Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Spy.Banker.Gen' in 'C:\Users\***\AppData\Roaming\01040\components\AcroFF.dll

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.03.2013, 14:00   #1
Zizibee
 
TR/Spy.Banker.Gen' in  'C:\Users\***\AppData\Roaming\01040\components\AcroFF.dll - Standard

TR/Spy.Banker.Gen' in 'C:\Users\***\AppData\Roaming\01040\components\AcroFF.dll



Hallo zusammen, heute bekam ich von avira obengenannte meldung über den virus! hab ihn dann in quarantäne verschoben und leider im eifer des gefechts gelöscht ich versteh von pcs leider weniger als bahnhof, hab aber den otl-scan gemacht (siehe kopien) und GMER folgt sogleich... wär riesig, wenn mir jemand helfen kann! liebe grüße, zizibeeOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 3/11/2013 1:24:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Pia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.96 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 63.59% Memory free
5.92 Gb Paging File | 4.65 Gb Available in Paging File | 78.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 70.22 Gb Total Space | 25.98 Gb Free Space | 37.00% Space Free | Partition Type: NTFS
Drive D: | 142.57 Gb Total Space | 140.20 Gb Free Space | 98.34% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: p | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/03/11 13:21:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013/02/12 15:46:24 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/02/12 15:46:17 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013/02/12 15:46:16 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/02/12 15:46:16 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/02/05 16:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012/12/20 21:56:46 | 001,574,176 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/01/19 12:30:04 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/05/06 07:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/02/01 23:15:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/01 23:15:46 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/12/17 06:34:08 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/13 11:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/06/03 12:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 15:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011/05/18 17:53:50 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/06/03 12:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 12:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013/02/27 09:47:57 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/12 15:46:24 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/02/12 15:46:17 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013/02/12 15:46:16 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/02/05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/01/05 04:44:06 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/03/30 10:47:32 | 000,156,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -- (McShield)
SRV - [2011/03/03 00:24:10 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon)
SRV - [2010/10/07 19:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe -- (McODS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/02/12 09:39:14 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/02/12 09:39:14 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/02/12 09:39:14 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/07/10 20:10:13 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/02 01:06:00 | 001,577,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/03/31 01:35:26 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2010/02/26 19:32:58 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/31 13:03:24 | 001,783,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009/10/13 03:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/09/02 19:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 14:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/01/17 03:43:20 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?barid={50361B03-60A5-11E1-A1CA-E811321415A1}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={50361B03-60A5-11E1-A1CA-E811321415A1}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?barid={50361B03-60A5-11E1-A1CA-E811321415A1}
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKCU\..\SearchScopes\{D4AFE4DC-A459-4936-9A64-C6AC6082D8ED}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=24770910-B823-4389-8582-6A106736BDE7&apn_sauid=FB7BB30D-292A-4931-8BE8-30FC364F09AE
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={50361B03-60A5-11E1-A1CA-E811321415A1}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.7
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: ""
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013/01/10 19:41:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2011/05/18 17:52:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\p\AppData\Roaming\mozilla\Extensions
[2013/02/12 09:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\p\AppData\Roaming\mozilla\Firefox\Profiles\blpewb6k.default\extensions
[2013/01/10 19:31:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\p\AppData\Roaming\mozilla\Firefox\Profiles\blpewb6k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/02/12 09:45:36 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\p\AppData\Roaming\mozilla\Firefox\Profiles\blpewb6k.default\extensions\toolbar@ask.com
[2013/01/10 18:17:09 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\p\AppData\Roaming\mozilla\firefox\profiles\blpewb6k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/10 18:17:11 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\p\AppData\Roaming\mozilla\firefox\profiles\blpewb6k.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012/12/20 21:54:16 | 000,002,333 | ---- | M] () -- C:\Users\p\AppData\Roaming\mozilla\firefox\profiles\blpewb6k.default\searchplugins\askcom.xml
[2012/02/26 19:11:43 | 000,003,974 | ---- | M] () -- C:\Users\p\AppData\Roaming\mozilla\firefox\profiles\blpewb6k.default\searchplugins\sweetim.xml
 
