Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
diverse Trojaner(u.a. Bundespolizei)

diverse Trojaner(u.a. Bundespolizei)


Log-Analyse und Auswertung: diverse Trojaner(u.a. Bundespolizei)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 2 von 2 1 2
Alt 26.03.2012, 13:02   #16
Swisstreasure
/// Malwareteam
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)


Schritt 1


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 2

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
Alt 26.03.2012, 16:06   #17
Kijera
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)


ESET:

C:\TDSSKiller_Quarantine\25.03.2012_19.39.16\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Olmasco.O trojan
C:\TDSSKiller_Quarantine\25.03.2012_19.39.16\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmasco.S trojan
C:\TDSSKiller_Quarantine\25.03.2012_19.39.16\mbr0000\tdlfs0000\tsk0006.dta Win32/Olmasco.O trojan
C:\TDSSKiller_Quarantine\25.03.2012_19.39.16\mbr0000\tdlfs0000\tsk0007.dta Win64/Olmasco.O trojan
C:\TDSSKiller_Quarantine\25.03.2012_19.39.16\mbr0000\tdlfs0000\tsk0008.dta a variant of Win32/Olmasco.O trojan
C:\TDSSKiller_Quarantine\25.03.2012_19.39.16\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmasco.T trojan
C:\TDSSKiller_Quarantine\25.03.2012_19.39.16\mbr0000\tdlfs0000\tsk0010.dta a variant of Win32/Olmasco.Q trojan
C:\TDSSKiller_Quarantine\25.03.2012_19.39.16\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmasco.X trojan
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\75064ffc-53a45ded multiple threats


OTL.TxtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.03.2012 16:47:19 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Michael\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,69% Memory free
4,24 Gb Paging File | 2,87 Gb Available in Paging File | 67,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 274,06 Gb Free Space | 45,97% Space Free | Partition Type: NTFS
 
Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.25 19:51:50 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.30 18:51:25 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.30 18:51:25 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.06.13 22:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011.04.27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.19 00:39:26 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.15 02:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011.03.25 23:04:56 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.12.18 23:47:30 | 000,041,488 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2008.12.18 23:47:18 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008.12.18 23:47:10 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2008.12.18 23:46:36 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2008.01.25 10:46:52 | 000,150,016 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008.01.21 04:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2009.03.05 10:56:57 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{FA53070F-6E4E-4625-BFCE-25E983AF69A4}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=45e8c160-fd8e-11e0-aa07-00241d1176c4&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 52 69 E3 24 07 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {EF502BDC-8414-4D05-8929-D634B0873592}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{EF502BDC-8414-4D05-8929-D634B0873592}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{FA53070F-6E4E-4625-BFCE-25E983AF69A4}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=45e8c160-fd8e-11e0-aa07-00241d1176c4&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.17 18:16:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.18 17:50:10 | 000,000,000 | ---D | M]
 
[2009.06.20 19:37:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions
[2012.01.06 13:26:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\6ah6h4js.default\extensions
[2011.10.22 02:57:21 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\6ah6h4js.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.25 13:37:41 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\6ah6h4js.default\extensions\keyscrambler@qfx.software.corporation
[2011.10.22 02:57:20 | 000,000,000 | ---D | M] ("Undo Detach Tab") -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\6ah6h4js.default\extensions\undodetachtab@alice0775
[2012.02.18 17:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6AH6H4JS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.03.17 18:16:29 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Michael\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: vshare plugin = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_1\
 
