Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 09.01.2013, 20:05   #1
Hannibaal
 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio - Standard

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio



Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.09.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Papa :: PAPA-PC [Administrator]

09.01.2013 18:41:18
log neu.txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 414581
Laufzeit: 1 Stunde(n), 9 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Papa\AppData\Roaming\dll\svchost.exe (Backdoor.IRCBot) -> Keine Aktion durchgeführt.

(Ende)

Kennt wer diese dinger und weis was die anrichten können ?

Wie kann ich diese entfernen ohne mein system neu aufsetzen zu müssen?

Danke euch

Alt 09.01.2013, 20:49   #2
ryder
/// TB-Ausbilder
 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio - Standard

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio





Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.

Bitte Lesen:
Regeln für die Bereinigung
Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
  • Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt Rückmeldung (Logfile oder Antwort) und zwar gesammelt, wenn du alles erledigt hast, in einer Antwort.
  • Nur Scanns durchführen zu denen Du aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags - #-Symbol im Editor anklicken). Nicht anhängen oder zippen, außer ich fordere Dich dazu auf, oder das Logfile wäre zu gross. Erschwert mir nämlich das Auswerten.
  • Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss.
  • Beim ersten Anzeichen illegal genutzer Software (Cracks, Patches und Co) wird der Support ohne Diskussion eingestellt.
  • Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.
  • Ich werde dir ganz deutlich mitteilen, dass du "sauber" bist. Bis dahin arbeite bitte gut mit.
  • Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.


Gelesen und verstanden?


Schritt 1:
Laufwerksemulationen abschalten mit Defogger
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es:
  • Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
  • Defogger wird dich fragen "Defogger will forcefully ... Continue?" bestätige dies mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Poste bitte die defogger_disable.txt von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.
Schritt 2:
Scan mit GMER
Bitte lade dir GMER herunter: (Dateiname zufällig)
  • Schliesse alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhälst du einen Bluescreen, dann entferne den Haken vor Devices.


Schritt 3:
Scan mit DDS+ (mit attach)
Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.

dds.com
  • Schließe alle laufenden Programme und starte DDS mit Doppelklick.
  • Der Desktop wird verschwinden, das ist normal.
  • Stelle folgendes ein:

    [X] dds.txt
    [X] attach.txt
    [ ] options for dds.txt

  • Ändere keine Einstellung ohne Anweisung.
  • Klicke auf Start.
  • Es werden 2 Logfiles auf deinem Desktop erstellt.
    • dds.txt
    • attach.txt
  • Poste die beiden Logfile hier, möglichst in CODE-Tags.
__________________

__________________

Alt 09.01.2013, 21:07   #3
Hannibaal
 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio - Standard

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio



defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:53 on 09/01/2013 (Papa)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCUAEMON Tools Pro Agent -> Removed

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-


GMER 2.0.18444 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-01-09 21:03:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-6 WDC_WD10EURS-630AB1 rev.80.00A80 931,51GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Papa\AppData\Local\Temp\kxldapow.sys


---- User code sections - GMER 2.0 ----

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e01401 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1256] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e01419 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e01431 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e0144a 2 bytes [E0, 75]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1256] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e014dd 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e014f5 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1256] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e0150d 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e01525 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e0153d 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1256] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e01555 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e0156d 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e01585 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1256] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e0159d 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e015b5 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e015cd 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e016b2 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1256] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e016bd 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e01401 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[124] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e01419 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e01431 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e0144a 2 bytes [E0, 75]
.text ... * 9
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[124] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e014dd 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e014f5 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e0150d 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e01525 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e0153d 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[124] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e01555 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[124] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e0156d 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[124] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e01585 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e0159d 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e015b5 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e015cd 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e016b2 2 bytes [E0, 75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e016bd 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000728e17fa 2 bytes [8E, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000728e1860 2 bytes [8E, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000728e1942 2 bytes [8E, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000728e194d 2 bytes [8E, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e01401 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e01419 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e01431 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e0144a 2 bytes [E0, 75]
.text ... * 9
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e014dd 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e014f5 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e0150d 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e01525 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e0153d 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e01555 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e0156d 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e01585 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e0159d 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e015b5 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e015cd 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e016b2 2 bytes [E0, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2096] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e016bd 2 bytes [E0, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e01401 2 bytes [E0, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4136] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e01419 2 bytes [E0, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e01431 2 bytes [E0, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e0144a 2 bytes [E0, 75]
.text ... * 9
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4136] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e014dd 2 bytes [E0, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e014f5 2 bytes [E0, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e0150d 2 bytes [E0, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e01525 2 bytes [E0, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e0153d 2 bytes [E0, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4136] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e01555 2 bytes [E0, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4136] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e0156d 2 bytes [E0, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4136] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e01585 2 bytes [E0, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e0159d 2 bytes [E0, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e015b5 2 bytes [E0, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e015cd 2 bytes [E0, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e016b2 2 bytes [E0, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e016bd 2 bytes [E0, 75]