O1 HOSTS File: ([2013/01/10 18:14:44 | 000,444,830 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 15276 more lines...
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Advanced System Protector]  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_Plugin.exe -update plugin File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.15.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2417D7C1-478E-4432-8F46-FC82D16BBED7}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2ECC7878-9DB0-4C93-921D-1046188B8CFF}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\P\DOWNLOADS\SYSINTERNALSSUITE\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\P\DOWNLOADS\SYSINTERNALSSUITE\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/26 12:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/02/16 16:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/02/12 10:39:09 | 000,000,000 | ---D | C] -- C:\Users\p\.swt
[2013/02/12 09:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/02/12 09:45:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2013/02/12 09:44:47 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/02/12 09:44:47 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/02/12 09:44:47 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/02/12 09:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/02/12 09:44:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/11 13:18:02 | 000,000,000 | ---- | M] () -- C:\Users\p\defogger_reenable
[2013/03/11 13:04:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/11 13:04:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/11 09:52:11 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/11 09:52:11 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/11 09:43:33 | 3179,921,408 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/11 07:36:33 | 001,580,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/11 07:36:33 | 000,689,412 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/03/11 07:36:33 | 000,644,754 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/11 07:36:33 | 000,139,452 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/03/11 07:36:33 | 000,114,180 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/16 16:11:25 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/02/16 16:11:25 | 000,002,046 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/02/15 19:24:57 | 000,302,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/12 09:45:41 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/02/12 09:39:14 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/02/12 09:39:14 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/02/12 09:39:14 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/03/11 13:18:02 | 000,000,000 | ---- | C] () -- C:\Users\p\defogger_reenable
[2013/02/15 15:49:43 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/02/12 09:45:41 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/01/15 09:05:43 | 001,607,938 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/30 16:10:40 | 000,000,017 | ---- | C] () -- C:\Users\p\AppData\Local\resmon.resmoncfg
[2011/05/14 13:34:05 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/05/18 17:55:43 | 000,000,000 | ---D | M] -- C:\Users\p\AppData\Roaming\OpenOffice.org
[2012/07/10 20:07:27 | 000,000,000 | ---D | M] -- C:\Users\p\AppData\Roaming\Systweak
[2013/01/15 09:06:54 | 000,000,000 | ---D | M] -- C:\Users\p\AppData\Roaming\TP
[2012/07/10 20:13:41 | 000,000,000 | ---D | M] -- C:\Users\p\AppData\Roaming\TrueCrypt
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2011/10/31 07:45:54 | 030,124,382 | ---- | M] ()(C:\Users\p\Desktop\? ? ? MUL MANTRA - Snatam Kaur - SOMOS UNO...WE ARE ONE ? ? .mp4) -- C:\Users\p\Desktop\♥ ♥ ♥ MUL MANTRA - Snatam Kaur - SOMOS UNO...WE ARE ONE ♥ ♥ .mp4
[2011/10/31 07:43:17 | 030,124,382 | ---- | C] ()(C:\Users\p\Desktop\? ? ? MUL MANTRA - Snatam Kaur - SOMOS UNO...WE ARE ONE ? ? .mp4) -- C:\Users\p\Desktop\♥ ♥ ♥ MUL MANTRA - Snatam Kaur - SOMOS UNO...WE ARE ONE ♥ ♥ .mp4