O1 HOSTS File: ([2012.03.26 13:58:28 | 000,000,698 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ScreenManager Pro for LCD] C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe (EIZO NANAO CORPORATION)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Michael\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Michael\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E816D11-4E0D-46C5-B8E1-EE3EABC8F384}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.26 14:23:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.26 14:22:58 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Michael\Desktop\esetsmartinstaller_enu(1).exe
[2012.03.25 23:40:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.03.25 22:14:24 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Michael\Desktop\aswMBR.exe
[2012.03.25 22:12:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.03.25 22:12:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\temp
[2012.03.25 21:47:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.03.25 21:47:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.03.25 21:47:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.03.25 21:47:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.03.25 21:47:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.03.25 21:45:07 | 004,443,082 | R--- | C] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2012.03.25 21:25:25 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\HostsXpert
[2012.03.25 19:51:49 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2012.03.25 19:40:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.03.25 19:32:24 | 002,066,480 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\tdsskiller.exe
[2012.03.23 20:33:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Mozilla-Cache
[2012.03.23 20:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartyPoker
[2012.03.23 20:31:07 | 000,000,000 | ---D | C] -- C:\Programs
[2012.03.18 01:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.29 21:11:59 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Praktikum ;)
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.26 16:31:03 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1999053676-3161577315-4271355828-1002UA.job
[2012.03.26 15:56:15 | 000,005,312 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.26 15:56:15 | 000,005,312 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.26 14:23:00 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Michael\Desktop\esetsmartinstaller_enu(1).exe
[2012.03.26 13:58:28 | 000,000,698 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.03.26 13:56:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.25 23:41:40 | 000,039,125 | ---- | M] () -- C:\Users\Michael\Desktop\Combofix.zip
[2012.03.25 22:18:29 | 000,000,512 | ---- | M] () -- C:\Users\Michael\Desktop\MBR.dat
[2012.03.25 22:14:47 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Michael\Desktop\aswMBR.exe
[2012.03.25 22:10:20 | 000,630,604 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.25 22:10:20 | 000,597,898 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.25 22:10:20 | 000,104,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.25 22:10:19 | 001,451,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.25 22:10:19 | 000,127,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.25 22:03:02 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.25 21:45:25 | 004,443,082 | R--- | M] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe
[2012.03.25 19:51:50 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2012.03.25 19:40:05 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1999053676-3161577315-4271355828-1002Core.job
[2012.03.25 19:32:22 | 002,066,480 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael\Desktop\tdsskiller.exe
[2012.03.24 22:07:31 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.03.24 19:58:37 | 000,000,876 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\arg90729.exe.lnk
[2012.03.24 13:35:34 | 316,789,993 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.03.23 20:32:25 | 000,001,643 | ---- | M] () -- C:\Users\Michael\Desktop\PartyPoker.lnk
