Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojaner"Zahlungsauforderung Suisa"

Trojaner"Zahlungsauforderung Suisa"


Plagegeister aller Art und deren Bekämpfung: Trojaner"Zahlungsauforderung Suisa"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 2 1 2
Alt 02.05.2012, 18:56   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner"Zahlungsauforderung Suisa" - Standard

Trojaner"Zahlungsauforderung Suisa"


Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.05.2012, 19:24   #17
bstli
 
Trojaner"Zahlungsauforderung Suisa" - Standard

Trojaner"Zahlungsauforderung Suisa"


Hier das Log:

Code:
ATTFilter
OTL logfile created on: 5/2/2012 9:09:57 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 1.23 Gb Free Space | 1.26% Space Free | Partition Type: NTFS
Drive H: | 3.76 Gb Total Space | 3.55 Gb Free Space | 94.42% Space Free | Partition Type: FAT32
Drive I: | 833.85 Gb Total Space | 526.17 Gb Free Space | 63.10% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/06/30 17:55:58 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV:64bit: - [2011/04/27 12:08:54 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/04 09:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/10/20 12:44:57 | 000,189,248 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/10/20 12:44:47 | 000,075,064 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/22 14:47:18 | 000,212,232 | ---- | M] (DeviceVM, Inc.) [Auto] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/04 13:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/04/27 11:23:42 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/04/04 09:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/06/30 17:55:59 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/30 17:55:59 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/18 07:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/03/18 07:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2010/04/27 07:40:58 | 000,388,448 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netr7064.sys -- (rt70x64)
DRV:64bit: - [2009/11/23 11:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 11:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2009/07/17 11:32:04 | 000,109,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/03 06:21:50 | 000,210,944 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/07/01 05:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009/02/03 11:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2007/04/11 09:35:30 | 000,056,080 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2007/04/11 09:35:22 | 000,053,520 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007/04/11 09:34:58 | 000,035,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2006/12/05 05:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/07/10 12:21:22 | 000,022,936 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV:64bit: - [2006/06/14 10:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2011/08/14 05:54:03 | 000,002,996 | ---- | M] (Buzz) [Kernel | System] -- C:\Windows\SysWOW64\drivers\hwinterface.sys -- (hwinterface)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A A6 D2 5B 59 62 CB 01  [binary data]
IE - HKU\Administrator_ON_C\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/01/20 15:54:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox [2011/08/16 14:25:08 | 000,000,000 | ---D | M]
 
[2010/08/24 15:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2010/08/24 15:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
File not found (No name found) -- 
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\THUNDERBIRD\PROFILES\42HNEZ0A.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI
 