---- Threads - GMER 2.0 ----

Thread C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe [4488:4492] 00000000004748da
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4864:4184] 000007fefb512a7c
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4864:712] 000000006c96d068
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:1132] 000000006574fee5
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:912] 0000000076f93e45
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:1140] 0000000065748f6c
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:1204] 000000006f6cc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:4092] 0000000076f92e25
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:4204] 000000006f6cc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:4200] 00000000721162ee
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:4156] 000000006f6cc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:4160] 000000006f6cc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:4168] 000000006f6cc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:4152] 000000006f6cc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:4108] 000000006f6cc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:3236] 000000006f6cc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:3620] 00000000742727e1
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:1500] 0000000076f97111
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:4624] 000000006f6cc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:4604] 000000006f6cc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:4664] 000000006f6cc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:4608] 000000006f6cc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:4596] 000000006f6cc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:4640] 000000006f6cc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:4592] 000000006f6cc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:4580] 000000006f6cc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:4588] 000000006f6cc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:4516] 000000006f6cc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:4564] 000000006f6cc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:1260] 000000006f6cc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:4996] 000000006f6cc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:5000] 000000006f6cc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:4652] 0000000076f93e45
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:1220] 0000000076f93e45
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:1732] 00000000734b32fb
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:2484] 00000000767be44f
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:3700] 0000000076a0d864
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:4740] 000000006f6cc724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [5064:920] 0000000076f93e45
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3684] 000007fef17a0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4864] 000007fef03c0000

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0x28 0x3E 0xE6 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x91 0x6A 0x0D 0xF3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x43 0x46 0xA6 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0x28 0x3E 0xE6 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x91 0x6A 0x0D 0xF3 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x43 0x46 0xA6 0x33 ...