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 3/11/2013 1:24:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.96 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 63.59% Memory free
5.92 Gb Paging File | 4.65 Gb Available in Paging File | 78.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 70.22 Gb Total Space | 25.98 Gb Free Space | 37.00% Space Free | Partition Type: NTFS
Drive D: | 142.57 Gb Total Space | 140.20 Gb Free Space | 98.34% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: p | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02DE13FC-8CC0-4293-8B12-B16D1B1F40F8}" = rport=445 | protocol=6 | dir=out | app=system | 
"{034E7927-0006-42DD-84F5-D07B2DFD37FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0CA0F238-4013-4B48-87F8-2C0AEE4FD1B9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0F58AA10-4086-4E79-B528-D61F502E23FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1ED4FCA9-6071-4A4A-A61B-1415109B84C4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2F21855C-9744-4B96-8876-E223278DEAFA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3455B2D8-8810-43C0-96CB-17387776E02D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3BEB6E97-02AA-4234-AC88-2100F3B8D1CC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5D068321-0EA5-4BD9-86A4-3AE613C8D504}" = rport=138 | protocol=17 | dir=out | app=system | 
"{66479E12-ABC9-4E20-87AB-400D642C50E9}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6B080BA5-BAA9-4D36-B882-40A68499177A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{72167B1C-ECC8-452A-A5A4-739CC50A7BED}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7809224C-D633-4261-B9F6-0D8DEE447322}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7B974DB3-16A5-4E1F-B6F3-73D8886A43D9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{812B4441-F12B-466E-A6AD-1FA9C739BE78}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8F955D02-91AC-4E57-9691-C5007624FD1D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{95D81CE0-A4FB-49D7-8C8D-6222140552B9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A40EF82D-E6E2-44D9-B483-88FB0C0729AD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B2E01F90-B4A8-470F-A119-1A0DF8FF2AB4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C7268791-D76B-4859-B224-40231C2176A1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D9FACC0F-DA6B-41A4-A221-E84134996CB3}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FAC9111-E906-464B-B4D9-18247B3CB137}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{15640DDA-F911-455E-A40F-BA5DA3F42709}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{156FB917-D3FE-47B3-AD2E-AC5E1FCA3218}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{27AD3DB6-5B39-4B5E-AD87-EEEF288C57B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3CB93457-D75C-41CF-A75F-DD5FF1C60D47}" = protocol=6 | dir=out | app=system | 
"{42FF67E4-4154-4881-A9A4-F7D1BDE04CE1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4D4DFE12-F7C5-4197-8829-9FFA5591AFD7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4D516948-8792-4861-9194-85479DA15F41}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{66193CAD-9657-4477-BD90-A6CD0A5F1F41}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{86E18412-D402-4086-A5CF-A80DED268082}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{94EFBF4F-11EC-4CC4-8215-3E02FC51AA89}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | 
"{9D44A265-17A7-46DA-8F0C-1C14FFA8078D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{A16C7C72-208E-44E1-A00A-47E9777D22AA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{A1A055A2-5D4B-4ACF-994B-6B12357A703A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A7584510-58EE-492D-874C-F4C5661E4F1B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{AF2280EC-32EE-4FCE-A1C2-D1DFD0B96BD0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D3F8D7BD-D476-45EE-BAD1-FA64C483301F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D5407144-3F6F-4FDC-B61D-1DF60B86574B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D681DCFA-5E49-4003-8732-3B3015B319EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DB198672-E360-402F-BDDA-D76AA0E5B7CE}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{E03ACAEA-7AB0-4F66-B9DD-49026D0D276C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F1F57DC3-F74C-41D2-86A0-7AB2A858F0D5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F879CCA3-9C11-4760-92FF-B59B27C0CAAD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FAB65C0E-17F1-42F2-95F2-76D0EB46ACF7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{98922D0D-D0FF-4D47-BE75-FC9343F1C511}C:\program files (x86)\cspace\cspace.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cspace\cspace.exe | 
"TCP Query User{F8B99F98-F865-4BEC-9095-E28A1968EE87}C:\program files (x86)\cspace\cspace.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cspace\cspace.exe | 
"TCP Query User{FBA5AB71-97FE-4DBC-A2E6-5C5D18C774EF}C:\program files (x86)\java\jre6\launch4j-tmp\scannow.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\launch4j-tmp\scannow.exe | 
"UDP Query User{0E30EACE-4470-4E1D-B4E4-7BEEDA317120}C:\program files (x86)\java\jre6\launch4j-tmp\scannow.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\launch4j-tmp\scannow.exe | 
"UDP Query User{71FC0712-F619-49AD-AF90-496FACDC4B99}C:\program files (x86)\cspace\cspace.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cspace\cspace.exe | 
"UDP Query User{BDA15D8C-A0AC-45F3-972C-6D20EEAA7FFD}C:\program files (x86)\cspace\cspace.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cspace\cspace.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2F603A45-D956-496B-81B5-50D782424976}" = SweetPacks Toolbar for Internet Explorer 4.4
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B85C4CB2-B352-4BD8-818C-BCE353599107}" = SweetIM for Messenger 3.6
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager
"00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.0.3
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/20/2012 4:24:23 AM | Computer Name = PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GoogleEarthPluginSetup(1).exe, Version:
 1.3.21.124, Zeitstempel: 0x50257e81  Name des fehlerhaften Moduls: SDHook32.dll, 
Version: 2.0.5.1, Zeitstempel: 0x4e36cc58  Ausnahmecode: 0xc0000417  Fehleroffset: 0x00034e67
ID
 des fehlerhaften Prozesses: 0xf14  Startzeit der fehlerhaften Anwendung: 0x01cdde8b6959afde
Pfad
 der fehlerhaften Anwendung: C:\Users\Pia\Downloads\GoogleEarthPluginSetup(1).exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHook32.dll
Berichtskennung:
 a861c3a6-4a7e-11e2-b9ec-e811321415a1
 
