Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: [AcroIEHelpe.dll] [TR/Spy.Banker.Gen5]

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.08.2012, 12:48   #1
Tim0
 
[AcroIEHelpe.dll]  [TR/Spy.Banker.Gen5] - Standard

[AcroIEHelpe.dll] [TR/Spy.Banker.Gen5]



Guten Tag,
ich habe von Antivir die Meldung bekommen das ich den im Titel genannten Trojaner habe,
welcher auch nach dem Entfernen mit Antivir nicht verschwunden ist.

Code:
ATTFilter
OTL logfile created on: 05.08.2012 12:43:14 - Run 4
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Computer\Desktop\Sicherheit
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 63,62% Memory free
8,00 Gb Paging File | 6,34 Gb Available in Paging File | 79,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 32,80 Gb Free Space | 29,34% Space Free | Partition Type: NTFS
Drive D: | 249,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 1397,26 Gb Total Space | 702,15 Gb Free Space | 50,25% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTER-PC | User Name: Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Computer\Desktop\Sicherheit\Defogger.exe ()
PRC - C:\Users\Computer\Desktop\Sicherheit\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\SysWOW64\TSTheme.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Computer\Desktop\Sicherheit\Defogger.exe ()
MOD - C:\Users\Computer\AppData\Roaming\14001.008\components\AcroFF.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe (Microsoft Corporation.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (sbhips) -- C:\Windows\SysNative\drivers\sbhips.sys (GFI Software)
DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\drivers\sbapifs.sys (GFI Software)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\sbredrv.sys (GFI Software)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SBRE) -- C:\Windows\SysWOW64\drivers\SBREDrv.sys (GFI Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (GPCIDrv) -- C:\Program Files (x86)\GIGABYTE\EasyBoost\GPCIDrv64.sys ()
DRV - (TVICHW32) -- C:\Program Files (x86)\GIGABYTE\EasyBoost\TVicHW64.sys (EnTech Taiwan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC D7 83 1F BC 65 CD 01  [binary data]
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={273A7248-29A4-4A32-9C8E-5785FF48A971}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 01 26 7A CF B5 CC 01  [binary data]
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.01 22:59:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.26 18:23:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.21 17:25:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.29 19:45:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Computer\AppData\Roaming\14001.008 [2012.08.05 11:52:37 | 000,000,000 | ---D | M]
 