---- EOF - GMER 2.0 ----DDS Logfile:
Code:
ATTFilter
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.7.2
Run by Papa at 21:04:34 on 2013-01-09
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.4094.2523 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AAVUpdateManager\aavus.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\FightMouse Elite\Gaming 3.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=f53418df-78bd-4227-b9a2-d685af7f664e&searchtype=hp
uSearch Bar = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=f53418df-78bd-4227-b9a2-d685af7f664e&searchtype=ds&q={searchTerms}
uSearch Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=f53418df-78bd-4227-b9a2-d685af7f664e&searchtype=ds&q={searchTerms}
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=f53418df-78bd-4227-b9a2-d685af7f664e&searchtype=ds&q={searchTerms}
BHO: QuickStores-Toolbar: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - 
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: QuickStores-Toolbar: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - 
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [EPSON BX305 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGJE.EXE /FU "C:\Windows\TEMP\E_S562C.tmp" /EF "HKCU"
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Win Final] C:\Users\Papa\AppData\Roaming\Win Final.exe
uRun: [Windows Uninstaller] "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
uRun: [Microsoft] C:\Program Files (x86)\MSBuild\Microsoft\MSServices.lnk
uRun: [Football News] C:\Program Files (x86)\Football News App\Football News.exe /minimized
uRun: [dll] C:\Users\Papa\AppData\Roaming\dll\svchost.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Gaming 3] "C:\FightMouse Elite\Gaming 3.exe" /hide
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
StartupFolder: C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Papa\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{0FCEFD44-067A-42D5-A386-E5490B31E05F} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{9043E83F-CA30-4CB4-B010-CCF80B204FD6} : DHCPNameServer = 192.168.2.1
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-BHO: Plugin for Media Finder: {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\Papa\AppData\Roaming\Media Finder\Extensions\IEPlugin64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
x64-Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
x64-Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\cxpalgbe.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=f53418df-78bd-4227-b9a2-d685af7f664e&searchtype=ds&q=
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Users\Papa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-12-16 14:21; quickstores@quickstores.de; C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109981
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.ovrDmn - isearch.babylon.com
FF - user.js: extensions.BabylonToolbar_i.id - f007be420000000000006cf049130075
FF - user.js: extensions.BabylonToolbar_i.hardId - f007be420000000000006cf049130075
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15410
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:05:26
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extentions.y2layers.installId - 696630a9-4b4c-4d9e-bce3-072ba822acd1
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,TopRelatedTopics,BestVideoDownloader,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2012-7-18 72240]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2012-7-18 15920]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-4-21 27760]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-10-23 271424]
R2 AAV UpdateService;AAV UpdateService;C:\Program Files (x86)\AAVUpdateManager\aavus.exe [2008-10-24 128296]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-4 238080]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-28 361984]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-4-21 86224]
R2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-4-21 110032]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-4-21 97312]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-30 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-30 682344]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-9-23 46136]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-9-23 24176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-23 236544]
S2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FWLANUSB;AVM FRITZ!WLAN;C:\Windows\System32\drivers\fwlanusb.sys [2010-10-22 460800]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-9-24 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-24 59392]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-01-09 18:34:58	--------	d-sh--r-	C:\Users\Papa\AppData\Roaming\dll
2013-01-09 18:34:54	75264	----a-w-	C:\Users\Papa\AppData\Local\543419912013a.exe
2013-01-09 17:40:32	--------	d-----w-	C:\Users\Papa\AppData\Local\Programs
