| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: .exe (Trojan.Agent) und (PUP.BundleInstaller.BI)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.10.2012, 12:16
| #1 |
 |  .exe (Trojan.Agent) und (PUP.BundleInstaller.BI) Hallo zusammen, ich bin neu angemeldet hier im Forum, weil ich wohl ein kleines Trojanerproblem besitze.. Aus diesem Grund bin ich auf Eure Hilfe angewiesen und würde mich sehr freuen, wenn Ihr mir in dieser Sache vielleicht ein bischen weiterhelfen könntet: Ich habe mir erst vor zwei Monaten mein System komplett neu mit WIN 7 aufgespielt. ein Check mit Malwarebytes kurz nach dem neuen System erbrachte auch keinerlei Hinweise auf Infektionen. Vor einigen Tagen hab ich dann einen angeschlossenen USB-Stick mit Malwarebytes gechecked und prompt kam folgende Meldung: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.29.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Adaron :: ADARON-PC [Administrator] 30.09.2012 12:01:13 mbam-log-2012-09-30 (12-01-13).txt Art des Suchlaufs: Vollständiger Suchlauf (F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 212812 Laufzeit: 22 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Adaron\AppData\Local\Temp\.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.29.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Adaron :: ADARON-PC [Administrator] 30.09.2012 12:34:10 mbam-log-2012-09-30 (12-34-10).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 209868 Laufzeit: 4 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Adaron\Downloads\7ZipSetup.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Daraufhin hab ich den DEFOGGER durchlaufen lassen... ohne Ergebnis. Dann habe ich mit OTL weitergemacht und versehentlich meinen Virenscanner (G-DATA) nicht abgeschlatet... Prompt maulte G-Data wie folgt herum: [I]*** Prozess *** Prozess: 2400 Dateiname: iexplore.exe Pfad: c:\program files\internet explorer\iexplore.exe Herausgeber: Microsoft Corporation Erstelldatum: 09/22/12 19:50:15 Änderungsdatum: 08/24/12 11:23:44 Gestartet von: explorer.exe Herausgeber: Microsoft Windows *** Aktionen *** Ein Packer wurde auf die Programmdatei angewandt. Möglicherweise um schädliche Inhalte zu verbergen. Das Programm hat Werte in der System-Registrierung verändert die genutzt werden können um das System zu gefährden. Das Programm stellt eine Verbindung über ein Netzwerk her. Das Programm zeichnet alle Tastatureingaben auf. Das Programm hat eine ausführbare Datei angelegt oder manipuliert. YGLRvdIJJyeoaXKCKCeo5oBycuopJ5eGcnJ+kHJyqI9yostycmjJoHKCenKSKCdoDywnKCcnJwctJ4lmcrItJ3ma4HJyrS8nlycnx+dwKnSSQicndIJwKycpJycnCMdygmJicoKAKicpJycmCLli0b 1y1pAsJwfpcnKdLSeXJifH1qAnJ9dpcnJpcnJsBspycp0tJ5cmJ8fWoC0nqGlygignqOawJicoJycnB5tywmJicsKwLScrJygnCaxyoi0nynJywCwn12nALycrJygnCW1yoignenJy0CgnKiYmJwr9 YtFyrQZucqIMj3JyLSfXYmJwZ3KSty4nx3KSpwh3KCd5y3JyKid5inCncnJwx3JyYmJycnBocqIsJiYnynCYcnIpJiYnl3C4cpJoJifbcpKnCYctJycnJyYGly8nJycnJganJycHpytcY7by0rFbY7 ZywjVmKw6nLifX23JyaXJyjA0A Version der Regeln: 3.1.4 "C:\Program Files\Internet Explorer\iexplore.exe" C:\Windows\Explorer.EXE Ich denke mal, das war ein falscher Alarm. Deswegen Abbruch von OTL und noch einmal komplett neu durchlaufen lassen mit deaktiviertem GDATA... Hier das OTL-TXT... Code:
ATTFilter OTL logfile created on: 03.10.2012 10:52:57 - Run 1 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Adaron\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 59,22% Memory free 8,00 Gb Paging File | 5,88 Gb Available in Paging File | 73,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 192,22 Gb Total Space | 123,24 Gb Free Space | 64,11% Space Free | Partition Type: NTFS Drive D: | 273,44 Gb Total Space | 186,59 Gb Free Space | 68,24% Space Free | Partition Type: NTFS Computer Name: ADARON-PC | User Name: Adaron | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Adaron\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe (G Data Software) PRC - C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\TotalProtection\GUI\GDSC.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe (ASUS) PRC - C:\Programme\ATKGFNEX\GFNEXSrv.exe () PRC - C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Windows Live\Writer\de\WindowsLive.Writer.Localization.resources.dll () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswsysmon.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipsw_cfgmgr.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\LogonStartup.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\iphelper.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswui.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswobj.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswhlp.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswgblset.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswds.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswcore.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\cxcmrt.