Error - 12/20/2012 4:25:54 AM | Computer Name = PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GoogleEarthPluginSetup(2).exe, Version:
 1.3.21.124, Zeitstempel: 0x50257e81  Name des fehlerhaften Moduls: SDHook32.dll, 
Version: 2.0.5.1, Zeitstempel: 0x4e36cc58  Ausnahmecode: 0xc0000417  Fehleroffset: 0x00034e67
ID
 des fehlerhaften Prozesses: 0x91c  Startzeit der fehlerhaften Anwendung: 0x01cdde8ba0bb5ace
Pfad
 der fehlerhaften Anwendung: C:\Users\Pia\Downloads\GoogleEarthPluginSetup(2).exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHook32.dll
Berichtskennung:
 dec4bb59-4a7e-11e2-b9ec-e811321415a1
 
Error - 12/21/2012 8:09:45 AM | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 12.0.0.4493 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 7bc    Startzeit: 
01cddf73c5750180    Endzeit: 31    Anwendungspfad: C:\Programme\Mozilla Firefox\firefox.exe

Berichts-ID:
 385d6cd3-4b67-11e2-bcf2-e811321415a1  
 
Error - 12/28/2012 8:48:53 AM | Computer Name = PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514,
 Zeitstempel: 0x4ce79912  Name des fehlerhaften Moduls: SDHelper.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4fe977ab  Ausnahmecode: 0xc0000005  Fehleroffset: 0x06098683
ID
 des fehlerhaften Prozesses: 0x78c  Startzeit der fehlerhaften Anwendung: 0x01cde4f9ab108f8e
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: SDHelper.dll  Berichtskennung: eed724b6-50ec-11e2-b9d9-e811321415a1
 
Error - 12/29/2012 4:40:35 PM | Computer Name = PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WCScheduler.exe, Version: 4.0.0.6,
 Zeitstempel: 0x00000000  Name des fehlerhaften Moduls: SDHook32.dll, Version: 2.0.5.1,
 Zeitstempel: 0x4e36cc58  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003e7db  ID des fehlerhaften
 Prozesses: 0xbd0  Startzeit der fehlerhaften Anwendung: 0x01cde604a72b954e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Samsung\Samsung Recovery Solution
 4\WCScheduler.exe  Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Spybot - 
Search & Destroy 2\SDHook32.dll  Berichtskennung: fe9b2b90-51f7-11e2-b915-e811321415a1
 
Error - 1/7/2013 5:12:38 AM | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 12.0.0.4493 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 384    Startzeit: 
01cdecb6f2a99d48    Endzeit: 32    Anwendungspfad: C:\Programme\Mozilla Firefox\firefox.exe

Berichts-ID:
 5b7b4031-58aa-11e2-b495-e811321415a1  
 
Error - 1/10/2013 12:50:40 PM | Computer Name = PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WCScheduler.exe, Version: 4.0.0.6,
 Zeitstempel: 0x00000000  Name des fehlerhaften Moduls: SDHook32.dll, Version: 2.0.5.1,
 Zeitstempel: 0x4e36cc58  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003e7db  ID des fehlerhaften
 Prozesses: 0x9ec  Startzeit der fehlerhaften Anwendung: 0x01cdef526d070c76  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Samsung\Samsung Recovery Solution
 4\WCScheduler.exe  Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Spybot - 
Search & Destroy 2\SDHook32.dll  Berichtskennung: dcdfd54f-5b45-11e2-9d1e-e811321415a1
 
Error - 1/15/2013 4:56:47 AM | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Programm WINWORDC.EXE, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1094    Startzeit:
 01cdf2f73d4cd7c0    Endzeit: 0    Anwendungspfad: Q:\140066.deu\Office14\WINWORDC.EXE    Berichts-ID:
 794b379d-5ef1-11e2-be13-e811321415a1  
 
Error - 1/16/2013 2:15:47 AM | Computer Name = PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: BITS connection error Type: 150::InternetConnectionFailure.
 