[2012.03.18 01:49:25 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.16 23:13:43 | 000,403,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.06 01:33:22 | 000,070,656 | ---- | M] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.05 22:34:33 | 012,662,795 | ---- | M] () -- C:\Users\Michael\Desktop\Egosoft.rar
[2012.02.29 01:08:12 | 003,945,496 | ---- | M] () -- C:\Users\Michael\Desktop\Olly Murs Feat. Rizzle Kicks - Heart Skips A Beat (Original Version) [HQ].mp3
[2012.02.29 01:07:57 | 003,930,472 | ---- | M] () -- C:\Users\Michael\Desktop\Cleaning Out My Closet-Eminem.mp3
[2012.02.29 01:07:35 | 003,054,212 | ---- | M] () -- C:\Users\Michael\Desktop\Milow Ayo Technology lyrics.mp3
[2012.02.29 01:07:11 | 004,456,718 | ---- | M] () -- C:\Users\Michael\Desktop\Cro - Easy Lyrics Full HD.mp3
[2012.02.29 01:06:46 | 004,457,956 | ---- | M] () -- C:\Users\Michael\Desktop\Taio Cruz Troublemaker.mp3
[2012.02.29 01:06:23 | 003,816,010 | ---- | M] () -- C:\Users\Michael\Desktop\Eminem- Lose Yourself.mp3
[2012.02.29 01:06:01 | 004,208,330 | ---- | M] () -- C:\Users\Michael\Desktop\Eminem - Like toy soldiers.mp3
[2012.02.29 01:05:36 | 007,201,420 | ---- | M] () -- C:\Users\Michael\Desktop\prinz pi - stan.mp3
[2012.02.29 01:05:01 | 004,810,449 | ---- | M] () -- C:\Users\Michael\Desktop\KOLLEGAH - 1001 NACHT.mp3
[2012.02.27 01:04:04 | 000,002,622 | ---- | M] () -- C:\Users\Michael\Desktop\1-8087097-6617-t.jpg
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.25 23:41:17 | 000,039,125 | ---- | C] () -- C:\Users\Michael\Desktop\Combofix.zip
[2012.03.25 22:18:29 | 000,000,512 | ---- | C] () -- C:\Users\Michael\Desktop\MBR.dat
[2012.03.25 21:47:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.03.25 21:47:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.03.25 21:47:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.03.25 21:47:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.03.25 21:47:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.03.24 22:07:31 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.03.24 19:58:37 | 000,000,876 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\arg90729.exe.lnk
[2012.03.23 20:32:25 | 000,001,643 | ---- | C] () -- C:\Users\Michael\Desktop\PartyPoker.lnk
[2012.03.18 01:49:25 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.05 22:31:19 | 012,662,795 | ---- | C] () -- C:\Users\Michael\Desktop\Egosoft.rar
[2012.02.29 01:07:58 | 003,945,496 | ---- | C] () -- C:\Users\Michael\Desktop\Olly Murs Feat. Rizzle Kicks - Heart Skips A Beat (Original Version) [HQ].mp3
[2012.02.29 01:07:37 | 003,930,472 | ---- | C] () -- C:\Users\Michael\Desktop\Cleaning Out My Closet-Eminem.mp3
[2012.02.29 01:07:17 | 003,054,212 | ---- | C] () -- C:\Users\Michael\Desktop\Milow Ayo Technology lyrics.mp3
[2012.02.29 01:06:55 | 004,456,718 | ---- | C] () -- C:\Users\Michael\Desktop\Cro - Easy Lyrics Full HD.mp3
[2012.02.29 01:06:26 | 004,457,956 | ---- | C] () -- C:\Users\Michael\Desktop\Taio Cruz Troublemaker.mp3
[2012.02.29 01:06:03 | 003,816,010 | ---- | C] () -- C:\Users\Michael\Desktop\Eminem- Lose Yourself.mp3
[2012.02.29 01:05:37 | 004,208,330 | ---- | C] () -- C:\Users\Michael\Desktop\Eminem - Like toy soldiers.mp3
[2012.02.29 01:05:04 | 007,201,420 | ---- | C] () -- C:\Users\Michael\Desktop\prinz pi - stan.mp3
[2012.02.29 01:04:33 | 004,810,449 | ---- | C] () -- C:\Users\Michael\Desktop\KOLLEGAH - 1001 NACHT.mp3
[2012.02.27 01:03:40 | 000,002,622 | ---- | C] () -- C:\Users\Michael\Desktop\1-8087097-6617-t.jpg
[2011.12.19 22:36:10 | 000,000,163 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\PLGComp.ini
[2011.11.05 18:44:52 | 000,051,186 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\room_v3.dat
[2011.10.30 18:51:29 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.23 02:24:15 | 000,001,356 | ---- | C] () -- C:\Users\Michael\AppData\Local\d3d9caps.dat
[2011.10.22 03:33:38 | 001,474,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.08 18:05:55 | 000,017,408 | ---- | C] () -- C:\Users\Michael\AppData\Local\WebpageIcons.db
[2011.04.15 21:43:15 | 000,046,658 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\room.dat
[2010.11.21 12:38:18 | 002,373,712 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.11.21 12:38:18 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.08.12 23:54:46 | 000,138,880 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
 
