|
Plagegeister aller Art und deren Bekämpfung: Merkwürdige TAN-Abfrage nach Login bei Online-BankingWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
06.05.2013, 21:22 | #1 |
| Merkwürdige TAN-Abfrage nach Login bei Online-Banking Hallo, als ich mich gestern für mein Online-Banking bei der Deutschen Bank eingeloggt hatte, erschien eine Meldung, dass mein TAN-Block aufgebraucht sei und ich bitte meine jetzigen 100 TANS in ein Formular eintragen sollte, um einen neuen Block zugeschickt zu bekommen. Kurz vorher hatte mein AntiVir den Trojaner TR/Bublik.I.6 gefunden und in Quarantäne verschoben. Kann das etwas damit zu tun haben? Ich habe mein Online-Banking heute sperren lassen und ein erneuter Virenscan hat nichts weiter gefunden. Wie kann ich feststellen, ob jetzt alles sauber ist? Danke schon einmal für die Hilfe!!! |
06.05.2013, 21:33 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Merkwürdige TAN-Abfrage nach Login bei Online-BankingZitat:
Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten. Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
08.05.2013, 20:18 | #3 |
| Merkwürdige TAN-Abfrage nach Login bei Online-Banking Hallo,
__________________erst einmal DANKE für die Hilfe! Ich habe allerdings unter Windows 7 ein Problem die Logdateien mit den Funden zu exportieren. Ich habe wie von Dir beschrieben die Ereignisse markiert und exportiert. In dem Verzeichnis sind danach aber immer nur drei leere Ordner zu finden: AVESVC, AVGUARD und WEBGUARD. Habe es mehrfach versucht, aber immer mit dem gleichen Ergebnis...was mache ich jetzt?? |
08.05.2013, 22:48 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Merkwürdige TAN-Abfrage nach Login bei Online-Banking Dann notiere die kompletten Dateipfade zu den Funden und poste sie hier.
__________________ Logfiles bitte immer in CODE-Tags posten |
09.05.2013, 08:55 | #5 |
| Merkwürdige TAN-Abfrage nach Login bei Online-Banking Hier sind jetzt die letzten kompletten Meldungen zu den Funden: Die Datei 'C:\Users\***\AppData\Roaming\ie_util.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Bublik.I.6' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55220cf6.qua' verschoben! In der Datei 'C:\Users\***\AppData\Roaming\ie_util.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Bublik.I.6' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern Die Datei 'C:\Users\***\AppData\Local\Temp\lveueagvar.pre' enthielt einen Virus oder unerwünschtes Programm 'TR/RogueericKD.938208' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55a56806.qua' verschoben! Die Datei 'C:\Users\***\AppData\Roaming\Mykmfcyfm\dntjbkll.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/RogueericKD.938208' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54f37d15.qua' verschoben! Die Datei 'C:\Users\***\AppData\Roaming\KB00710050.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Cridex.172032.84' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c2052de.qua' verschoben! In der Datei 'C:\Users\***\AppData\Roaming\KB00710050.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Cridex.172032.84' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\Users\***\AppData\Roaming\Mykmfcyfm\dntjbkll.exe' wurde ein Virus oder unerwünschtes Programm 'TR/RogueericKD.938208' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern Hilft das weiter? |
09.05.2013, 17:29 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Merkwürdige TAN-Abfrage nach Login bei Online-Banking Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ --> Merkwürdige TAN-Abfrage nach Login bei Online-Banking |
10.05.2013, 16:50 | #7 |
| Merkwürdige TAN-Abfrage nach Login bei Online-Banking Ok, hier nun die beiden Logfiles...ich hoffe, ich habe soweit alles richtig gemacht... OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.05.2013 17:33:41 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 57,22% Memory free 5,73 Gb Paging File | 4,09 Gb Available in Paging File | 71,39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 266,99 Gb Total Space | 215,87 Gb Free Space | 80,85% Space Free | Partition Type: NTFS Drive D: | 30,00 Gb Total Space | 20,09 Gb Free Space | 66,97% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3257401125-2040109845-2132314743-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{D2B00194-CDC6-41D2-B6E2-031348AA6A84}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0470F7F3-087F-430D-BD3A-0E96568C7556}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{07A596CD-E869-4383-9067-B2084A82B0A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2556ED4F-6084-4AE3-9435-76B021AEBBCA}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{281AC749-6665-48B6-9D0D-DEC1E2E9DF18}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{76BDD44B-9D6F-4D81-A170-F95BC3042B3B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{CCB25877-DE0F-40B1-B8D5-62667107302C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DA16BA91-AD6B-47AE-BAB2-19C176B2F7CA}" = dir=in | app=c:\program files\itunes\itunes.exe | "{EEF61AC1-5102-4CB7-8103-046C28F8590E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 "_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE "{0F895695-33CC-4203-9C47-25EF2AC9441C}" = Media Go "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent "{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content "{1E517C0C-8542-4F8C-DA23-98BCA13CD1F4}_is1" = Haushaltsbuch Freeware 2.8 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN "{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOKR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.OUTLOOKR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4 "{91140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010 "{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw "{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension "{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.8 "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.155 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Ashampoo Burning Studio_is1" = Ashampoo Burning Studio "Ashampoo Photo Commander_is1" = Ashampoo Photo Commander "Ashampoo Snap_is1" = Ashampoo Snap "Avira AntiVir Desktop" = Avira Antivirus Premium 2012 "ElsterFormular" = ElsterFormular "ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular-Upgrade "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "MEDION Fotos auf CD & DVD SE Nord D" = MEDION Fotos auf CD & DVD SE Nord "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.OUTLOOKR" = Microsoft Outlook 2010 "RealPlayer 12.0" = RealPlayer "SynTPDeinstKey" = Synaptics Pointing Device Driver "Update Engine" = Sony Ericsson Update Engine "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinLiveSuite_Wave3" = Windows Live Essentials "X10Hardware" = X10 Hardware(TM) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3257401125-2040109845-2132314743-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Game Organizer" = EasyBits GO ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 08.02.2012 15:02:05 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4087 Error - 08.02.2012 15:02:06 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 08.02.2012 15:02:06 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5085 Error - 08.02.2012 15:02:06 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5085 Error - 08.02.2012 15:02:07 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 08.02.2012 15:02:07 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6271 Error - 08.02.2012 15:02:07 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6271 Error - 08.02.2012 15:39:39 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 08.02.2012 15:39:39 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2257911 Error - 08.02.2012 15:39:39 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2257911 [ Media Center Events ] Error - 12.07.2010 14:13:47 | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 20:13:47 - Fehler beim Herstellen der Internetverbindung. 20:13:47 - Serververbindung konnte nicht hergestellt werden.. Error - 17.09.2010 15:58:08 | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 21:45:50 - EpgListings konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) [ System Events ] Error - 06.05.2013 14:57:20 | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 06.05.2013 14:57:20 | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 06.05.2013 15:19:24 | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 06.05.2013 15:21:43 | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 06.05.2013 15:21:43 | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 06.05.2013 15:21:44 | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 06.05.2013 15:21:44 | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 06.05.2013 15:21:45 | Computer Name = ***-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 06.05.2013 15:34:18 | Computer Name = ***-PC | Source = volsnap | ID = 393230 Description = Die Schattenkopien von Volume "F:" wurden aufgrund eines E/A-Fehlers auf Volume "F:" abgebrochen. Error - 08.05.2013 14:43:02 | Computer Name = ***-PC | Source = DCOM | ID = 10010 Description = < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.05.2013 17:33:41 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 57,22% Memory free 5,73 Gb Paging File | 4,09 Gb Available in Paging File | 71,39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 266,99 Gb Total Space | 215,87 Gb Free Space | 80,85% Space Free | Partition Type: NTFS Drive D: | 30,00 Gb Total Space | 20,09 Gb Free Space | 66,97% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Sony\Sony PC Companion\PCCompanion.exe (Sony) PRC - C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe () PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Programme\Launch Manager\WButton.exe (Wistron Corp.) PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10) PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_169.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe () MOD - C:\Programme\Sony\Sony PC Companion\sqlite3.dll () MOD - C:\Programme\Sony\Sony PC Companion\PhoneUpdate.dll () MOD - C:\Programme\Sony\Sony PC Companion\MExplorer.dll () MOD - C:\Programme\Sony\Sony PC Companion\TMonitorAPI.dll () MOD - C:\Programme\Sony\Sony PC Companion\CAgdLNotes.dll () MOD - C:\Programme\Sony\Sony PC Companion\CAgdOutlook.dll () MOD - C:\Programme\Sony\Sony PC Companion\CalEngine.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\Sony\Sony PC Companion\Report.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Programme\Sony\Sony PC Companion\VistaCalendar.