Trojaner-Board
Seite 3 von 3 12 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Telekombrief ZeuS/ZBot (Online-Banking-Trojaner) (https://www.trojaner-board.de/125706-telekombrief-zeus-zbot-online-banking-trojaner.html)

BlackSwan 28.11.2012 09:54
Code:
# AdwCleaner v2.009 - Datei am 28/11/2012 um 09:49:07 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzer : *** - ***
# Bootmodus : Normal
# Ausgeführt unter : D:\Users\***\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6001.18000

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v3.6 (de)

Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\aokres9j.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Opera v11.50.1074.0

Datei : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [18035 octets] - [19/10/2012 06:30:01]
AdwCleaner[R2].txt - [981 octets] - [28/11/2012 09:49:07]
AdwCleaner[S1].txt - [17886 octets] - [19/10/2012 11:02:51]

########## EOF - C:\AdwCleaner[R2].txt - [1101 octets] ##########
Mfg BlackSwan

cosinus 28.11.2012 10:45
Eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

BlackSwan 28.11.2012 14:03
Code:
OTL logfile created on: 28.11.2012 13:22:15 - Run 6
OTL by OldTimer - Version 3.2.69.0    Folder = D:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,52% Memory free
4,23 Gb Paging File | 2,90 Gb Available in Paging File | 68,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,18 Gb Total Space | 6,56 Gb Free Space | 19,19% Space Free | Partition Type: NTFS
Drive D: | 192,84 Gb Total Space | 47,48 Gb Free Space | 24,62% Space Free | Partition Type: NTFS
 
Computer Name: MATTHIASB-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Users\***\Downloads\OTL(1).exe (OldTimer Tools)
PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Verbindungsassistent\WTGService.exe ()
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Windows\System32\consent.exe (Microsoft Corporation)
PRC - C:\Programme\System Control Manager\MGSysCtrl.exe (MSI)
PRC - C:\Programme\System Control Manager\edd.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
 
 
========== Modules (No Company Name) ==========
 
MOD - D:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - D:\Program Files\Lavasoft\Ad-Aware\Resources.dll ()
MOD - C:\Windows\System32\MGHwCtrl.dll ()
MOD - D:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll ()
MOD - D:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll ()
MOD - C:\Programme\System Control Manager\MGKBHook.dll ()
MOD - C:\Programme\System Control Manager\CmSuppX.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AviraUpgradeService) -- C:\Windows\TEMP\AVSETUP_506db6af\avupgsvc.exe /TEMPSTART:C:\Windows\TEMP\AVSETUP_506db6af\setup.exe /NOTEMPCLEANUP /CROSSUPGRADE File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Lavasoft Ad-Aware Service) -- D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (getPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (TeamViewer5) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (TeamViewer4) -- C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WTGService) -- C:\Programme\Verbindungsassistent\WTGService.exe ()
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (NishService) -- C:\Programme\System Control Manager\edd.exe ()
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (ewsercd) -- system32\DRIVERS\ewsercd.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (aswMBR) -- C:\Users\MATTHI~1\AppData\Local\Temp\aswMBR.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (MGHwCtrl) -- C:\Windows\System32\drivers\MGHwCtrl.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Si3531) -- C:\Windows\System32\drivers\Si3531.sys (Silicon Image, Inc)
DRV - (SiRemFil) -- C:\Windows\System32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (SiFilter) -- C:\Windows\System32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (tvtool) -- d:\Program Files\TVTool\TVTOOL.SYS ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1261220303-501515183-852727618-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1261220303-501515183-852727618-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1261220303-501515183-852727618-1000\..\URLSearchHook: {0A94B116-4504-4e26-AB05-E61E474AA38B} - SOFTWARE\Classes\CLSID\{0A94B116-4504-4e26-AB05-E61E474AA38B}\InprocServer32 File not found
IE - HKU\S-1-5-21-1261220303-501515183-852727618-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1261220303-501515183-852727618-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1261220303-501515183-852727618-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {91da5e8a-3318-4f8c-b67e-5964de3ab546}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.260.0
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: d:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: d:\Program Files\Mozilla Firefox\components [2012.10.20 08:18:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: d:\Program Files\Mozilla Firefox\plugins [2012.10.20 08:18:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2011.07.20 19:38:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins [2012.10.04 19:54:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.10.20 08:18:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.10.20 08:18:30 | 000,000,000 | ---D | M]
 