2013-01-09 17:16:26	179712	----a-w-	C:\Users\Papa\AppData\Local\261618912013Build.exe
2013-01-09 14:44:40	--------	d-----w-	C:\Program Files (x86)\AMD AVT
2013-01-08 13:48:29	9125352	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{60874895-B4CA-46A5-940D-C456BFB42122}\mpengine.dll
2013-01-07 19:01:48	179712	----a-w-	C:\Users\Papa\AppData\Local\48120712013Build.exe
2013-01-05 14:18:18	179712	----a-w-	C:\Users\Papa\AppData\Local\171815512013Build.exe
2013-01-03 11:03:02	--------	d-----w-	C:\Users\Papa\AppData\Roaming\7road
2013-01-01 19:55:12	179712	----a-w-	C:\Users\Papa\AppData\Local\125520112013Build.exe
2013-01-01 18:02:53	179712	----a-w-	C:\Users\Papa\AppData\Local\53219112013Build.exe
2012-12-31 17:48:29	179712	----a-w-	C:\Users\Papa\AppData\Local\29481831122012Build.exe
2012-12-30 20:15:58	179712	----a-w-	C:\Users\Papa\AppData\Local\58152130122012Build.exe
2012-12-29 18:41:26	179712	----a-w-	C:\Users\Papa\AppData\Local\26411929122012Build.exe
2012-12-29 11:10:27	179712	----a-w-	C:\Users\Papa\AppData\Local\26101229122012Build.exe
2012-12-28 20:42:33	256512	----a-w-	C:\Users\Papa\AppData\Local\33422128122012cryptedrev.exe
2012-12-28 20:22:22	179712	----a-w-	C:\Users\Papa\AppData\Local\22222128122012Build.exe
2012-12-23 20:31:18	179712	----a-w-	C:\Users\Papa\AppData\Local\18312123122012Build.exe
2012-12-23 19:21:57	179712	----a-w-	C:\Users\Papa\AppData\Local\57212023122012Build.exe
2012-12-23 08:41:59	--------	d-----w-	C:\Users\Papa\AppData\Roaming\XMedia Recode
2012-12-23 07:26:07	--------	d-----w-	C:\Program Files (x86)\XMedia Recode
2012-12-23 07:17:46	--------	d-----w-	C:\Users\Papa\AppData\Local\IsolatedStorage
2012-12-23 07:17:29	--------	d-----w-	C:\Users\Papa\AppData\Local\Digital_Distribution
2012-12-23 07:16:14	719872	----a-w-	C:\Windows\SysWow64\devil.dll
2012-12-23 07:16:14	70656	----a-w-	C:\Windows\SysWow64\yv12vfw.dll
2012-12-23 07:16:14	70656	----a-w-	C:\Windows\SysWow64\i420vfw.dll
2012-12-23 07:16:14	369152	----a-w-	C:\Windows\SysWow64\avisynth.dll
2012-12-23 07:16:14	32256	----a-w-	C:\Windows\SysWow64\AVSredirect.dll
2012-12-23 07:16:10	--------	d-----w-	C:\Program Files (x86)\AviSynth 2.5
2012-12-23 07:15:43	--------	d-sh--w-	C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-23 07:14:28	499712	----a-w-	C:\Windows\SysWow64\msvcp71.dll
2012-12-23 07:14:28	348160	----a-w-	C:\Windows\SysWow64\msvcr71.dll
2012-12-23 07:14:28	327749	----a-w-	C:\Windows\SysWow64\drvc.dll
2012-12-23 07:13:28	--------	d-----w-	C:\Program Files (x86)\eRightSoft
2012-12-23 07:07:56	893552	----a-w-	C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-12-23 07:07:44	42776	----a-w-	C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-12-23 07:07:23	1236816	----a-w-	C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-12-22 19:21:25	179712	----a-w-	C:\Users\Papa\AppData\Local\25212022122012Build.exe
2012-12-21 18:04:58	46080	----a-w-	C:\Windows\System32\atmlib.dll
2012-12-21 18:04:58	367616	----a-w-	C:\Windows\System32\atmfd.dll
2012-12-21 18:04:58	34304	----a-w-	C:\Windows\SysWow64\atmlib.dll
2012-12-21 18:04:57	295424	----a-w-	C:\Windows\SysWow64\atmfd.dll
2012-12-16 13:23:47	--------	d-----w-	C:\Program Files\Unlocker
2012-12-16 13:21:09	--------	d-----w-	C:\Program Files (x86)\Unlocker
2012-12-16 12:32:25	99614720	----a-w-	C:\Users\Papa\AppData\Roaming\Win Final.exe
2012-12-12 17:01:15	2048	----a-w-	C:\Windows\SysWow64\tzres.dll
2012-12-12 17:00:57	424960	----a-w-	C:\Windows\System32\KernelBase.dll
.
==================== Find3M  ====================
.
2013-01-09 15:36:46	74248	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 15:36:46	697864	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-04 09:21:02	282296	----a-w-	C:\Windows\SysWow64\PnkBstrB.xtr
2013-01-04 09:21:02	282296	----a-w-	C:\Windows\SysWow64\PnkBstrB.exe
2013-01-04 09:20:40	215128	----a-w-	C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-14 15:49:28	24176	----a-w-	C:\Windows\System32\drivers\mbam.sys
2012-11-22 03:26:40	3149824	----a-w-	C:\Windows\System32\win32k.sys
2012-11-12 12:28:37	1638912	----a-w-	C:\Windows\System32\mshtml.tlb
2012-11-12 11:52:18	1638912	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09	2048	----a-w-	C:\Windows\System32\tzres.dll
2012-11-02 05:59:11	478208	----a-w-	C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31	376832	----a-w-	C:\Windows\SysWow64\dpnet.dll
2012-10-27 06:26:55	981504	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-10-27 05:51:21	1188864	----a-w-	C:\Windows\System32\wininet.dll
2012-10-25 02:12:26	94208	----a-w-	C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12:26	69632	----a-w-	C:\Windows\SysWow64\QuickTime.qts
2012-10-16 08:38:37	135168	----a-w-	C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34	350208	----a-w-	C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52	561664	----a-w-	C:\Windows\apppatch\AcLayers.dll
.
============= FINISH: 21:05:03,63 ===============
         