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswresmgr.dll () MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ResItf.dll () ========== Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (GDBackupSvc) -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe (G Data Software AG) SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe (G Data Software AG) SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (TSNxGService) -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe (G Data Software) SRV - (GDTunerSvc) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKService) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe (G Data Software AG) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) SRV - (ATKGFNEXSrv) -- C:\Programme\ATKGFNEX\GFNEXSrv.exe () SRV - (spmgr) -- C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software) DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS) DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc) DRV:64bit: - (TS4NT) -- C:\Windows\SysNative\drivers\TS4nt.sys (G Data Software) DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG) DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG) DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG) DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC) DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. ) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ghaio) -- C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys () DRV - (ASMMAP64) -- C:\Programme\ATKGFNEX\ASMMAP64.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 32 1D 8F 25 7D CD 01 [binary data] IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1203884004-2752635724-3302966721-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.20 14:52:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.20 20:25:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adaron\AppData\Roaming\mozilla\Extensions [2012.08.26 11:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adaron\AppData\Roaming\mozilla\Firefox\Profiles\gir6nvp9.default\extensions [2012.08.20 14:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [TSNxG4Tray] "C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGTray.exe" /system File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.XXX.X.X O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28CB6B60-D408-4F7F-915A-10285EBD3F9E}: DhcpNameServer = 192.XXX.X.X O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E072CB39-6646-4566-872C-51883663D9CD}: DhcpNameServer = 192.XXX.X.x O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{58c7ed76-e915-11e1-a5c9-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{58c7ed76-e915-11e1-a5c9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SYSTEM\AUTOSTRT.EXE O33 - MountPoints2\{58c7ed76-e915-11e1-a5c9-806e6f6e6963}\Shell\install1\command - "" = E:\system\Elevate.exe "Start.exe" O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.30 13:28:31 | 000,000,000 | ---D | C] -- C:\.Trash-999 [2012.09.30 12:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.30 12:00:06 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.30 12:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.09.30 11:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.09.30 11:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.09.30 11:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012.09.26 08:26:48 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012.09.25 11:53:48 | 000,000,000 | ---D | C] -- C:\Users\Adaron\Documents\Fix WU [2012.09.25 11:09:49 | 000,000,000 | R--D | C] -- C:\Users\Adaron\Documents\Scanned Documents [2012.09.25 11:09:48 | 000,000,000 | ---D | C] -- C:\Users\Adaron\Documents\Fax [2012.09.23 14:52:28 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.09.23 14:52:28 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.09.22 21:50:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.09.22 21:50:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.09.22 21:50:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.09.22 21:50:15 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.09.22 21:50:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.09.22 21:50:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.09.22 21:50:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.09.22 21:50:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.09.22 21:50:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.09.22 21:50:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.09.22 21:50:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.09.22 21:50:14 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.09.22 21:50:13 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.09.22 21:50:13 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.09.22 21:50:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.09.21 14:21:52 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Roaming\com.amazon.music.uploader [2012.09.21 14:21:48 | 000,000,000 | ---D | C] -- C:\Users\Adaron\Documents\Amazon Music Importer [2012.09.21 14:21:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2012.09.20 17:44:38 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Local\ElevatedDiagnostics [2012.09.20 17:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard [2012.09.20 16:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.09.20 16:40:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012.09.20 16:39:56 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.09.20 16:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.09.20 16:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2012.09.20 16:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2012.09.20 16:36:58 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012.09.20 16:10:18 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Local\Microsoft Help [2012.09.20 16:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012.09.19 17:11:29 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Local\Macromedia [2012.09.17 15:25:03 | 000,000,000 | ---D | C] -- C:\Users\Adaron\Documents\Amazon MP3 [2012.09.17 15:25:03 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Roaming\Amazon [2012.09.17 15:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2012.09.17 15:23:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon [2012.09.12 18:58:00 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Roaming\ooVoo Details [2012.09.12 18:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo [2012.09.12 18:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ooVoo [2012.09.12 18:39:42 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012.09.12 18:39:41 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012.09.12 18:39:40 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.09.12 18:39:40 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012.09.05 12:22:07 | 000,000,000 | ---D | C] -- C:\Users\Adaron\AppData\Local\Adobe [2012.09.05 12:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.09.05 12:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2008.08.11 21:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll ========== Files - Modified Within 30 Days ========== [2012.10.03 10:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.03 09:18:06 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.03 09:18:06 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.03 09:15:45 | 000,813,445 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2012.10.03 09:15:45 | 000,044,573 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2012.10.03 09:10:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.03 09:10:26 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys [2012.09.30 14:01:07 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.30 14:01:07 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.30 14:01:07 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.30 14:01:07 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.30 14:01:07 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.30 14:00:22 | 000,000,193 | ---- | M] () -- C:\Users\Adaron\Documents\test.rtf [2012.09.30 12:00:08 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.21 09:29:35 | 000,341,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.09.20 16:40:44 | 000,003,047 | ---- | M] () -- C:\Users\Adaron\Desktop\Microsoft Excel 2010.lnk [2012.09.20 16:40:44 | 000,003,029 | ---- | M] () -- C:\Users\Adaron\Desktop\Microsoft Word 2010.lnk [2012.09.19 17:00:28 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.09.19 17:00:28 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.09.12 18:57:28 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.05 12:21:03 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk ========== Files Created - No Company Name ========== [2012.09.30 14:00:21 | 000,000,193 | ---- | C] () -- C:\Users\Adaron\Documents\test.rtf [2012.09.30 12:00:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.20 17:04:14 | 000,003,047 | ---- | C] () -- C:\Users\Adaron\Desktop\Microsoft Excel 2010.lnk [2012.09.20 17:03:59 | 000,003,029 | ---- | C] () -- C:\Users\Adaron\Desktop\Microsoft Word 2010.lnk [2012.09.12 18:57:28 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk [2012.09.05 12:21:03 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.09.05 12:21:03 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.08.19 16:00:05 | 001,589,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.08.19 14:13:31 | 000,813,445 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2009.04.08 10:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll [2008.05.22 08:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.17 15:25:03 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Amazon [2012.09.21 14:21:52 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\com.amazon.music.uploader [2012.09.12 19:00:34 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\ooVoo Details [2012.08.19 16:15:52 | 000,000,000 | ---D | M] -- C:\Users\Adaron\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > Kurioserweise habe ich derzeit keinerlei Probleme mit meinem PC, Performance etc pp. ist alles völlig o.k. und es gibt wirklich keinen Stress mit meinem Compi... Hat MALWAREBYTE mir hier vielleicht nen "False positive" ausgespuckt? Ich bedanke mich schon im Voraus für Eure Unterstützung und wüpnsche noch einen ruhigen Tag derdeutschen Einheit... Liebe Grüße Mojitofan Geändert von Mojitofan (03.10.2012 um 12:38 Uhr) |
| Themen zu .exe (Trojan.Agent) und (PUP.BundleInstaller.BI) |
| abbruch, administrator, adobe, antivirus, autorun, bankguard, bho, document, explorer, firefox, firewall, flash player, format, g-data, gfnexsrv.exe, logfile, netzwerk, nvidia, object, performance, realtek, registry, security, senden, software, system, tastatureingaben, temp, totalprotection |
Baum-Darstellung