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Programme\Sony\Sony PC Companion\VObject.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (UNS) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10) SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (iPodDrv) -- C:\Windows\System32\drivers\iPodDrv.sys (Windows (R) Codename Longhorn DDK provider) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation) DRV - (NxpCap) -- C:\Windows\System32\drivers\NxpCap.sys (NXP Semiconductors Germany GmbH) DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation) DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom SA) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (s0016unic) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\..\SearchScopes,DefaultScope = {34C25CAE-683B-47D4-AAA0-856CFB42208D} IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\..\SearchScopes\{34C25CAE-683B-47D4-AAA0-856CFB42208D}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\..\SearchScopes\{5E563452-E8D2-491E-8793-9691F5D196EF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.11 21:47:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.16 22:06:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.11 21:47:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.16 22:06:15 | 000,000,000 | ---D | M] [2010.08.22 16:38:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.03.22 17:05:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\s6grsajo.default\extensions [2013.02.23 16:20:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\s6grsajo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.03.22 17:05:27 | 000,549,639 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s6grsajo.default\extensions\toolbar@web.de.xpi [2013.03.22 17:05:29 | 000,001,050 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s6grsajo.default\searchplugins\11-suche.xml [2013.03.22 17:05:29 | 000,002,418 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s6grsajo.default\searchplugins\englische-ergebnisse.xml [2013.03.22 17:05:29 | 000,010,701 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s6grsajo.default\searchplugins\gmx-suche.xml [2013.03.22 17:05:29 | 000,002,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s6grsajo.default\searchplugins\lastminute.xml [2013.03.22 17:05:29 | 000,005,682 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s6grsajo.default\searchplugins\webde-suche.xml [2013.04.11 21:47:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.11 21:47:46 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.04.11 21:47:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.29 16:17:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.16 20:43:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.29 16:17:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.29 16:17:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.29 16:17:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.29 16:17:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45E7A42D-34F3-4E38-8108-0519D5D90937}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84F95E93-CFB7-4836-AA94-CA8AB71B56DC}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF1075E2-4B82-43A8-937F-DE7FCB359661}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.10 17:31:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.05.09 11:54:28 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Urlaub [2013.05.07 18:20:50 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Anti-Malware [2013.05.03 21:27:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Pave [2013.05.03 21:27:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Hirol [2013.04.16 22:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013.04.16 22:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013.04.11 21:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.04.11 19:50:29 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\A5647961 [2013.04.11 19:50:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mykmfcyfm [2013.04.10 20:22:28 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.04.10 20:22:25 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.04.10 20:22:25 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.04.10 20:22:25 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013.04.10 20:22:20 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2013.04.10 20:22:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2013.04.10 20:22:12 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.04.10 20:22:10 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.04.10 20:22:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.04.10 20:22:10 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.04.10 20:22:10 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.10 17:34:27 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.10 17:34:27 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.10 17:34:27 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.10 17:34:27 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.10 17:32:03 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.10 17:32:03 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.10 17:31:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.05.10 17:24:16 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.10 17:24:15 