 
Error - 1/20/2013 3:23:53 AM | Computer Name = PC | Source = Microsoft Office 14 | ID = 2001
Description = 
 
[ System Events ]
Error - 3/10/2013 7:47:48 AM | Computer Name = PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall-Dienst" ist von folgendem Dienst
 abhängig: MfeFire. Dieser Dienst ist eventuell nicht installiert.
 
Error - 3/10/2013 7:50:19 AM | Computer Name = PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 McAfee VirusScan Announcer erreicht.
 
Error - 3/10/2013 7:50:19 AM | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee VirusScan Announcer" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 3/11/2013 2:28:56 AM | Computer Name = PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall-Dienst" ist von folgendem Dienst
 abhängig: MfeFire. Dieser Dienst ist eventuell nicht installiert.
 
Error - 3/11/2013 2:31:30 AM | Computer Name = PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 McAfee VirusScan Announcer erreicht.
 
Error - 3/11/2013 2:31:30 AM | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee VirusScan Announcer" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 3/11/2013 4:43:42 AM | Computer Name = PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall-Dienst" ist von folgendem Dienst
 abhängig: MfeFire. Dieser Dienst ist eventuell nicht installiert.
 
Error - 3/11/2013 4:44:46 AM | Computer Name = PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Spooler erreicht.
 
Error - 3/11/2013 4:47:01 AM | Computer Name = PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 McAfee VirusScan Announcer erreicht.
 
Error - 3/11/2013 4:47:01 AM | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee VirusScan Announcer" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
 
< End of report >
         
--- --- ---
Sorry, hier der Gmer- Report...ich weiß nicht, wie ich das nachträglich in mein erstelltes thema einfüge, deshalb jetzt hier:
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19155 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-03-11 14:39:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 232,89GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\p\AppData\Local\Temp\pxldapow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1632] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                           0000000075d11465 2 bytes [D1, 75]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1632] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                          0000000075d114bb 2 bytes [D1, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075d11465 2 bytes [D1, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075d114bb 2 bytes [D1, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3816] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                            0000000075d11465 2 bytes [D1, 75]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3816] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                           0000000075d114bb 2 bytes [D1, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                       0000000075d11465 2 bytes [D1, 75]
.text  C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      0000000075d114bb 2 bytes [D1, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000075d11465 2 bytes [D1, 75]
.text  C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             0000000075d114bb 2 bytes [D1, 75]
.text  ...                                                                                                                                                    * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{7C1AFB22-0CDA-49EC-AF3E-4D93358380BB}\Connection@Name            isatap.{D25A05CB-EE3E-4F72-B498-378D76D699B6}
Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind               \Device\{FC99563E-DB6C-4434-9F61-5A808EEEFCEE}?\Device\{594B6461-82D1-4FA2-90D6-AB6EE59593AF}?\Device\{7C1AFB22-0CDA-49EC-AF3E-4D93358380BB}?\Device\{2BBF08E3-5447-4897-9061-0F6DD89C1FE2}?
Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route              "{FC99563E-DB6C-4434-9F61-5A808EEEFCEE}"?"{594B6461-82D1-4FA2-90D6-AB6EE59593AF}"?"{7C1AFB22-0CDA-49EC-AF3E-4D93358380BB}"?"{2BBF08E3-5447-4897-9061-0F6DD89C1FE2}"?
Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export             \Device\TCPIP6TUNNEL_{FC99563E-DB6C-4434-9F61-5A808EEEFCEE}?\Device\TCPIP6TUNNEL_{594B6461-82D1-4FA2-90D6-AB6EE59593AF}?\Device\TCPIP6TUNNEL_{7C1AFB22-0CDA-49EC-AF3E-4D93358380BB}?\Device\TCPIP6TUNNEL_{2BBF08E3-5447-4897-9061-0F6DD89C1FE2}?
Reg    HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{7C1AFB22-0CDA-49EC-AF3E-4D93358380BB}@InterfaceName                                 isatap.{D25A05CB-EE3E-4F72-B498-378D76D699B6}
Reg    HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{7C1AFB22-0CDA-49EC-AF3E-4D93358380BB}@ReusableType                                  0