[2010.11.17 10:31:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.11.17 10:31:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.25 19:16:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\aokres9j.default\extensions
[2010.08.29 08:57:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\aokres9j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.11.25 19:16:30 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\aokres9j.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
 
O1 HOSTS File: ([2012.10.23 12:36:18 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (Ask Search Assistant BHO) - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL File not found
O2 - BHO: (Ask Toolbar BHO) - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O3 - HKU\S-1-5-21-1261220303-501515183-852727618-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKU\S-1-5-21-1261220303-501515183-852727618-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {F4D76F09-7896-458A-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O4 - HKLM..\Run: [Ad-Watch] D:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [CheckPoint Cleanup] C:\Users\MATTHI~1\AppData\Local\Temp\cpes_clean_launcher.exe C:\Users\MATTHI~1\AppData\Local\Temp\cpes_clean.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (MSI)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WinampAgent] "d:\Program Files\Winamp\winampa.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC0BBBF1-19C9-4405-A301-51514617D623}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0a6ac4a5-65ad-11d9-bf6a-001d9250eb15}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\WindowsEasyTransfer\x86\.\MigSetup.exe
O33 - MountPoints2\{1aa91f8c-b04e-11e0-b881-001d9250eb15}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\.\WindowsEasyTransfer\x86\.\MigSetup.exe
O33 - MountPoints2\{568f295e-57a6-11df-8728-001d9250eb15}\Shell - "" = AutoRun
O33 - MountPoints2\{568f295e-57a6-11df-8728-001d9250eb15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{568f29d1-57a6-11df-8728-001d9250eb15}\Shell - "" = AutoRun
O33 - MountPoints2\{568f29d1-57a6-11df-8728-001d9250eb15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{568f29d3-57a6-11df-8728-001d9250eb15}\Shell - "" = AutoRun
O33 - MountPoints2\{568f29d3-57a6-11df-8728-001d9250eb15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{568f29e5-57a6-11df-8728-001d9250eb15}\Shell - "" = AutoRun
O33 - MountPoints2\{568f29e5-57a6-11df-8728-001d9250eb15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{568f29e7-57a6-11df-8728-001d9250eb15}\Shell - "" = AutoRun
O33 - MountPoints2\{568f29e7-57a6-11df-8728-001d9250eb15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e1cdaec4-5998-11df-b292-001d9250eb15}\Shell - "" = AutoRun
O33 - MountPoints2\{e1cdaec4-5998-11df-b292-001d9250eb15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e1cdaec5-5998-11df-b292-001d9250eb15}\Shell - "" = AutoRun
O33 - MountPoints2\{e1cdaec5-5998-11df-b292-001d9250eb15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f00bf3e0-09a1-11e0-81fa-001d9250eb15}\Shell\AutoRun\command - "" = F:\instdata\xaver\bin\xaver.exe -id intro -skin ja wk_gesetze_usb
O33 - MountPoints2\{f00bf3e0-09a1-11e0-81fa-001d9250eb15}\Shell\command - "" = F:\instdata\xaver\bin\xaver.exe -id intro -skin ja wk_gesetze_usb
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1261220303-501515183-852727618-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[3 D:\Users\***\Desktop\*.tmp files -> D:\Users\***\Desktop\*.tmp -> ]
[1 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.28 13:27:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.28 13:20:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.28 13:20:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.28 09:42:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.27 09:28:06 | 000,618,430 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.27 09:28:06 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.27 09:28:06 | 000,122,648 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.27 09:28:06 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.27 09:22:57 | 2143,490,048 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.25 18:45:22 | 000,073,728 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.11 09:29:01 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.11.10 11:04:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[3 D:\Users\***\Desktop\*.tmp files -> D:\Users\***\Desktop\*.tmp -> ]
[1 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.10 11:04:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012.10.11 20:06:28 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2011.05.21 08:25:48 | 000,164,299 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.05.21 08:23:39 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.02.19 15:37:26 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.02.13 13:34:31 | 000,547,232 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2010.12.29 22:09:12 | 000,024,206 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2010.07.19 18:39:58 | 000,001,490 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2010.06.06 07:30:11 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2010.03.19 18:09:57 | 000,073,728 | ---- | C] () -- C:\Users\***AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.17 00:05:33 | 000,000,020 | ---- | C] () -- C:\Users\***\AppData\Roaming\sgcpom.dat
[2009.08.03 15:41:44 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.05.23 20:27:41 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.03.06 19:40:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.09.01 17:44:25 | 000,022,328 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2008.08.02 13:55:26 | 000,028,190 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2008.08.02 13:55:26 | 000,028,190 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.04.10 18:38:20 | 011,580,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.09.26 07:53:57 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 08:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >



Code:
OTL Extras logfile created on: 28.11.2012 13:22:15 - Run 6
OTL by OldTimer - Version 3.2.69.0    Folder = D:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,52% Memory free
4,23 Gb Paging File | 2,90 Gb Available in Paging File | 68,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,18 Gb Total Space | 6,56 Gb Free Space | 19,19% Space Free | Partition Type: NTFS
Drive D: | 192,84 Gb Total Space | 47,48 Gb Free Space | 24,62% Space Free | Partition Type: NTFS
 
Computer Name: MATTHIASB-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-1261220303-501515183-852727618-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1261220303-501515183-852727618-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1AB13EDE-1858-4F4F-8D5E-1D13CDFA5EDB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1F84F366-AD9B-4D2A-95BD-E121EEDDE3DC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{216D5580-3F7D-48CB-B260-BF38F87A9C29}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{72AAAC2B-32F6-4190-BB82-515A342F192F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7ABCBCDA-CC5D-4A3A-8897-572E4850E67A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8465F8EF-E07A-47E2-B79D-C28C21C5EC5B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A1635839-952F-4571-9D85-2324C2A1AA36}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B46A780D-BC49-44C4-B430-8CE321046C61}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013BD9BC-540B-4FC1-9BD7-27A95CFBAA1A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0D29CEA2-B93D-4A03-AB68-EC067BBEB292}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{1394F433-DA2C-4BAC-968B-B41F878E78A9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{269C86CC-1087-4373-BE0E-7044C6FFDBF8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2DB45B9E-AC39-4127-A117-1C329FD838D1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{346CF842-69EE-4E9C-8E3C-3B43AD5DCE7D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{368889E3-1E76-4D2C-B733-7662AF33D269}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{42C0B7A6-99BE-450B-B3AC-8313A683CBD5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{473FF455-E1DF-4B37-AC60-C6A0F0829A8F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{5D99FB48-500E-4126-A43A-3F07B13E7E2D}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{5E7168D0-EAAD-48DF-9F14-F83EFB767766}" = protocol=17 | dir=in | app=d:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{6C3D0412-26D7-4468-9DFD-B79D2FB566EE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6CD874DC-948C-4E7C-AAB6-D11811014350}" = protocol=17 | dir=in | app=d:\users\matthias bauer\downloads\facemoods.exe |
"{6FFF6B8A-CF6D-4760-B296-94073BA444ED}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{72F0CA1D-DC5D-458D-97A2-861A053DB9C1}" = protocol=17 | dir=in | app=d:\program files\ea games\die schlacht um mittelerde(tm)\game.dat |
"{75765285-2B4B-4D4D-9178-70B7A66305ED}" = protocol=17 | dir=in | app=d:\programme\ea games\die schlacht um mittelerde(tm)\game.dat |
"{87BA6DC7-AE8C-45FB-A0A5-76EBB2BCD7B1}" = protocol=6 | dir=in | app=d:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{9009096E-CCFF-40E7-8F5F-AFEC3F041ACD}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{936A96D9-A315-48CE-B287-8D2B0838815D}" = protocol=6 | dir=in | app=d:\programme\ea games\die schlacht um mittelerde(tm)\game.dat |
"{BEDC756B-2630-4726-9510-DEB5664A7C24}" = protocol=6 | dir=in | app=d:\program files\ea games\die schlacht um mittelerde(tm)\game.dat |
"{C244BFBE-6533-43FF-9C57-A03AE4259CFA}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{C2DF287C-00CD-4070-A4B1-291D004CAEB1}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{C90D13C4-D0AF-49C0-BEE8-0260CBEEA456}" = dir=in | app=c:\program files\cyberlink\powerdirector express\pdx.exe |
"{D30D7A49-3F13-4C99-8D89-85EDF91ED73B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{D4F4891E-90C7-4B52-8A8F-E5386AAB5850}" = protocol=6 | dir=in | app=d:\users\matthias bauer\downloads\facemoods.exe |