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\WinMaximizer-Birte Schulenburg-Startup.job [2013.05.10 17:24:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.10 17:24:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.10 17:24:01 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys [2013.05.09 12:42:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.09 12:40:21 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.05.09 12:40:21 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.07 18:56:19 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2013.04.19 23:41:23 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013.04.16 22:06:15 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.04.11 19:21:06 | 000,399,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.09 12:01:22 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.16 22:06:15 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.04.16 22:06:15 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012.11.18 17:58:33 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2011.01.25 21:51:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.04.13 16:42:19 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\A5647961 [2013.05.10 17:26:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Aquamarin Haushaltsbuch [2013.02.11 21:55:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2011.07.11 21:09:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\go [2013.05.03 21:27:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hirol [2013.04.14 18:42:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mykmfcyfm [2012.01.15 22:59:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy [2010.07.12 19:58:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2013.05.06 20:02:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pave [2011.05.19 21:04:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony [2010.07.17 13:41:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > |
10.05.2013, 19:36 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Merkwürdige TAN-Abfrage nach Login bei Online-Banking Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
10.05.2013, 20:21 | #9 |
| Merkwürdige TAN-Abfrage nach Login bei Online-Banking Hat geklappt - hier die Datei: [code] Combofix Logfile: Code:
ATTFilter ComboFix 13-05-10.03 - *** 10.05.2013 21:25:56.1.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2935.1397 [GMT 2:00] ausgeführt von:: c:\users\***\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\dsgsdgdsgdsgw.pad c:\users\***\4.0 c:\users\Public\Desktop\Control center.lnk . . ((((((((((((((((((((((( Dateien erstellt von 2013-04-10 bis 2013-05-10 )))))))))))))))))))))))))))))) . . 2013-05-10 19:32 . 2013-05-10 19:32 -------- d-----w- c:\users\***\AppData\Local\temp 2013-05-10 19:32 . 2013-05-10 19:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-10 15:30 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F70ACCF-433F-4A7A-B2CE-C535141BDD25}\mpengine.dll 2013-05-03 19:27 . 2013-05-06 18:02 -------- d-----w- c:\users\***\AppData\Roaming\Pave 2013-05-03 19:27 . 2013-05-03 19:27 -------- d-----w- c:\users\***\AppData\Roaming\Hirol 2013-04-25 19:52 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-16 20:06 . 2013-04-16 20:06 -------- d-----w- c:\program files\Common Files\Adobe 2013-04-11 17:50 . 2013-04-13 14:42 -------- d--h--w- c:\users\***\AppData\Roaming\A5647961 2013-04-11 17:50 . 2013-04-14 16:42 -------- d-----w- c:\users\***\AppData\Roaming\Mykmfcyfm . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-09 10:40 . 2012-04-02 17:15 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-09 10:40 . 2011-05-14 12:27 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-02 00:06 . 2010-04-22 11:13 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-03-30 12:12 . 2013-03-30 12:12 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-30 12:12 . 2012-08-26 18:48 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-03-30 12:12 . 2010-04-22 14:19 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-19 05:04 . 2013-04-10 18:22 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 18:22 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 04:48 . 2013-04-10 18:22 38912 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 02:49 . 2013-04-10 18:22 69632 ----a-w- c:\windows\system32\smss.exe 2013-03-02 04:58 . 2013-04-10 18:22 981504 ----a-w- c:\windows\system32\wininet.dll 2013-03-02 03:22 . 2013-04-10 18:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2013-03-01 03:09 . 2013-04-10 18:22 2347008 ----a-w- c:\windows\system32\win32k.sys 2013-02-15 04:37 . 2013-04-10 18:22 3217408 ----a-w- c:\windows\system32\mstscax.dll 2013-02-15 04:34 . 2013-04-10 18:22 131584 ----a-w- c:\windows\system32\aaclient.dll 2013-02-15 03:25 . 2013-04-10 18:22 36864 ----a-w- c:\windows\system32\tsgqec.dll 2013-02-12 04:48 . 2013-03-15 18:19 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-15 18:19 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 03:32 . 2013-03-26 18:35 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-04-11 19:47 . 