[2011.12.08 20:05:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Extensions
[2012.08.03 14:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\snifs0xy.default\extensions
[2012.07.26 18:23:11 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\snifs0xy.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012.08.03 14:47:02 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\snifs0xy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.07.26 18:17:39 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\snifs0xy.default\extensions\ich@maltegoetz.de
[2012.07.26 18:23:12 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\snifs0xy.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012.07.19 16:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.22 09:52:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.08.05 11:52:37 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\COMPUTER\APPDATA\ROAMING\14001.008
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.02 12:27:09 | 000,003,659 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.26 18:37:01 | 000,443,881 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 15244 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1460563739-2049981762-912863089-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1460563739-2049981762-912863089-1001..\Run: [Userinit] C:\Users\Computer\AppData\Roaming\appconf32.exe ()
O4 - HKU\S-1-5-21-1460563739-2049981762-912863089-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1460563739-2049981762-912863089-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Das YouTube Video als MP3 &speichern - C:\Users\Computer\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Computer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Das YouTube Video als MP3 &speichern - C:\Users\Computer\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Computer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.109.123.7 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2C997D5-B60C-4386-9423-6D626FF8EF1A}: DhcpNameServer = 62.109.123.7 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.08 12:00:57 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.05 12:04:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.08.05 11:56:18 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\Neuer Ordner (3)
[2012.08.05 11:48:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.08.05 11:39:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.08.05 11:39:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.08.05 11:34:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.08.05 11:10:40 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\Sicherheit
[2012.08.05 11:00:38 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\Malwarebytes
[2012.08.05 11:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.05 11:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.05 09:43:21 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\14001.008
[2012.08.04 20:47:54 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\LJTD x64
[2012.08.04 20:45:53 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\LJTD x86
[2012.08.04 20:25:18 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\StackTimer
[2012.08.04 20:15:11 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\Neuer Ordner (2)
[2012.08.04 20:12:58 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\UAs
[2012.08.04 19:38:05 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\xmldm
[2012.08.04 19:38:04 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\kock
[2012.08.04 18:00:45 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\League of Legends
[2012.08.04 17:58:48 | 000,000,000 | ---D | C] -- C:\Games
[2012.08.04 17:57:47 | 000,000,000 | ---D | C] -- C:\ACE Client Setup
[2012.08.04 15:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012.08.04 15:42:58 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\uTorrent
[2012.07.30 19:37:53 | 003,907,920 | ---- | C] (Piriform Ltd) -- C:\Users\Computer\Desktop\ccsetup321.exe
[2012.07.27 21:58:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.07.26 18:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.07.26 18:24:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.07.26 18:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.07.26 18:23:39 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\adaware
[2012.07.26 18:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012.07.26 18:23:34 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012.07.26 18:23:33 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012.07.26 18:23:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012.07.26 18:23:25 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\Downloaded Installations
[2012.07.26 18:23:13 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\adawarebp
[2012.07.26 18:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012.07.26 18:23:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2012.07.26 18:23:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012.07.26 18:22:31 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\Ad-Aware Antivirus
[2012.07.26 18:22:19 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Users\Computer\Desktop\spybotsd162.exe
[2012.07.24 16:40:32 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\Apple
[2012.07.23 20:59:10 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.07.21 15:53:12 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\Softpark
[2012.07.21 15:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yaric
[2012.07.21 15:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yaric
[2012.07.20 10:50:58 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\Thunderbird
[2012.07.19 20:33:40 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\Apps
[2012.07.19 16:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.07.19 15:07:49 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\VirtualStore
[2012.07.19 15:07:35 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\Adobe
[2012.07.19 15:05:48 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\Macromedia
[2012.07.18 21:42:33 | 000,000,000 | ---D | C] -- C:\Photoshop Brushes
[2012.07.18 18:13:47 | 000,000,000 | ---D | C] -- C:\Photoshop
[2012.07.11 16:56:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 16:56:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 16:56:30 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 16:56:26 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 16:56:25 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.06.02 13:06:47 | 002,327,552 | ---- | C] (ABACOM) -- C:\Program Files (x86)\splan70.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Computer\AppData\Roaming\*.tmp files -> C:\Users\Computer\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.05 12:41:19 | 000,000,000 | ---- | M] () -- C:\Users\Computer\defogger_reenable
[2012.08.05 12:23:02 | 000,000,017 | ---- | M] () -- C:\Users\Computer\AppData\Roaming\blckdom.res
[2012.08.05 12:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.05 12:12:48 | 000,025,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 12:12:48 | 000,025,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 12:09:46 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.05 12:09:46 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.05 12:09:46 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.05 12:09:46 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.05 12:09:46 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.05 12:05:36 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012.08.05 12:05:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.05 12:05:32 | 3220,033,536 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.03 15:16:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.03 15:16:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.30 19:39:05 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.30 19:37:54 | 003,907,920 | ---- | M] (Piriform Ltd) -- C:\Users\Computer\Desktop\ccsetup321.exe
[2012.07.29 10:17:52 | 000,001,993 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2012.07.29 10:17:52 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012.07.29 10:17:46 | 001,424,103 | ---- | M] () -- C:\Users\Computer\Desktop\LOLReplay-0.7.9.34.exe
[2012.07.26 18:37:01 | 000,443,881 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.07.26 18:24:07 | 000,001,258 | ---- | M] () -- C:\Users\Computer\Desktop\Spybot - Search & Destroy.lnk
[2012.07.26 18:22:27 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Users\Computer\Desktop\spybotsd162.exe
[2012.07.26 18:19:39 | 004,935,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.26 18:13:38 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad
[2012.07.21 15:53:11 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\PatchGuard.lnk
[2012.07.21 15:53:11 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\Yaric.lnk
[2012.07.18 21:43:22 | 000,000,000 | -H-- | M] () -- C:\Users\Computer\Documents\Default.rdp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Computer\AppData\Roaming\*.tmp files -> C:\Users\Computer\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.05 12:41:19 | 000,000,000 | ---- | C] () -- C:\Users\Computer\defogger_reenable
[2012.08.05 11:54:22 | 000,000,017 | ---- | C] () -- C:\Users\Computer\AppData\Roaming\blckdom.res
[2012.07.29 10:17:45 | 001,424,103 | ---- | C] () -- C:\Users\Computer\Desktop\LOLReplay-0.7.9.34.exe
[2012.07.26 18:24:07 | 000,001,258 | ---- | C] () -- C:\Users\Computer\Desktop\Spybot - Search & Destroy.lnk
[2012.07.25 21:12:41 | 004,503,728 | ---- | C] () -- C:\ProgramData\z7_0ytr.pad
[2012.07.21 15:53:11 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\PatchGuard.lnk
[2012.07.21 15:53:11 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\Yaric.lnk
[2012.07.19 16:40:01 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.07.18 21:43:22 | 000,000,000 | -H-- | C] () -- C:\Users\Computer\Documents\Default.rdp
[2012.06.02 13:06:47 | 001,115,915 | ---- | C] () -- C:\Program Files (x86)\splan70.CHM
[2012.06.02 12:38:48 | 000,001,440 | ---- | C] () -- C:\Windows\_isenv31.ini
[2012.02.02 01:25:08 | 000,735,353 | ---- | C] () -- C:\Users\Computer\ace_uninstaller.exe
[2012.01.14 16:39:52 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.01.14 16:39:52 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2008.12.09 17:23:13 | 000,052,688 | RHS- | C] () -- C:\Users\Computer\AppData\Roaming\appconf32.exe
 