O1 HOSTS File: ([2012/04/29 16:27:43 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  File not found
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Administrator\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Administrator\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKU\Administrator_ON_C..\Run: [Steam]  File not found
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LCDHost.lnk =  File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk =  File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/01 13:47:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/05/01 12:29:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012/05/01 12:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/01 12:27:46 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/01 12:27:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/29 16:27:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/29 10:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\aD28283NfNbH28283
[2012/04/28 01:57:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/27 11:23:42 | 000,834,544 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2012/04/27 11:23:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LSoft Technologies
[2012/04/27 11:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012/04/26 18:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/04/26 18:00:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Simply Super Software
[2012/04/26 18:00:14 | 000,598,528 | ---- | C] (Igor Pavlov) -- C:\Windows\SysWow64\ztv7z.dll
[2012/04/26 18:00:14 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ztvcabinet.dll
[2012/04/26 18:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012/04/26 18:00:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012/04/26 18:00:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Simply Super Software
[2012/04/26 18:00:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012/04/26 13:41:15 | 000,000,000 | ---D | C] -- C:\FRST
[2012/04/24 13:10:59 | 000,101,520 | ---- | C] (Syntek Ltd.) -- C:\Windows\SysWow64\drivers\STK02NW2.sys
[2012/04/24 13:10:59 | 000,033,728 | ---- | C] (Syntek Ltd.) -- C:\Windows\SysWow64\drivers\STK02NW1.sys
[2012/04/24 13:10:58 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\STK02NP.ax
[2012/04/24 13:10:58 | 000,000,000 | ---D | C] -- C:\Windows\STK02N
[2012/04/11 21:03:09 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2012/04/11 21:03:09 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/11 21:03:08 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/11 21:03:08 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2012/04/11 21:03:08 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/11 21:03:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/11 21:03:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/11 21:03:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/11 21:03:07 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/11 21:03:07 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/11 21:03:07 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/04/11 21:03:07 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/11 21:02:58 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/11 21:02:53 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wintrust.dll
[2012/04/11 21:02:53 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2012/04/11 21:02:53 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imagehlp.dll
[2012/04/11 21:02:53 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll
[2012/04/11 21:02:53 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fs_rec.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/02 14:03:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/02 14:03:02 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/02 14:03:02 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/02 11:05:19 | 000,053,333 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/05/02 11:05:19 | 000,053,333 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/05/01 18:09:40 | 000,046,592 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/29 19:02:49 | 000,639,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/04/29 19:02:49 | 000,604,804 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/29 19:02:49 | 000,131,250 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/04/29 19:02:49 | 000,108,136 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/28 15:21:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2012/04/27 17:07:58 | 000,017,571 | ---- | M] () -- C:\Windows\System32\msrgman.dav
[2012/04/27 11:23:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2012/04/26 19:06:21 | 000,301,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/26 18:46:42 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/04/26 18:00:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012/04/26 16:03:18 | 000,039,594 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20120426_220230.reg
[2012/04/26 15:52:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry CleanUP 5
[2012/04/24 13:10:58 | 000,001,391 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\STK02N 2.3 PNP Monitor.lnk
[2012/04/04 09:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/04/26 18:00:14 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar39.dll
[2012/04/26 18:00:14 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2012/04/26 18:00:14 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2012/04/26 18:00:14 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2012/04/26 18:00:14 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012/04/26 16:02:33 | 000,039,594 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20120426_220230.reg
[2012/04/24 13:10:58 | 000,001,391 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\STK02N 2.3 PNP Monitor.lnk
[2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/25 22:35:03 | 000,187,124 | ---- | C] () -- C:\Windows\Kino Mogul Uninstaller.exe
[2011/02/08 16:23:45 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
[2011/02/08 16:22:48 | 001,502,086 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/24 19:32:03 | 000,000,098 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2010/11/24 19:31:51 | 000,192,174 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe
[2010/10/20 12:44:47 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010/10/20 12:44:47 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/10/20 12:44:47 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/10/10 19:17:02 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\apache.dll
[2010/08/08 04:59:49 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/08/08 04:59:29 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/08/08 04:59:08 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/08/07 07:40:44 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2010/08/05 17:21:50 | 000,046,592 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/05 15:44:24 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010/08/03 17:35:34 | 000,053,333 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/03 17:35:33 | 000,053,333 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/08/03 17:15:19 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/08/03 17:11:47 | 000,001,460 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2010/04/06 06:10:15 | 000,225,411 | ---- | C] () -- C:\Windows\SysWow64\PosPrKpLib.dll
[2010/04/06 06:10:07 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\PosTickerLib.dll
[2009/05/30 00:42:00 | 000,309,248 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2009/03/11 21:01:00 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\DirectCOM.dll
[2008/10/07 03:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 03:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 03:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/06/21 02:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 11:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI
[2005/09/23 07:52:14 | 000,078,848 | ---- | C] () -- C:\Windows\SysWow64\OneWay.dll
[2002/06/02 10:05:40 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\1Way.dll
 