---- Disk sectors - GMER 2.1 ----

Disk   \Device\Harddisk0\DR0                                                                                                                                  unknown MBR code

---- EOF - GMER 2.1 ----
         
--- --- ---

Alt 11.03.2013, 15:15   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.Banker.Gen' in  'C:\Users\***\AppData\Roaming\01040\components\AcroFF.dll - Standard

TR/Spy.Banker.Gen' in 'C:\Users\***\AppData\Roaming\01040\components\AcroFF.dll



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 11.03.2013, 17:24   #3
Zizibee
 
TR/Spy.Banker.Gen' in  'C:\Users\***\AppData\Roaming\01040\components\AcroFF.dll - Standard

TR/Spy.Banker.Gen' in 'C:\Users\***\AppData\Roaming\01040\components\AcroFF.dll



Code:
ATTFilter
Exportierte Ereignisse:

11.03.2013 10:30 [System-Scanner] Malware gefunden
      Die Datei 'C:\Users\Pia\AppData\Roaming\01040\components\AcroFF.dll'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '59783095.qua' 
      verschoben!

11.03.2013 10:26 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Pia\AppData\Roaming\01040\components\AcroFF.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

11.03.2013 07:35 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Users\Pia\AppData\Roaming\01040\components\AcroFF.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

12.02.2013 10:57 [Browser-Schutz] Malware gefunden
      Beim Zugriff auf Daten der URL 
      "hxxp://wepawet.iseclab.org/view.php?hash=e2e0637381d6b50fbac87e88134e7b76&t=131
      7266500&type=js"
      wurde ein Virus oder unerwünschtes Programm 'EXP/CVE-2010-1885' [exploit] 
      gefunden.
      Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
         


ich schreibs mir hinter die ohren...hoffe es passt so! das ist die logfile von avira, hab zwar noch spybot aber da kam keine virusmeldung.
soll ich die otl-und gmer- logfiles nochmal schicken?
lg :-)
__________________

Alt 11.03.2013, 20:49   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.Banker.Gen' in  'C:\Users\***\AppData\Roaming\01040\components\AcroFF.dll - Standard

TR/Spy.Banker.Gen' in 'C:\Users\***\AppData\Roaming\01040\components\AcroFF.dll



Lesestoff:
Banking-Trojaner
Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann
solltest du zumindest dein Passwort von deiner Bank ändern
lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise
"chip-TAN-comfort"
nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste
Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär
sperren zu lassen. Der Sperrnotruf 116 116 von
www.sperr-notruf.de kann Tag und
Nacht dafür benutzt werden.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.03.2013, 22:40   #5
Zizibee
 
TR/Spy.Banker.Gen' in  'C:\Users\***\AppData\Roaming\01040\components\AcroFF.dll - Standard

TR/Spy.Banker.Gen' in 'C:\Users\***\AppData\Roaming\01040\components\AcroFF.dll



Ja, mein Konto hab ich bereits sperren lassen...aber auf dauer ist es damit nicht getan, nehm ich an...kannst du mir sagen, wie ich den virus entferne?


Alt 12.03.2013, 10:45   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Spy.Banker.Gen' in  'C:\Users\***\AppData\Roaming\01040\components\AcroFF.dll - Standard

TR/Spy.Banker.Gen' in 'C:\Users\***\AppData\Roaming\01040\components\AcroFF.dll



Wenn du wirklich sicher gehen und auch in Zukunft sicher unter Windows Onlinebanking machen willst, dann solltest du eine Neuinstallation in Erwägung ziehen
__________________
--> TR/Spy.Banker.Gen' in 'C:\Users\***\AppData\Roaming\01040\components\AcroFF.dll

Alt 12.03.2013, 13:17   #7
Zizibee
 
TR/Spy.Banker.Gen' in  'C:\Users\***\AppData\Roaming\01040\components\AcroFF.dll - Standard

TR/Spy.Banker.Gen' in 'C:\Users\***\AppData\Roaming\01040\components\AcroFF.dll



dann werde ich das wohl in angriff nehmen...hab vielen dank und liebe grüße! :-)