========== LOP Check ==========
 
[2011.10.10 00:21:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\.minecraft
[2011.10.22 02:57:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DAoC Portal
[2011.07.21 19:09:02 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft
[2011.04.13 21:59:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.06.26 12:54:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Electronic Arts
[2011.08.28 14:43:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FOG Downloader
[2011.02.05 21:09:02 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FVZilla
[2011.10.22 02:57:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GetRightToGo
[2011.10.22 02:57:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\gtk-2.0
[2010.11.13 22:13:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Image Zone Express
[2011.10.22 02:57:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\IrfanView
[2012.01.17 00:00:28 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LibreOffice
[2010.07.20 14:13:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LolClient
[2009.11.27 14:54:24 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.07.25 14:32:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Miranda
[2011.01.02 00:49:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Mumble
[2010.12.20 15:55:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Need for Speed World
[2011.07.30 00:25:33 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Octoshape
[2009.12.06 16:21:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OpenOffice.org
[2011.09.08 18:14:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Opera
[2009.06.20 15:45:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PeerNetworking
[2010.11.13 22:08:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Printer Info Cache
[2011.10.22 21:32:33 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\QFX Software
[2011.02.05 21:03:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\RayV
[2011.07.28 16:14:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TeamViewer
[2011.11.21 18:56:54 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TS3Client
[2012.03.25 22:01:53 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.03.25 23:40:48 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.10.15 01:05:19 | 000,000,000 | ---D | M] -- C:\5df39368baf6cd41c05ebaedf05f
[2011.10.22 02:59:15 | 000,000,000 | ---D | M] -- C:\83eaa1e121a24b94c433c460
[2009.06.20 19:11:58 | 000,000,000 | ---D | M] -- C:\Boot
[2012.02.19 01:25:15 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2011.10.22 02:59:15 | 000,000,000 | ---D | M] -- C:\Dark Age of Camelot - Catacombs
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.03.17 15:53:46 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.06.06 16:50:53 | 000,000,000 | ---D | M] -- C:\downloads
[2012.03.25 22:00:37 | 000,000,000 | ---D | M] -- C:\FavoriteVideo
[2011.10.22 02:59:15 | 000,000,000 | ---D | M] -- C:\Fraps
[2009.03.05 11:01:21 | 000,000,000 | ---D | M] -- C:\Intel
[2009.12.06 17:10:34 | 000,000,000 | R--D | M] -- C:\MSOCache
[2009.06.20 20:34:54 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2008.01.21 05:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.10 21:50:54 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.26 14:23:32 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.03.24 22:07:31 | 000,000,000 | ---D | M] -- C:\ProgramData
[2008.03.17 15:53:46 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.03.23 20:31:07 | 000,000,000 | ---D | M] -- C:\Programs
[2012.03.25 22:12:16 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.07.21 15:05:47 | 000,000,000 | ---D | M] -- C:\Riot Games
[2012.03.26 16:49:29 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.25 19:40:00 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine
[2011.03.25 23:04:56 | 000,000,000 | ---D | M] -- C:\Temp
[2011.10.23 02:58:47 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.25 22:12:12 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\ERDNT\cache86\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2010.02.06 15:24:58 | 000,004,608 | ---- | M] () MD5=F1F87C4F938BC890F04FA4C538C2D522 -- C:\System Volume Information\SystemRestore\FRStaging\Users\Michael\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v40266245\Native\STUBEXE\@SYSTEM@\explorer.exe
[2010.02.06 15:24:58 | 000,004,608 | ---- | M] () MD5=F1F87C4F938BC890F04FA4C538C2D522 -- C:\Users\Michael\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v40266245\Native\STUBEXE\@SYSTEM@\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe
[2008.01.21 04:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe
[2008.01.21 04:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\ERDNT\cache86\regedit.exe
[2008.01.21 04:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache86\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\ERDNT\cache64\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
--- --- ---
Extra.Txt ist keins aufgegangen.
__________________
Alt 26.03.2012, 19:34   #18
Swisstreasure
/// Malwareteam
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)