"{E1E749EA-C830-4C97-A757-351DF17A1A3D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E8EA62C3-84E6-4423-B882-91838B77C89E}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{E965605F-B1F9-4F97-B408-984CFBF3FE3D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{EA728A16-BA51-4191-BB43-44A3D9883393}" = protocol=6 | dir=in | app=d:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{EF5CC3FE-F6AC-4095-86F5-21DEB4670301}" = protocol=17 | dir=in | app=d:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{F001D007-7E6A-4B3F-972F-B447C3DCFAE7}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{FE94626D-9ACC-417B-8515-A15A7D1950C5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{FF113981-AD03-4928-9389-C10DAEDBACDE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"TCP Query User{126A9ED5-D47B-4C2B-B919-6BC332BAD8B1}D:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=d:\program files\trillian\trillian.exe |
"TCP Query User{3C069FAB-32F8-4285-B072-42BC7ACEFE5E}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe |
"TCP Query User{AB692FB7-F6C6-48BA-A88D-AA78577957B0}D:\program files\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=d:\program files\starcraft ii\versions\base23260\sc2.exe |
"TCP Query User{B6F6A7BD-099B-43D5-BA1E-804BB8D2B6EB}D:\program files\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=d:\program files\starcraft ii\versions\base23260\sc2.exe |
"TCP Query User{DC5F9A5B-6827-4A52-B20E-675A3C3472ED}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{828E8DF7-99AF-4BF8-905E-6FBF5D1A5574}D:\program files\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=d:\program files\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{8B84CDCB-4B0F-44AB-A577-3F33852AE2DC}D:\program files\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=d:\program files\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{C76FA35D-4FBD-4910-87CE-3B3E1BD65A78}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{D5E6C96C-ECD4-4FB2-AF1D-FE6575C78128}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe |
"UDP Query User{FC835A09-9E3C-430C-A4C4-ED6659EB6E29}D:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=d:\program files\trillian\trillian.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{23DD6DAA-DDEF-41F5-A527-CECF07FA2CAF}" = 1500
"{2470870F-4F76-4C34-8D6A-C61EF365FBD0}" = Opera 11.50
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C271126-C295-4828-A901-5910AE0C258B}" = Cisco Systems VPN Client 5.0.03.0530
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A2101ACC-DC36-42AA-A576-6FD6A8D466DA}" = 1500_Help
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A4C6B32D-5088-40AF-B74D-CDABEF144F04}" = 1500Trb
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AskPBar Uninstall" = Ask Toolbar
"Azureus" = Azureus
"CloneDVD2" = CloneDVD2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Graboid Video" = Graboid Video 1.71
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"SopCast" = SopCast 3.0.3
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 4" = TeamViewer 4
"TeamViewer 5" = TeamViewer 5
"Trillian" = Trillian
"TVAnts 1.0" = TVAnts 1.0
"TVTool" = TVTool
"Uninstall_is1" = Uninstall 1.0.0.1
"Verbindungsassistent" = Verbindungsassistent
"VLC media player" = VLC media player 1.0.1
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1261220303-501515183-852727618-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"StreamPlug Player 2.3.0" = StreamPlug Player 2.3.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.11.2012 15:15:53 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DivXUpdate.exe, Version 1.0.1.10, Zeitstempel
 0x4c06fc6d, fehlerhaftes Modul MSVCP80.dll, Version 8.0.50727.4053, Zeitstempel
 0x4a594cd0, Ausnahmecode 0xc0000005, Fehleroffset 0x000100b5,  Prozess-ID 0x8b0,
Anwendungsstartzeit 01cdc4f76fdd0a3b.
 
Error - 17.11.2012 15:16:28 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DivXUpdate.exe, Version 1.0.1.10, Zeitstempel
 0x4c06fc6d, fehlerhaftes Modul MSVCP80.dll, Version 8.0.50727.4053, Zeitstempel
 0x4a594cd0, Ausnahmecode 0xc0000005, Fehleroffset 0x000100b5,  Prozess-ID 0xfe8,
Anwendungsstartzeit 01cdc4f807369e6b.
 