--- --- ---



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 23.09.2011 20:41:14
System Uptime: 09.01.2013 20:54:02 (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA78LM-S2H
Processor: AMD Phenom(tm) II X4 965 Processor | Socket M2 | 2686/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 468 GiB total, 281,53 GiB free.
D: is FIXED (NTFS) - 114 GiB total, 92,753 GiB free.
E: is FIXED (NTFS) - 78 GiB total, 52,076 GiB free.
F: is FIXED (NTFS) - 273 GiB total, 251,326 GiB free.
G: is CDROM ()
H: is CDROM ()
I: is FIXED (NTFS) - 463 GiB total, 445,188 GiB free.
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\5&2D71D9D&0&3
Manufacturer: (Standard-USB-Hostcontroller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\5&2D71D9D&0&3
Service:
.
Class GUID: {997b5d8d-c442-4f2e-baf3-9c8e671e9e21}
Description: Logitech GamePanel-Geräte (Mono)
Device ID: ROOT\SIDESHOW\0001
Manufacturer: Logitech Inc
Name: Logitech GamePanel-Geräte (Mono)
PNP Device ID: ROOT\SIDESHOW\0001
Service: WUDFRd
.
==== System Restore Points ===================
.
RP203: 01.01.2013 10:58:10 - Windows Update
RP204: 08.01.2013 14:48:10 - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20
7-Zip 9.20 (x64 edition)
AAVUpdateManager
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Reader X (10.1.1) - Deutsch
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Apple Application Support
Avira Free Antivirus
Battlefield: Bad Company™ 2
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Curse Client
DAEMON Tools Pro
DAEMON Tools Toolbar
Druckerdeinstallation für EPSON BX305 Series
EPSON BX305 Series Handbuch
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson FAX Utility
EPSON Scan
FightMouse Elite
Google Chrome
Google Earth
Google Update Helper
High-Definition Video Playback
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 27 (64-bit)
LightScribe System Software
Logitech GamePanel Software 3.06.109
Malwarebytes Anti-Malware Version 1.70.0.1100
MediaMonkey 3.2
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Mozilla Firefox 17.0.1 (x86 de)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 11 Cliparts
Nero 11 Disc Menus 1
Nero 11 Disc Menus 2
Nero 11 Disc Menus 3
Nero 11 Disc Menus Basic
Nero 11 Effects Basic
Nero 11 Image Samples
Nero 11 Kwik Themes 1
Nero 11 Kwik Themes 2
Nero 11 Kwik Themes 3
Nero 11 Kwik Themes 4
Nero 11 Kwik Themes Basic
Nero 11 PiP Effects 1
Nero 11 PiP Effects Basic
Nero 11 Platinum
Nero 11 Video Samples
Nero 11 Video Transitions 1
Nero Audio Pack 1
Nero BackItUp 11
Nero BackItUp 11 Help (CHM)
Nero Backup Drivers
Nero Burning ROM 11
Nero Burning ROM 11 Help (CHM)
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero CoverDesigner 11
Nero CoverDesigner 11 Help (CHM)
Nero Express 11
Nero Express 11 Help (CHM)
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Recode 11
Nero Recode 11 Help (CHM)
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero SharedVideoCodecs
Nero SoundTrax 11
Nero SoundTrax 11 Help (CHM)
Nero Update
Nero Video 11
Nero Video 11 Help (CHM)
Nero WaveEditor 11
Nero WaveEditor 11 Help (CHM)
nero.prerequisites.msi
NVIDIA PhysX
OpenOffice.org 3.3
Origin
PDF Settings CS5
QuickStores-Toolbar 1.1.0
QuickTime
Realtek Ethernet Controller Driver
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
SmartFTP Client German (Germany) MUI
Steuer-Sparer 2011
Steuersparer 2012
TeamSpeak 3 Client
TortoiseSVN 1.7.6.22632 (64 bit)
Unity Web Player
Unlocker 1.9.1-x64
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
UseNeXT
Version 1.0.0.5
VLC media player 1.1.11
Welcome App (Start-up experience)
Windows Media Center Add-in for Silverlight
Windows Media Player Firefox Plugin
WinRAR 4.01 (32-Bit)
WinZip 16.5
World of Warcraft
XMedia Recode Version 3.1.3.6
Yahoo! Detect
Yontoo 1.10.02
.
==== End Of File ===========================
__________________

Alt 09.01.2013, 21:14   #4
ryder
/// TB-Ausbilder
 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio - Standard

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio



Also dann weiter:


Schritt 1:
Deinstallation von Programmen
  • Windows XP: Start > Systemsteuerung > Software > [Programmname] > Deinstallieren
  • Windows Vista / 7: Start > Systemsteuerung > Programme und Funktionen > [Programmname] > Deinstallieren
  • ggf. Neustart zulassen
Deinstalliere - falls du es nicht absichtlich installiert hast - alles was den Zusatz "Toolbar" enthält.