========== LOP Check ==========
 
[2012.08.05 11:52:37 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\14001.008
[2012.08.05 12:00:29 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Ad-Aware Antivirus
[2012.05.08 23:00:13 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Chess Tutor
[2012.05.07 17:10:35 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\ChessBase
[2011.12.15 20:58:49 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DVDVideoSoft
[2011.12.15 20:58:25 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.17 17:36:35 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\FL_SIM_P4_D
[2012.01.29 00:51:21 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Free YouTube to MP3 Converter Studio
[2012.07.26 18:17:39 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\FreeFLVConverter
[2012.08.04 19:38:04 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\kock
[2011.12.09 16:39:44 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\LolClient
[2012.05.24 16:02:30 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\LolClient2
[2011.12.28 22:22:38 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\OpenOffice.org
[2012.07.26 18:17:39 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\SAD-Europa-Führerschein
[2012.05.06 22:39:27 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\ShredderChess
[2012.07.26 18:17:39 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\SmartDraw
[2012.07.21 15:53:12 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Softpark
[2012.07.26 18:17:39 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Spotify
[2012.07.23 20:59:10 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.07.26 18:17:39 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Thunderbird
[2012.08.04 14:43:04 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\TS3Client
[2012.08.05 09:43:07 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\UAs
[2012.08.05 00:05:41 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\uTorrent
[2012.07.26 18:17:39 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\WindSolutions
[2012.08.05 09:43:18 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\xmldm
[2012.08.05 12:05:36 | 000,000,266 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2012.07.07 09:01:03 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.05.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Computer :: COMPUTER-PC [Administrator]

05.08.2012 13:17:20
mbam-log-2012-08-05 (13-19-11).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217050
Laufzeit: 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCR\CLSID\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\Computer\AppData\Roaming\appconf32.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Computer\AppData\Roaming\AcroIEHelpe.dll (Trojan.Banker) -> Keine Aktion durchgeführt.
C:\Users\Computer\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Keine Aktion durchgeführt.

(Ende)
         


Ich hoffe ihr könnt mir helfen ihn loszuwerden

Mit freundlichen Grüßen
Tim0

Edit: Gerade kam noch folgende Meldung dazu:
Objekt: BAcroIEHelpe.dll
Fund: RKIT/Agent.dewl

Geändert von Tim0 (05.08.2012 um 13:28 Uhr)

Alt 09.08.2012, 20:58   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
[AcroIEHelpe.dll]  [TR/Spy.Banker.Gen5] - Standard

[AcroIEHelpe.dll] [TR/Spy.Banker.Gen5]



Code:
ATTFilter
C:\Users\Computer\AppData\Roaming\AcroIEHelpe.dll (Trojan.Banker) -> Keine Aktion durchgeführt.
C:\Users\Computer\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Keine Aktion durchgeführt.
         
Du hast da leider einen BankingTrojaner im System
Machst du OnlineBanking mit dieser Kiste?
__________________

__________________

Alt 09.08.2012, 21:37   #3
Tim0
 
[AcroIEHelpe.dll]  [TR/Spy.Banker.Gen5] - Standard

[AcroIEHelpe.dll] [TR/Spy.Banker.Gen5]



Ja mache ich mit Chiptan verfahren,
hatte verschiedene Scanner durchlaufen lassen und nun seit etwa 2 Tagen keine Meldungen mehr,
aber das muss ja bekanntermaßen nichts heißen.

MfG Tim0
__________________

Alt 10.08.2012, 22:48   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
[AcroIEHelpe.dll]  [TR/Spy.Banker.Gen5] - Standard

[AcroIEHelpe.dll] [TR/Spy.Banker.Gen5]



Ich weiß nicht ob das trotzdem unbedingt clever wäre...zumindest wäre es sehr fahrlässig
Willst du wirklich bereinigen?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.08.2012, 23:06   #5
Tim0
 
[AcroIEHelpe.dll]  [TR/Spy.Banker.Gen5] - Standard

[AcroIEHelpe.dll] [TR/Spy.Banker.Gen5]



Da ich heute etwas Zeit hatte habe ich mein System neu aufgestetzt,
war mir dann doch zu riskant.