Error - 17.11.2012 15:17:59 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DivXUpdate.exe, Version 1.0.1.10, Zeitstempel
 0x4c06fc6d, fehlerhaftes Modul MSVCP80.dll, Version 8.0.50727.4053, Zeitstempel
 0x4a594cd0, Ausnahmecode 0xc0000005, Fehleroffset 0x000100b5,  Prozess-ID 0xc4, Anwendungsstartzeit
 01cdc4f83f40d8e9.
 
Error - 19.11.2012 07:06:23 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DivXUpdate.exe, Version 1.0.1.10, Zeitstempel
 0x4c06fc6d, fehlerhaftes Modul MSVCP80.dll, Version 8.0.50727.4053, Zeitstempel
 0x4a594cd0, Ausnahmecode 0xc0000005, Fehleroffset 0x000100b5,  Prozess-ID 0x950,
Anwendungsstartzeit 01cdc645deed4cac.
 
Error - 25.11.2012 12:17:48 | Computer Name = *** | Source = Windows Backup | ID = 4103
Description =
 
Error - 25.11.2012 12:35:38 | Computer Name = ***| Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DivXUpdate.exe, Version 1.0.1.10, Zeitstempel
 0x4c06fc6d, fehlerhaftes Modul MSVCP80.dll, Version 8.0.50727.4053, Zeitstempel
 0x4a594cd0, Ausnahmecode 0xc0000005, Fehleroffset 0x000100b5,  Prozess-ID 0x780,
Anwendungsstartzeit 01cdcb26abd50103.
 
Error - 25.11.2012 13:45:03 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DivXUpdate.exe, Version 1.0.1.10, Zeitstempel
 0x4c06fc6d, fehlerhaftes Modul MSVCP80.dll, Version 8.0.50727.4053, Zeitstempel
 0x4a594cd0, Ausnahmecode 0xc0000005, Fehleroffset 0x000100b5,  Prozess-ID 0xdec,
Anwendungsstartzeit 01cdcb3497e875e3.
 
Error - 25.11.2012 14:02:31 | Computer Name = *** | Source = Windows Backup | ID = 4103
Description =
 
Error - 27.11.2012 04:25:30 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TosBtMng.exe, Version 5.0.0.38, Zeitstempel
0x45e3c235, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0x818, Anwendungsstartzeit
 01cdcc787966ec65.
 
Error - 28.11.2012 04:43:01 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DivXUpdate.exe, Version 1.0.1.10, Zeitstempel
 0x4c06fc6d, fehlerhaftes Modul MSVCP80.dll, Version 8.0.50727.4053, Zeitstempel
 0x4a594cd0, Ausnahmecode 0xc0000005, Fehleroffset 0x000100b5,  Prozess-ID 0x23c,
Anwendungsstartzeit 01cdcc7878ce55e5.
 
[ OSession Events ]
Error - 05.06.2009 05:01:58 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4011
 seconds with 2160 seconds of active time.  This session ended with a crash.
 
Error - 23.05.2011 03:04:57 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 146
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 25.05.2011 08:55:16 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 86
 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
Error encountered while reading event logs.
 
< End of report >
Mfg BlackSwan

cosinus 28.11.2012 14:21
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


BlackSwan 28.11.2012 15:53
Code:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.28.06

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
*** :: ***-PC [Administrator]

28.11.2012 15:38:56
mbam-log-2012-11-28 (15-38-56).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 195215
Laufzeit: 7 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Eset scan kommt noch nach.