Gehe bitte die folgende Liste durch und deinstalliere die genannten Programme, falls vorhanden:
CCleaner oder andere Registry-Cleaner, TuneUp Utilities (inkl. Language Pack), Glary Utilities, Spybot S & D (inklusive Teatimer), Zonealarm Firewall, McAfee Security Scan, Spyware Hunter, Spyware Terminator, Java 6 (alle), Pokersoftware, xp-Antispy



Schritt 2:
Windows-Defender abschalten

Da du einen anderen Virenscanner benutzt solltest du dringend den windowseigenen Scanner abschalten:
  • Gehe in die Systemsteuerung und klicke auf Windows Defender.
  • Klicke Extras > Optionen.
  • Administratoroptionen > Haken entfernen bei Windows Defender verwenden.
  • Bestätige und schliesse alle offenen Fenster.

Schritt 3:
Temporäre Dateien löschen mit TFC

Bitte lade dir TFC auf deinen Desktop und starte es. Es wird automatisch alle temporären Dateien entfernen.
Schritt 4:
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!


Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 09.01.2013, 21:53   #5
Hannibaal
 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio - Standard

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio



Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-08.01 - Papa 09.01.2013  21:40:59.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.4094.2491 [GMT 1:00]
ausgeführt von:: c:\users\Papa\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\Papa\AppData\Local\125520112013Build.exe
c:\users\Papa\AppData\Local\171815512013Build.exe
c:\users\Papa\AppData\Local\18312123122012Build.exe
c:\users\Papa\AppData\Local\22222128122012Build.exe
c:\users\Papa\AppData\Local\25212022122012Build.exe
c:\users\Papa\AppData\Local\26101229122012Build.exe
c:\users\Papa\AppData\Local\261618912013Build.exe
c:\users\Papa\AppData\Local\26411929122012Build.exe
c:\users\Papa\AppData\Local\29481831122012Build.exe
c:\users\Papa\AppData\Local\33422128122012cryptedrev.exe
c:\users\Papa\AppData\Local\48120712013Build.exe
c:\users\Papa\AppData\Local\53219112013Build.exe
c:\users\Papa\AppData\Local\543419912013a.exe
c:\users\Papa\AppData\Local\57212023122012Build.exe
c:\users\Papa\AppData\Local\58152130122012Build.exe
c:\users\Papa\AppData\Roaming\dll
c:\users\Papa\AppData\Roaming\Win Final.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-09 bis 2013-01-09  ))))))))))))))))))))))))))))))
.
.
2013-01-09 20:46 . 2013-01-09 20:46	--------	d-----w-	c:\users\Mcx1-PAPA-PC\AppData\Local\temp
2013-01-09 20:46 . 2013-01-09 20:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-09 19:55 . 2013-01-09 19:55	--------	d-----w-	c:\users\Papa\AppData\Roaming\Apple Computer
2013-01-09 17:40 . 2013-01-09 17:40	--------	d-----w-	c:\users\Papa\AppData\Local\Programs
2013-01-09 14:44 . 2013-01-09 14:44	--------	d-----w-	c:\program files (x86)\AMD AVT
2013-01-08 13:48 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{60874895-B4CA-46A5-940D-C456BFB42122}\mpengine.dll
2013-01-03 11:03 . 2013-01-03 11:03	--------	d-----w-	c:\users\Papa\AppData\Roaming\7road
2012-12-23 08:41 . 2012-12-23 08:41	--------	d-----w-	c:\users\Papa\AppData\Roaming\XMedia Recode
2012-12-23 07:17 . 2012-12-23 07:17	--------	d-----w-	c:\users\Papa\AppData\Local\IsolatedStorage
2012-12-23 07:17 . 2012-12-23 07:17	--------	d-----w-	c:\users\Papa\AppData\Local\Digital_Distribution
2012-12-23 07:16 . 2009-09-27 08:39	369152	----a-w-	c:\windows\SysWow64\avisynth.dll
2012-12-23 07:16 . 2005-07-14 11:31	32256	----a-w-	c:\windows\SysWow64\AVSredirect.dll
2012-12-23 07:16 . 2004-02-22 09:11	719872	----a-w-	c:\windows\SysWow64\devil.dll
2012-12-23 07:16 . 2004-01-24 23:00	70656	----a-w-	c:\windows\SysWow64\yv12vfw.dll
2012-12-23 07:16 . 2004-01-24 23:00	70656	----a-w-	c:\windows\SysWow64\i420vfw.dll
2012-12-23 07:16 . 2012-12-23 07:16	--------	d-----w-	c:\program files (x86)\AviSynth 2.5
2012-12-23 07:15 . 2012-12-23 07:15	--------	d-sh--w-	c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-23 07:14 . 2004-07-02 16:33	327749	----a-w-	c:\windows\SysWow64\drvc.dll
2012-12-23 07:14 . 2003-06-05 12:57	499712	----a-w-	c:\windows\SysWow64\msvcp71.dll
2012-12-23 07:14 . 2003-02-21 03:42	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2012-12-23 07:13 . 2012-12-23 09:26	--------	d-----w-	c:\program files (x86)\eRightSoft
2012-12-23 07:07 . 2012-12-23 07:07	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-12-23 07:07 . 2012-12-23 07:07	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-12-23 07:07 . 2012-12-23 07:07	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-12-21 18:04 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-21 18:04 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 18:04 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-21 18:04 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 13:21 . 2012-12-16 13:23	--------	d-----w-	c:\program files (x86)\Unlocker
2012-12-12 17:00 . 2012-10-04 17:45	215040	----a-w-	c:\windows\system32\winsrv.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 15:36 . 2012-04-07 05:30	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 15:36 . 2011-09-24 09:48	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-04 09:21 . 2011-10-07 16:12	282296	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-01-04 09:21 . 2011-10-02 12:24	282296	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-01-04 09:20 . 2011-10-02 11:54	215128	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-12-14 15:49 . 2011-09-23 19:05	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-12 18:18 . 2011-09-26 14:16	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-10-25 02:12 . 2012-10-25 02:12	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2012-10-16 08:38 . 2012-11-28 14:18	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 14:18	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 14:18	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-12-09 01:11	194848	----a-w-	c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	64792	----a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"Windows Uninstaller"="c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" [2010-11-05 1169224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Gaming 3"="c:\fightmouse elite\Gaming 3.exe" [2010-06-09 1273856]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2012-01-13 1493288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
.
c:\users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-11-25 0]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2010-10-22 460800]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-23 271424]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 15:36]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-12 12:41]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-12 12:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}]
2011-12-07 17:28	414720	----a-w-	c:\users\Papa\AppData\Roaming\Media Finder\Extensions\IEPlugin64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20	75544	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=f53418df-78bd-4227-b9a2-d685af7f664e&searchtype=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=f53418df-78bd-4227-b9a2-d685af7f664e&searchtype=ds&q={searchTerms}
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\cxpalgbe.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=f53418df-78bd-4227-b9a2-d685af7f664e&searchtype=ds&q=
FF - ExtSQL: 2012-12-16 14:21; quickstores@quickstores.de; c:\program files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109981
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.ovrDmn - isearch.babylon.com
FF - user.js: extensions.BabylonToolbar_i.id - f007be420000000000006cf049130075
FF - user.js: extensions.BabylonToolbar_i.hardId - f007be420000000000006cf049130075
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15410
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:05
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extentions.y2layers.installId - 696630a9-4b4c-4d9e-bce3-072ba822acd1
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,TopRelatedTopics,BestVideoDownloader,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-Win Final - c:\users\Papa\AppData\Roaming\Win Final.exe
Wow6432Node-HKCU-Run-Football News - c:\program files (x86)\Football News App\Football News.exe
Toolbar-10 - (no file)
AddRemove-UnityWebPlayer - c:\users\Papa\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-590987251-3446536058-3607718597-1001\Software\SecuROM\License information*]
"datasecu"=hex:71,7b,e8,b0,ef,aa,5e,d7,7e,ed,ab,72,97,dc,bd,5d,4c,7f,b7,d5,c8,
   b9,50,fa,fd,60,d6,16,1e,66,76,4e,7c,eb,e1,19,92,d3,e6,4d,74,fb,be,8f,78,a3,\
"rkeysecu"=hex:61,b2,ee,dc,9d,6d,b3,ed,8d,70,72,9a,05,d2,35,db
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-09  21:48:39
ComboFix-quarantined-files.txt  2013-01-09 20:48
.
Vor Suchlauf: 10 Verzeichnis(se), 302.856.032.256 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 302.111.825.920 Bytes frei
.
- - End Of File - - 41101AB3B10CB0C3D79DA7269F43CF86
         
--- --- ---


Alt 09.01.2013, 21:58   #6
ryder
/// TB-Ausbilder
 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio - Standard

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio



Du solltest mir zu jedem Schritt schreiben ob das geklappt hat. Du hast Schritt 2 durchgeführt?
__________________
--> HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio

Alt 09.01.2013, 21:58   #7
ryder
/// TB-Ausbilder
 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio - Standard

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio



Ausserdem bitte Dateien zur Analyse einsenden.