2013-04-11 19:47 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2013-03-18 448736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-06 8555040] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-06 694816] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704] "LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-01-13 413696] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-11 1594664] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-13 198160] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x] R3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [x] R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x] R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x] R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [x] R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x] R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [x] R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x] S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x] S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x] S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [x] S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . . Inhalt des "geplante Tasks" Ordners . 2013-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 10:40] . 2013-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-18 21:11] . 2013-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-18 21:11] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ig uInternet Settings,ProxyOverride = *.local IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\s6grsajo.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig FF - prefs.js: network.proxy.type - 0 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM-Run-LMgrOSD - c:\program files\Launch Manager\OSDCtrl.exe SafeBoot-BsScanner . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-05-10 21:34:16 ComboFix-quarantined-files.txt 2013-05-10 19:34 . Vor Suchlauf: 6 Verzeichnis(se), 233.521.119.232 Bytes frei Nach Suchlauf: 11 Verzeichnis(se), 235.364.995.072 Bytes frei . - - End Of File - - 5956DC258BC884B17F1A8FB1DE7C062B |
10.05.2013, 20:37 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Merkwürdige TAN-Abfrage nach Login bei Online-Banking Combofix-Skript
__________________ Logfiles bitte immer in CODE-Tags posten |
10.05.2013, 21:01 | #11 |
| Merkwürdige TAN-Abfrage nach Login bei Online-Banking Auch fertig - hier die Log-Datei: [code] Combofix Logfile: Code:
ATTFilter ComboFix 13-05-10.03 - *** 10.05.2013 22:08:37.2.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2935.1629 [GMT 2:00] ausgeführt von:: c:\users\***\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\***\AppData\Roaming\A5647961 c:\users\***\AppData\Roaming\A5647961\A5647961.DAT c:\users\***\AppData\Roaming\A5647961\A5647961.DAT.DAT c:\users\***\AppData\Roaming\Mykmfcyfm . . ((((((((((((((((((((((( Dateien erstellt von 2013-04-10 bis 2013-05-10 )))))))))))))))))))))))))))))) . . 2013-05-10 20:13 . 2013-05-10 20:14 -------- d-----w- c:\users\***\AppData\Local\temp 2013-05-10 20:13 . 2013-05-10 20:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-10 15:30 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F70ACCF-433F-4A7A-B2CE-C535141BDD25}\mpengine.dll 2013-05-03 19:27 . 2013-05-06 18:02 -------- d-----w- c:\users\***\AppData\Roaming\Pave 2013-05-03 19:27 . 2013-05-03 19:27 -------- d-----w- c:\users\***\AppData\Roaming\Hirol 2013-04-25 19:52 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-16 20:06 . 2013-04-16 20:06 -------- d-----w- c:\program files\Common Files\Adobe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-09 10:40 . 2012-04-02 17:15 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-09 10:40 . 2011-05-14 12:27 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-02 00:06 . 2010-04-22 11:13 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-03-30 12:12 . 2013-03-30 12:12 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-30 12:12 . 2012-08-26 18:48 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-03-30 12:12 . 2010-04-22 14:19 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-19 05:04 . 2013-04-10 18:22 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 18:22 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 04:48 . 2013-04-10 18:22 38912 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 02:49 . 2013-04-10 18:22 69632 ----a-w- c:\windows\system32\smss.exe 2013-03-02 04:58 . 2013-04-10 18:22 981504 ----a-w- c:\windows\system32\wininet.dll 2013-03-02 03:22 . 2013-04-10 18:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2013-03-01 03:09 . 2013-04-10 18:22 2347008 ----a-w- c:\windows\system32\win32k.sys 2013-02-15 04:37 . 2013-04-10 18:22 3217408 ----a-w- c:\windows\system32\mstscax.dll 2013-02-15 04:34 . 2013-04-10 18:22 131584 ----a-w- c:\windows\system32\aaclient.dll 2013-02-15 03:25 . 2013-04-10 18:22 36864 ----a-w- c:\windows\system32\tsgqec.dll 2013-02-12 04:48 . 2013-03-15 18:19 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-15 18:19 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 03:32 . 2013-03-26 18:35 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-04-11 19:47 . 