Danke für die nette Hilfe,

MfG Tim0


Geändert von Tim0 (10.08.2012 um 23:39 Uhr)

Alt 11.08.2012, 17:53   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
[AcroIEHelpe.dll]  [TR/Spy.Banker.Gen5] - Standard

[AcroIEHelpe.dll] [TR/Spy.Banker.Gen5]



Da du alles komplett neu gemacht hast wären wir durch, abschließend poste ich noch meinen Updateleitfaden!

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
--> [AcroIEHelpe.dll] [TR/Spy.Banker.Gen5]

Alt 11.08.2012, 21:43   #7
Tim0
 
[AcroIEHelpe.dll]  [TR/Spy.Banker.Gen5] - Standard

[AcroIEHelpe.dll] [TR/Spy.Banker.Gen5]



Vielen Dank so etwas habe ich gesucht

MfG Tim0

Antwort

Themen zu [AcroIEHelpe.dll] [TR/Spy.Banker.Gen5]
acroiehelpe.dll, ad-aware, antivir, antivirus, autorun, avira, bho, bingbar, bonjour, ccsetup, computer, converter, desktop, entfernen, firefox, flash player, helper, langs, logfile, mozilla, mp3, object, realtek, registry, rkit/agent.dewl, safer networking, scan, security, software, trojaner, windows



Ähnliche Themen: [AcroIEHelpe.dll] [TR/Spy.Banker.Gen5]


  1. TR/Dropper.Gen5 und loadtbs
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (19)
  2. HTML/Rce.Gen5 --> Was nun?
    Plagegeister aller Art und deren Bekämpfung - 07.01.2013 (3)
  3. Trojan.Downloader, Trojan.Agent.VGENX, Trojan.Agent, PUP.Pantsoff.PasswordFinder, TR/spy.banker.gen5
    Log-Analyse und Auswertung - 27.10.2012 (1)
  4. Trojaner TR/Proxy.Gen5
    Log-Analyse und Auswertung - 14.08.2012 (28)
  5. TR/Spy.Banker.Gen5 durch Malwarebytes entdeckt
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (3)
  6. spy.banker.gen5
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (3)
  7. Trojanisches Pferd TR/Spy.Banker.Gen5 & EXP/CVE-2012-1723.BU & Java-Scriptvirus JS/Dldr.Expack.BA.3
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (3)
  8. Trojaner TR/Spy.Banker.Gen5 in C:\User\Antonia\AppData\Roaming\BAcroIEHelpe180.dll eingefangen
    Plagegeister aller Art und deren Bekämpfung - 04.08.2012 (1)
  9. TR/Crypt.XPACK.Gen5
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (9)
  10. Trojan.Banker / Spy.Banker - weitere Vorgehensweise?
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (7)
  11. Maßnahmen gegen Trojaner TR/spy.banker.gen5 und TR/Spy.Farko.lw
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (15)
  12. TR/ATRAPS.Gen5
    Plagegeister aller Art und deren Bekämpfung - 22.06.2012 (2)
  13. von acroiehelpe.dll jetzt zu C:\WINDOWS\system32\xmldm (Stolen.Data)
    Plagegeister aller Art und deren Bekämpfung - 21.04.2012 (26)
  14. erst TR/Spy.Banker.Gen2 gefunden, dann TR/PSW.Banker.O.33
    Log-Analyse und Auswertung - 28.03.2012 (26)
  15. Trojanisches Pferd TR/Banker.Banker.aywq gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.11.2010 (7)
  16. TR/Banker.MultiBanker.acv, TR/Banker/MultiBankerack und TR/Kazy.2369.7
    Plagegeister aller Art und deren Bekämpfung - 09.11.2010 (1)
  17. TR/Banker.Banker.aits in iexplore.exe
    Plagegeister aller Art und deren Bekämpfung - 03.06.2009 (1)

Zum Thema [AcroIEHelpe.dll] [TR/Spy.Banker.Gen5] - Guten Tag, ich habe von Antivir die Meldung bekommen das ich den im Titel genannten Trojaner habe, welcher auch nach dem Entfernen mit Antivir nicht verschwunden ist. Code: Alles auswählen - [AcroIEHelpe.dll] [TR/Spy.Banker.Gen5]...
Archiv
Du betrachtest: [AcroIEHelpe.dll] [TR/Spy.Banker.Gen5] auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.