch Bereinigung und danach weiterhin OnlineBanking oder lieber komplette Neuinstallation von Windows
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.07.2012, 22:28
| #9 |
| | RKIT/agent.depg.1, Spy.Banker.Gen und andere ... Ächz ... ja ich habe gerade schon die Anleitung zur Neuinstallation gelesen, weil ich mir dachte, dass du das vorschlagen wirst. Ich verstehe zwar nicht alles, aber es wird schon irgendwie klappen :-) Ich danke Dir und Du drück' mal die Daumen, dass ich es vor Morgengrauen hingekriegt habe! Kathrin |
|
27.07.2012, 22:47
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | RKIT/agent.depg.1, Spy.Banker.Gen und andere ... Naja wie gesagt, man kann auch eine Bereinigung machen wenn du mit dem Restrisiko leben kannst
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.07.2012, 02:33
| #11 |
| | RKIT/agent.depg.1, Spy.Banker.Gen und andere ... nee nee das ist mein Bürorechner, das soll schon alles ordentlich laufen ... ich bin immerhin schon wieder online, habe vorher die komplette Systempartition formatiert und Windows 7 neu installiert. Gerade scanne ich nochmal alles mit ESET. Kannst Du mir jetzt noch einen Rat geben, wie ich mich demnächst am besten schützen kann?  Kathrin oh Mann, das gibts ja nicht, jetzt zeigt mir der ESET Online Scan schon wieder diesen spy.banker.YCR an!!! Wie ging das gleich mit dem Bereinigen?  Geändert von Medano (28.07.2012 um 02:40 Uhr) |
|
28.07.2012, 22:12
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | RKIT/agent.depg.1, Spy.Banker.Gen und andere ... Wie das mit der IT usw. funktioniert solltest du am besten mal deine Kollegen aus der IT-Abteilung fragen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.07.2012, 22:16
| #13 |
| | RKIT/agent.depg.1, Spy.Banker.Gen und andere ... danke für deine hilfe |
|
| Themen zu RKIT/agent.depg.1, Spy.Banker.Gen und andere ... |
| 32 bit, 7-zip, antivirus, autorun, avira, avira searchfree toolbar, bho, error, excel, exterminate, firefox, flash player, format, ftp, google earth, helper, heuristiks/extra, heuristiks/shuriken, hijack, home, install.exe, installation, karte, langs, misused.legit, mozilla, officejet, plug-in, problem, prozessor, realtek, registry, richtlinie, rootkit.zeroaccess, rundll, searchscopes, security, software, svchost.exe, taskhost.exe, wlan |
Button.
Linear-Darstellung