Schritt 1
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL

IE - HKLM\..\SearchScopes\{FA53070F-6E4E-4625-BFCE-25E983AF69A4}: "URL" = 
Schritt 1
hxxp://startsear.ch/?aff=1&src=sp&cf=45e8c160-fd8e-11e0-aa07-00241d1176c4&q={searchTerms}
IE - HKCU\..\SearchScopes\{FA53070F-6E4E-4625-BFCE-25E983AF69A4}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=45e8c160-fd8e-11e0-aa07-00241d1176c4&q={searchTerms}
:Commands
[purity]
[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Schritt 3

Wo bestehen noch Probleme?
__________________
Alt 26.03.2012, 19:53   #19
Kijera
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)


OTL

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FA53070F-6E4E-4625-BFCE-25E983AF69A4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA53070F-6E4E-4625-BFCE-25E983AF69A4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FA53070F-6E4E-4625-BFCE-25E983AF69A4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA53070F-6E4E-4625-BFCE-25E983AF69A4}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Heroes of Might and Magic
->Temp folder emptied: 0 bytes

User: Michael
->Temp folder emptied: 1838900 bytes
->Temporary Internet Files folder emptied: 6833797 bytes
->Java cache emptied: 40996 bytes
->FireFox cache emptied: 22727447 bytes
->Google Chrome cache emptied: 856432 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 4041 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1591808 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17564 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 942109 bytes

Total Files Cleaned = 33,00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 03262012_204219

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\SET837C.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET868B.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

TFC ausgeführt.
Mein Browser geht immernoch nicht wirklich schneller :/ scheint vorallem irgendwie dauerzulaggen.
Desweiteren kommt neuerdings beim Starten des Pcs wenn der Desktop erscheint di Meldung
"RUNDLL
Fehler beim Laden von C:\Users\Michael\AppData\Local\Temp\arg90729.exe

Das angegebene Modul wurde nicht gefunden."

Alt 27.03.2012, 18:07   #20
Swisstreasure
/// Malwareteam
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)


Schritt 1
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
[2012.03.24 19:58:37 | 000,000,876 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\arg90729.exe.lnk
[2012.03.24 19:58:37 | 000,000,876 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\arg90729.exe.lnk
:Commands
[purity]
[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

MBR mit aswMBR von Avast wiederherstellen

Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop nicht woanders hin, falls noch nicht vorhanden.

Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen.
Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen.

Klicke Scan, um den Suchlauf zu starten.

Wenn der Scan beendet ist, was mit Scan finished sucessfull! angezeigt wird, klicke auf FixMBR, um den MBR wiederherzustellen.


Alt 10.04.2012, 13:03   #21
Kijera
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)


Heyho, sorry dass ich erst so spät antworte war in nem Kurzurlaub

All processes killed
========== OTL ==========
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\arg90729.exe.lnk moved successfully.
File C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\arg90729.exe.lnk not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Heroes of Might and Magic
->Temp folder emptied: 0 bytes

User: Michael
->Temp folder emptied: 171389 bytes
->Temporary Internet Files folder emptied: 38157237 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 28211883 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 809 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1591808 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1991948253 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.965,00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04102012_135623

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\SET837C.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET868B.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Alt 10.04.2012, 13:41   #22
Swisstreasure
/// Malwareteam
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)


Wo bleibt Schritt 2

Alt 10.04.2012, 18:56   #23
Kijera
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-10 19:53:59
-----------------------------
19:53:59.772 OS Version: Windows x64 6.0.6002 Service Pack 2
19:53:59.773 Number of processors: 2 586 0x1706
19:53:59.773 ComputerName: MICHAEL-PC UserName: Michael
19:54:01.467 Initialize success
19:54:17.634 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:54:17.636 Disk 0 Vendor: SAMSUNG_HD642JJ 1AA01113 Size: 610479MB BusType: 3
19:54:17.658 Disk 0 MBR read successfully
19:54:17.660 Disk 0 MBR scan
19:54:17.662 Disk 0 Windows VISTA default MBR code
19:54:17.664 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 610477 MB offset 63
19:54:17.681 Disk 0 scanning C:\Windows\system32\drivers
19:54:23.798 Service scanning
19:54:29.682 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
19:54:36.732 Modules scanning
19:54:36.737 Disk 0 trace - called modules:
19:54:36.740
19:54:36.744 Scan finished successfully
19:55:16.040 Verifying
19:55:26.052 Disk 0 Windows 600 MBR fixed successfully
19:55:44.458 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
19:55:44.492 The log file has been saved successfully to "C:\Users\Michael\Desktop\Trojaner Bard aswMBR.txt"