2013-04-11 19:47 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2013-03-18 448736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-06 8555040] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-06 694816] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704] "LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-01-13 413696] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-11 1594664] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-13 198160] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . c:\users\Birte Schulenburg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x] R3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [x] R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x] R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x] R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [x] R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x] R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [x] R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x] S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x] S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x] S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [x] S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . . Inhalt des "geplante Tasks" Ordners . 2013-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 10:40] . 2013-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-18 21:11] . 2013-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-18 21:11] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ig uInternet Settings,ProxyOverride = *.local IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\s6grsajo.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig FF - prefs.js: network.proxy.type - 0 . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-05-10 22:15:25 ComboFix-quarantined-files.txt 2013-05-10 20:15 ComboFix2.txt 2013-05-10 19:34 . Vor Suchlauf: 10 Verzeichnis(se), 235.190.632.448 Bytes frei Nach Suchlauf: 11 Verzeichnis(se), 235.132.416.000 Bytes frei . - - End Of File - - 0E898BC2BF2CBA23F7425DC27110C978 |
10.05.2013, 21:55 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Merkwürdige TAN-Abfrage nach Login bei Online-Banking Rootkitscan mit GMER Bitte lade dir GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
11.05.2013, 15:35 | #13 |
| Merkwürdige TAN-Abfrage nach Login bei Online-Banking Hab ich alles so gemacht. Nach dem Scan mit dem MBAR kam allerdings die Meldung, dass keine Malware gefunden wurde und ein Clean Up deshalb nicht notwendig ist. Ich konnte das Clean Up auch gar nicht öffnen und habe auch nicht noch einmal neu gestartet. War das ok? Hier die Datei: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001 www.malwarebytes.org Database version: v2013.05.11.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 *** :: ***-PC [administrator] 11.05.2013 16:50:17 mbar-log-2013-05-11 (16-50-17).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 29225 Time elapsed: 9 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
12.05.2013, 20:41 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Merkwürdige TAN-Abfrage nach Login bei Online-Banking Ja ok, was ist mit GMER?
__________________ Logfiles bitte immer in CODE-Tags posten |
12.05.2013, 20:49 | #15 |
| Merkwürdige TAN-Abfrage nach Login bei Online-Banking Hier die Gmert.xt [code] GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-05-11 16:30:23 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O 298,09GB Running: gmer_2.1.19163.exe; Driver: C:\Users\***~1\AppData\Local\Temp\uwloqpow.sys ---- System - GMER 2.1 ---- SSDT 90B08786 ZwCreateSection SSDT 90B0875E ZwCreateSymbolicLinkObject SSDT 90B08763 ZwLoadDriver SSDT 90B08759 ZwOpenSection SSDT 90B08790 ZwRequestWaitReplyPort SSDT 90B0878B ZwSetContextThread SSDT 90B08795 ZwSetSecurityObject SSDT 90B08768 ZwSetSystemInformation SSDT 90B0879A ZwSystemDebugControl SSDT 90B08727 ZwTerminateProcess SSDT 90B08722 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E7BA09 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB51F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82EBC34C 4 Bytes [86, 87, B0, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 82EBC354 4 Bytes [5E, 87, B0, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 1313 82EBC468 4 Bytes [63, 87, B0, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 13AF 82EBC504 4 Bytes [59, 87, B0, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82EBC6A8 4 Bytes [90, 87, B0, 90] .text ... ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3556] USER32.dll!RegisterMessagePumpHook + 2F1 778C8B9E 7 Bytes JMP 10053C10 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3556] USER32.dll!PostMessageW + 43A 778D48B5 7 Bytes JMP 10053AC0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3556] USER32.dll!SetDlgItemTextA + 25 778E709F 7 Bytes JMP 10053BF0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3556] USER32.dll!MessageBoxIndirectA + F5 7791E95E 7 Bytes JMP 10053C60 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3556] USER32.dll!MessageBoxIndirectW + 61 7791E9C4 7 Bytes JMP 10053D30 C:\Program Files\Sony\Sony PC Companion\NewUI.dll .text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[3556] USER32.dll!MessageBoxExA + 1F 7791E9E8 7 Bytes JMP 10053CE0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- |
Themen zu Merkwürdige TAN-Abfrage nach Login bei Online-Banking |
antivir, deutsche, e-banking, eintragen, formular, gestern, heute, login, meldung, merkwürdige, nach login, nichts, online-banking, quarantäne, sauber, sperre, sperren, tans, tr/bublik.i.6, tr/cridex.172032.84, tr/rogueerickd.938208, trojaner, virenscan |