Mfg, BlackSwan

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=562a08de4a4b4647be58e42e9eff7720
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-18 05:28:43
# local_time=2012-10-18 07:28:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776573 100 100 52438525 188100516 0 0
# compatibility_mode=8192 67108863 100 0 284 284 0 0
# compatibility_mode=9217 16777214 75 70 52437271 60647028 0 0
# scanned=154211
# found=4
# cleaned=0
# scan_time=13536
C:\Users\***\AppData\Local\Temp\ICReinstall\Facemoods.exe        probably a variant of Win32/InstallCore.A application (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\43458f85-72bbb8b1        a variant of Java/Agent.BR trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\30c92f3c-47962ca9        a variant of Java/Agent.BR trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\aokres9j.default\user.js        JS/SecurityDisabler.A.Gen application (unable to clean)        00000000000000000000000000000000        I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=562a08de4a4b4647be58e42e9eff7720
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-28 06:37:16
# local_time=2012-11-28 07:37:16 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776573 100 100 2845499 191647405 0 0
# compatibility_mode=8192 67108863 100 0 3547173 3547173 0 0
# scanned=165831
# found=4
# cleaned=0
# scan_time=13160
D:\Users\***\Downloads\Facemoods.exe        probably a variant of Win32/InstallCore.A application (unable to clean)        00000000000000000000000000000000        I
D:\Users\***\Downloads\SoftonicDownloader26910.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
D:\_OTL\MovedFiles\10232012_130946\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\43458f85-72bbb8b1        a variant of Java/Agent.BR trojan (unable to clean)        00000000000000000000000000000000        I
D:\_OTL\MovedFiles\10232012_130946\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\30c92f3c-47962ca9        a variant of Java/Agent.BR trojan (unable to clean)        00000000000000000000000000000000        I
Mfg, BlackSwan

cosinus 29.11.2012 10:15
Code:
D:\Users\***\Downloads\Facemoods.exe
D:\Users\***\Downloads\SoftonicDownloader26910.exe
Wo zu braucht man dieses Facemoods? :wtf:

Und zu Softonic sag ich nur: Finger weg von Softonic!! :pfui:

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller oder von Filepony aber nicht von solchen Toolbarklitschen wie Softonic!

Die anderen beiden Funde sind harmlos, da in der Q von OTL.

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

BlackSwan 29.11.2012 21:54
Vielen Dank für die Hilfe. Ich denke, dass es keine weiteren Probleme gibt. Welches Antivirenprogramm wäre denn zu empfehlen, um mich in Zukunft gegen solche Trojaner zu schützen?
Mfg, BlackSwan

cosinus 29.11.2012 22:54
Zitat:
um mich in Zukunft gegen solche Trojaner zu schützen?
Das hört sich so an, als wenn du die Gesamtverantwortung nur irgendeinem Virenscanner übergibst - Sicherheit hat man nicht indem man nur alles dem Virenscanner delegiert

Halte Dich am besten grob an diese Regeln:
  1. Sei misstrauisch im Internet und v.a. bei unbekannten E-Mails, sei vorsichtig bei der Herausgabe persönlicher Daten!!
  2. Halte Windows und alle verwendeten Programme immer aktuell - unterstützen kann dich dabei Secunia PSI
  3. Führe regelmäßig Backups auf externe Medien durch
  4. Arbeite mit eingeschränkten Rechten
  5. Nutze sicherere Programme wie zB Opera oder Firefox zum Surfen statt den IE, zum Mailen Thunderbird statt Outlook Express - E-Mails nur als reinen text anzeigen lassen
  6. automatische Wiedergabe von allen Laufwerken komplett deaktivieren, denn das ist ein unnötiges Sicherheitsrisiko
  7. Bei der Installation von Software möglichst darauf achten, dass die Setups aus offiziellen Quellen stammen und du bei der Installation nach Möglichkeit die benutzerdefinierte Methode wählst - dann hast du die Möglichkeit etwaigen Schrott (wie Toolbars oder sowas wie RegistryBooster) abzuwählen, welcher sonst einfach mitinstalliert wird.
  8. Bösartige bzw. ungewollte Sites von vornherein blockieren lassen mit Hilfe der MVPS Hosts File => Blocking Unwanted Parasites with a Hosts File
  9. Finger weg von: TuneUp, Registry-Cleanern aller Art, Softonic sowie illegalen Cracks/Keygens oder anderen "Tools" um ein kommerzielles Programm ohne Lizenz nutzen zu können
  10. dubiose Seiten bzw. Kinofilm-Streaming-Portale ebenfalls sein lassen, erstens handelt man sich dort schnell Malware ein oder kann in Abofallen geraten und zweitens bewegen sich diese Seiten in einer rechtlichen Grauzone.


Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar?


Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:47 Uhr.
Seite 3 von 3 12 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131