Antwort

Themen zu TR/Spy.Banker.Gen' in 'C:\Users\***\AppData\Roaming\01040\components\AcroFF.dll
4d36e972-e325-11ce-bfc1-08002be10318, 7-zip, antivir, autorun, avira searchfree toolbar, error, exp/cve-2010-1885, firefox, flash player, format, google, home, iexplore.exe, install.exe, installation, launch, logfile, microsoft office starter 2010, mozilla, phishing, plug-in, realtek, registry, security, software, svchost.exe, sweetpacks, tr/spy.banker.gen, tunnel, udp, unknown mbr, virus, windows




Ähnliche Themen: TR/Spy.Banker.Gen' in 'C:\Users\***\AppData\Roaming\01040\components\AcroFF.dll


  1. Lästiges Ding unter users\appdata\roaming
    Log-Analyse und Auswertung - 15.03.2014 (13)
  2. C:\Users\didi\AppData\Roaming\skype.dat
    Log-Analyse und Auswertung - 30.09.2013 (2)
  3. Online- Banking gesperrt! Trojan.FakeAlert.Gen & Trojan.ZbotR.Gen in (C:\Users\\AppData\Temp & C:\Users\\AppData\Roaming\Osje\rutaap.exe)
    Log-Analyse und Auswertung - 06.02.2013 (1)
  4. RunDLL Probleme beim Starten von C:\users\***\AppData\Roaming\pndeb.dll & AppData\Local\powstak.dll
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (5)
  5. C:\Users\*\AppData\Roaming\14001.019\components->AcroFF seit längerem auf den Pc ?
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (7)
  6. Viren in C:\Users\***\AppData\Roaming\BAcroIEHelpe*.dll
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (5)
  7. Immer wieder Trojan.Banker in \AppData\Roaming
    Log-Analyse und Auswertung - 21.08.2012 (7)
  8. TR/Rogue.kdv.673030 in C:\Users\Kitty\AppData\Roaming
    Plagegeister aller Art und deren Bekämpfung - 24.07.2012 (5)
  9. Sonderbare Ordner in C:\users\.......\appData\Roaming
    Log-Analyse und Auswertung - 05.03.2012 (9)
  10. c:\Users\Name\AppData\Roaming\acroiehelpe050.dll
    Log-Analyse und Auswertung - 05.12.2011 (15)
  11. C:\Users\***\AppData\Roaming\Netwin\busatl.exe entfernen?
    Plagegeister aller Art und deren Bekämpfung - 03.12.2011 (41)
  12. acroff.dl im appdata/roaming verzeichnis
    Log-Analyse und Auswertung - 01.12.2011 (3)
  13. TR/Spy.Banker.iuq.3 in C:\Users\Username\AppData\Roaming\appconf32.exe
    Plagegeister aller Art und deren Bekämpfung - 06.11.2011 (11)
  14. C:\Users\***\AppData\Roaming\windat\svchost.exe TR/Dropper.Gen
    Plagegeister aller Art und deren Bekämpfung - 23.07.2010 (1)
  15. TR/Spy.Zb.aaw.14997 in C:\Users\ICH\appdata\Roaming\...
    Plagegeister aller Art und deren Bekämpfung - 11.07.2010 (17)
  16. Users/***/Appdata/Roaming/Winlogon.exe
    Log-Analyse und Auswertung - 04.07.2010 (7)
  17. 'C:\Users\***\AppData\Roaming\install\svchost.exe'
    Plagegeister aller Art und deren Bekämpfung - 08.06.2010 (6)

Zum Thema TR/Spy.Banker.Gen' in 'C:\Users\***\AppData\Roaming\01040\components\AcroFF.dll - Hallo zusammen, heute bekam ich von avira obengenannte meldung über den virus! hab ihn dann in quarantäne verschoben und leider im eifer des gefechts gelöscht ich versteh von pcs leider - TR/Spy.Banker.Gen' in 'C:\Users\***\AppData\Roaming\01040\components\AcroFF.dll...
Archiv
Du betrachtest: TR/Spy.Banker.Gen' in 'C:\Users\***\AppData\Roaming\01040\components\AcroFF.dll auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.