Upload zur Analyse bei Trojaner-Board
  • Bitte den folgenden Ordner/Dateien in ein Zip-Archiv packen (kein Passwort!)
    Code:
    ATTFilter
    c:\qoobox
             
  • Jetzt die Dateien bitte nach folgende Anleitung zur Analyse einsenden.
    Trojaner-Board Upload-Channel
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 09.01.2013, 21:59   #8
Hannibaal
 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio - Standard

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio



ups sorry nee habe die win firewall abgeschaltet

Malwarebytes Anti-Malware 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.01.09.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Papa :: PAPA-PC [Administrator]

09.01.2013 21:55:54
mbam-log-2013-01-09 (21-55-54).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 232512
Laufzeit: 2 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

7-Zip 9.20
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Reader X (10.1.1) - Deutsch
AMD VISION Engine Control Center
Apple Application Support
Avira Free Antivirus
Battlefield: Bad Company™ 2
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
DAEMON Tools Pro
DAEMON Tools Toolbar
EPSON BX305 Series Handbuch
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson FAX Utility
EPSON Scan
FightMouse Elite
Google Earth
Google Update Helper
High-Definition Video Playback
Java 7 Update 7
Java Auto Updater
LightScribe System Software
Malwarebytes Anti-Malware Version 1.70.0.1100
MediaMonkey 3.2
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 17.0.1 (x86 de)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 11 Cliparts
Nero 11 Disc Menus 1
Nero 11 Disc Menus 2
Nero 11 Disc Menus 3
Nero 11 Disc Menus Basic
Nero 11 Effects Basic
Nero 11 Image Samples
Nero 11 Kwik Themes 1
Nero 11 Kwik Themes 2
Nero 11 Kwik Themes 3
Nero 11 Kwik Themes 4
Nero 11 Kwik Themes Basic
Nero 11 PiP Effects 1
Nero 11 PiP Effects Basic
Nero 11 Platinum
Nero 11 Video Samples
Nero 11 Video Transitions 1
Nero Audio Pack 1
Nero BackItUp 11
Nero BackItUp 11 Help (CHM)
Nero Burning ROM 11
Nero Burning ROM 11 Help (CHM)
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero CoverDesigner 11
Nero CoverDesigner 11 Help (CHM)
Nero Express 11
Nero Express 11 Help (CHM)
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Recode 11
Nero Recode 11 Help (CHM)
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero SharedVideoCodecs
Nero SoundTrax 11
Nero SoundTrax 11 Help (CHM)
Nero Update
Nero Video 11
Nero Video 11 Help (CHM)
Nero WaveEditor 11
Nero WaveEditor 11 Help (CHM)
nero.prerequisites.msi
NVIDIA PhysX
OpenOffice.org 3.3
Origin
PDF Settings CS5
QuickTime
Realtek Ethernet Controller Driver
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Steuer-Sparer 2011
Steuersparer 2012
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
UseNeXT
Version 1.0.0.5
VLC media player 1.1.11
Welcome App (Start-up experience)
Windows Media Center Add-in for Silverlight
Windows Media Player Firefox Plugin
WinRAR 4.01 (32-Bit)
World of Warcraft
Yahoo! Detect

2013-01-09 20:47:50 . 2013-01-09 20:47:50 1,404 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-UnityWebPlayer.reg.dat
2013-01-09 20:47:42 . 2013-01-09 20:47:42 131 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-10.reg.dat
2013-01-09 20:47:28 . 2013-01-09 20:47:28 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-Football News.reg.dat
2013-01-09 20:47:27 . 2013-01-09 20:47:27 231 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-Win Final.reg.dat
2013-01-09 20:47:26 . 2013-01-09 20:47:26 207 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-10.reg.dat
2013-01-09 20:47:26 . 2013-01-09 20:47:26 132 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-{28387537-e3f9-4ed7-860c-11e69af4a8a0}.reg.dat
2013-01-09 20:44:56 . 2013-01-09 20:44:56 5,673 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-01-09 20:39:02 . 2013-01-09 20:39:02 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
2013-01-09 18:34:54 . 2013-01-09 18:34:54 75,264 ----a-w- C:\Qoobox\Quarantine\C\Users\Papa\AppData\Local\543419912013a.exe.vir
2013-01-09 17:16:26 . 2013-01-09 17:16:26 179,712 ----a-w- C:\Qoobox\Quarantine\C\Users\Papa\AppData\Local\261618912013Build.exe.vir
2013-01-07 19:01:48 . 2013-01-07 19:01:48 179,712 ----a-w- C:\Qoobox\Quarantine\C\Users\Papa\AppData\Local\48120712013Build.exe.vir
2013-01-05 14:18:18 . 2013-01-05 14:18:18 179,712 ----a-w- C:\Qoobox\Quarantine\C\Users\Papa\AppData\Local\171815512013Build.exe.vir
2013-01-01 19:55:12 . 2013-01-01 19:55:12 179,712 ----a-w- C:\Qoobox\Quarantine\C\Users\Papa\AppData\Local\125520112013Build.exe.vir
2013-01-01 18:02:53 . 2013-01-01 18:02:53 179,712 ----a-w- C:\Qoobox\Quarantine\C\Users\Papa\AppData\Local\53219112013Build.exe.vir
2012-12-31 17:48:29 . 2012-12-31 17:48:29 179,712 ----a-w- C:\Qoobox\Quarantine\C\Users\Papa\AppData\Local\29481831122012Build.exe.vir
2012-12-30 20:15:58 . 2012-12-30 20:15:58 179,712 ----a-w- C:\Qoobox\Quarantine\C\Users\Papa\AppData\Local\58152130122012Build.exe.vir
2012-12-29 18:41:26 . 2012-12-29 18:41:26 179,712 ----a-w- C:\Qoobox\Quarantine\C\Users\Papa\AppData\Local\26411929122012Build.exe.vir
2012-12-29 11:10:27 . 2012-12-29 11:10:27 179,712 ----a-w- C:\Qoobox\Quarantine\C\Users\Papa\AppData\Local\26101229122012Build.exe.vir
2012-12-28 20:42:33 . 2012-12-28 20:42:33 256,512 ----a-w- C:\Qoobox\Quarantine\C\Users\Papa\AppData\Local\33422128122012cryptedrev.exe.vir
2012-12-28 20:22:22 . 2012-12-28 20:22:22 179,712 ----a-w- C:\Qoobox\Quarantine\C\Users\Papa\AppData\Local\22222128122012Build.exe.vir
2012-12-23 20:31:18 . 2012-12-23 20:31:18 179,712 ----a-w- C:\Qoobox\Quarantine\C\Users\Papa\AppData\Local\18312123122012Build.exe.vir
2012-12-23 19:21:57 . 2012-12-23 19:21:57 179,712 ----a-w- C:\Qoobox\Quarantine\C\Users\Papa\AppData\Local\57212023122012Build.exe.vir
2012-12-22 19:21:25 . 2012-12-22 19:21:25 179,712 ----a-w- C:\Qoobox\Quarantine\C\Users\Papa\AppData\Local\25212022122012Build.exe.vir
2012-12-16 12:32:25 . 2012-11-18 10:22:10 99,614,720 ----a-w- C:\Qoobox\Quarantine\C\Users\Papa\AppData\Roaming\Win Final.exe.vir
2012-03-11 07:29:15 . 2012-03-11 07:29:15 262,144 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\ntuser.dat.vir