Alt 11.04.2012, 14:14   #24
Swisstreasure
/// Malwareteam
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)


Wie läuft die Kiste?

Alt 11.04.2012, 17:18   #25
Kijera
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)


Hm, Mozilla Firefox ist immernoch verdammt langsam und hatte eben einen Grafikbug, der meinen Compiter hat abstürzen lassen.
Ob das was mit Trojanern zu tun hat weiß ich jetzt nicht, ansonsten läuft aber alles

Alt 12.04.2012, 00:50   #26
Swisstreasure
/// Malwareteam
 
diverse Trojaner(u.a. Bundespolizei) - Standard

diverse Trojaner(u.a. Bundespolizei)


Firefox einmal neu installieren schon versucht?

Antwort
Seite 2 von 2 1 2

Themen zu diverse Trojaner(u.a. Bundespolizei)
anhang, betriebssystem, bildschirm, brauche, browser, bundespolizei trojaner google links, diverse, euro, folge, google, infizierte, langsam, link, malwarebytes, meldung, paysafecard, schließt, schnell, sehr langsam, seite, seiten, selbständig, task-manager, taskleiste, trojaner, vista, windows-firewall, wirklich, öffnet


« Trojaner "System Check" deinstalliert - System sauber? | 100 € Trojaner eingefangen »


Ähnliche Themen: diverse Trojaner(u.a. Bundespolizei)


  1. Backdoor und diverse Trojaner gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.08.2013 (13)
  2. diverse Trojaner entdeckt
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (9)
  3. Diverse Trojaner ?
    Log-Analyse und Auswertung - 17.07.2012 (31)
  4. Diverse Trojaner entdeckt
    Log-Analyse und Auswertung - 29.05.2012 (6)
  5. Diverse Viren und Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.04.2012 (1)
  6. Verseuchter PC (diverse Trojaner?)
    Log-Analyse und Auswertung - 20.01.2011 (22)
  7. diverse Trojaner vorhanden.
    Plagegeister aller Art und deren Bekämpfung - 27.09.2010 (13)
  8. Fehler c000021a und diverse Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.03.2010 (22)
  9. diverse Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.08.2009 (5)
  10. Diverse Trojaner und svchost fehler
    Log-Analyse und Auswertung - 12.06.2009 (2)
  11. Diverse BHO-Trojaner..
    Log-Analyse und Auswertung - 24.01.2009 (10)
  12. Antivir meldet diverse Trojaner
    Log-Analyse und Auswertung - 06.12.2008 (0)
  13. Diverse Viren / Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.07.2007 (1)
  14. Diverse Viren und Trojaner
    Log-Analyse und Auswertung - 26.08.2006 (1)
  15. Diverse Probleme = Trojaner?!
    Log-Analyse und Auswertung - 24.05.2006 (5)
  16. Diverse Würmer und Trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.02.2005 (1)
  17. diverse Trojaner
    Log-Analyse und Auswertung - 23.06.2004 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema diverse Trojaner(u.a. Bundespolizei) - Schritt 1 ESET Online Scanner Hier findest du eine bebilderte Anleitung zu ESET Online Scanner Lade und starte Eset Online Scanner Setze einen Haken bei Ja, ich bin mit den - diverse Trojaner(u.a. Bundespolizei)...
Archiv
Du betrachtest: diverse Trojaner(u.a. Bundespolizei) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55