Alt 09.01.2013, 22:45   #9
ryder
/// TB-Ausbilder
 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio - Standard

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio



Sag mal, was postest du mir da eigentlich?

Ich wollte wissen ob du den Defender abgeschalten hast oder nicht und du sollst mir bitte die genannten Dateien zur Analyse einschicken.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 11.01.2013, 16:41   #10
ryder
/// TB-Ausbilder
 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio - Standard

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio



Hallo, benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 13.01.2013, 14:45   #11
ryder
/// TB-Ausbilder
 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio - Standard

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst. Keine Logfiles einsenden, nur kurzer Hinweis.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Antwort

Themen zu HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio
administrator, aktion, anti-malware, appdata, aufsetzen, autostart, backdoor.ircbot, bösartige, dateien, daten, dinger, entfernen, explorer, malwarebytes, microsoft, minute, neu aufsetzen, registrierung, roaming, service, software, speicher, svchost.exe, system neu, trojan.agent, version, windows



Ähnliche Themen: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio


  1. 2 Trojaner gefunden HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ytnaopy
    Log-Analyse und Auswertung - 24.05.2013 (56)
  2. Trojaner in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nicht dauerhaft löschbar
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (32)
  3. Online- Banking gesperrt! Trojan.FakeAlert.Gen & Trojan.ZbotR.Gen in (C:\Users\\AppData\Temp & C:\Users\\AppData\Roaming\Osje\rutaap.exe)
    Log-Analyse und Auswertung - 06.02.2013 (1)
  4. Trojaner Trojan.Agent.Gen in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Run¦1
    Log-Analyse und Auswertung - 02.02.2013 (24)
  5. Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load
    Plagegeister aller Art und deren Bekämpfung - 27.10.2012 (31)
  6. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|12843 (Trojan.Agent) lässt sich nicht entfernen :(
    Plagegeister aller Art und deren Bekämpfung - 16.10.2012 (9)
  7. HKML\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run/14328 (Trojan.Agent) läßt sich nicht entfernen!
    Log-Analyse und Auswertung - 11.10.2012 (27)
  8. (Trojan.ZbotR.Gen) in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{F94BBF9C-6512-2F70-5CF8-03CA54A5F682}
    Log-Analyse und Auswertung - 28.09.2012 (45)
  9. Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load
    Plagegeister aller Art und deren Bekämpfung - 26.08.2012 (10)
  10. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom)
    Plagegeister aller Art und deren Bekämpfung - 20.07.2012 (10)
  11. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    Log-Analyse und Auswertung - 22.04.2012 (3)
  12. Gleiches Problem wie Backdoor.Agent in HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Sh
    Plagegeister aller Art und deren Bekämpfung - 06.03.2012 (12)
  13. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{975670D0-7EFB-.....
    Plagegeister aller Art und deren Bekämpfung - 29.02.2012 (26)
  14. Backdoor.Agent in HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell
    Plagegeister aller Art und deren Bekämpfung - 28.01.2012 (13)
  15. Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS
    Plagegeister aller Art und deren Bekämpfung - 20.10.2010 (21)
  16. Trojan.Gen in C:\Users\***\AppData\Roaming\default\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 12.08.2010 (7)
  17. O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
    Mülltonne - 02.12.2008 (0)

Zum Thema HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio - Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.09.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Papa :: PAPA-PC [Administrator] 09.01.2013 18:41:18 log neu.txt Art des Suchlaufs: Vollständiger Suchlauf - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio...
Archiv
Du betrachtest: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.