========== LOP Check ==========
 
[2010/11/24 19:43:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Artweaver
[2012/05/01 19:32:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Azureus
[2011/03/14 16:30:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011/07/25 18:38:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FrostWire
[2010/12/28 08:07:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GetRightToGo
[2011/08/08 19:33:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Grand Ages Rome
[2011/08/16 14:25:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Gutscheinmieze
[2010/08/28 18:50:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2010/11/05 15:22:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Raptr
[2012/04/26 18:00:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Simply Super Software
[2011/06/13 17:58:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Software4u
[2012/01/20 15:54:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thunderbird
[2011/10/15 09:49:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tropico 3
[2011/02/08 16:29:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Turbine
[2010/08/12 18:42:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\UFOAI
[2012/03/01 18:41:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity
[2012/03/12 16:53:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Wargaming
[2012/04/17 13:25:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\wargaming.net
[2012/04/29 10:39:48 | 000,000,000 | ---D | M] -- C:\ProgramData\aD28283NfNbH28283
[2010/08/03 17:09:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/11/24 19:43:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Artweaver
[2010/08/07 08:29:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Azureus
[2011/12/28 08:27:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Computer Updater
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/08/03 17:09:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/10/20 13:09:35 | 000,000,000 | -HSD | M] -- C:\ProgramData\DSS
[2011/07/20 17:33:03 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2011/07/20 17:33:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2010/08/03 17:09:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/08/14 03:03:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Intenium
[2010/10/15 19:15:13 | 000,000,000 | ---D | M] -- C:\ProgramData\OfficeRecovery
[2010/10/24 19:23:29 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2010/08/12 18:22:37 | 000,000,000 | ---D | M] -- C:\ProgramData\ScreenSeven
[2012/04/26 18:00:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Simply Super Software
[2011/06/13 17:58:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Software4u
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/08/03 17:09:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2012/04/29 21:50:19 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/05/21 19:49:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2010/08/03 17:09:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/10/02 15:46:33 | 000,000,000 | -H-D | M] -- C:\ProgramData\{A4B500C8-F3EB-4AD9-9762-515CCA35FD16}
[2012/05/02 14:03:02 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >
__________________
Alt 02.05.2012, 19:45   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner"Zahlungsauforderung Suisa" - Standard

Trojaner"Zahlungsauforderung Suisa"


Zitat:
OTLPE by OldTimer
Wieso OTLPE - du solltest normal unter deinem installierten Windows OTL runterladen und damit ein Log machen!
__________________
__________________
Antwort
Seite 2 von 2 1 2

Themen zu Trojaner"Zahlungsauforderung Suisa"
abgesicherte, abgesicherten, abgesicherter, arten, desktop, erscheint, farbar, farbar recovery scan tool, funktionier, gen, gesperrt, laptop, meldung, meldungen, modus, nexus, normalen, probleme, starte, starten, stick, troja, trojaner, trojanerseite, usb, versucht, vista, warnmeldungen, windowsstart, zahlung


« SMART HDD Malware war da, ist nun aber verschwunden? | Von windows werden 50€ verlangt »


Ähnliche Themen: Trojaner"Zahlungsauforderung Suisa"


  1. "Suspicious.Cloud.9" (Trojaner) und "SAPE.DnwldSponsor.2" (Virus?, vielleicht False Positive)
    Plagegeister aller Art und deren Bekämpfung - 22.08.2015 (23)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. Trojaner-Warnung! Im Betreff: "Die Zahlung fur…" und "Dankeschon fur das Einkaufen mit uns heute! Ihre Bestellung wird derzeit verarbeitet."
    Diskussionsforum - 25.07.2014 (0)
  4. Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.04.2014 (77)
  5. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  6. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  7. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  8. BKA-Trojaner "GEMA / SUISA / GVU 2.03", Windows XP
    Log-Analyse und Auswertung - 10.08.2012 (25)
  9. Gerade GVU Trojaner mit Webcam "gehabt", ist es wirklich dank Malewarebytes weg? Wo ist die "Lücke"?
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (23)
  10. Sperrtrojaner-PC gesperrt von "Suisa"
    Mülltonne - 09.07.2012 (1)
  11. Sperrtrojaner-PC gesperrt von "Suisa"
    Log-Analyse und Auswertung - 09.07.2012 (1)
  12. Startseite fehlerhaft, stets "NatWest" (www.nwolb.com) Trojaner "Trojan.ZBotR.Gen" gefunden
    Log-Analyse und Auswertung - 02.04.2012 (28)
  13. Trojaner "Es besteht keine Internetverbindung" - "REATOGO X-PE Desktop" wird nicht angezeigt
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (19)
  14. Öffentliches Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Netzwerk und Hardware - 02.05.2011 (14)
  15. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  16. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)
  17. eTrust fand "einen" Trojaner, danach AntiVir noch "vier"..!!??
    Plagegeister aller Art und deren Bekämpfung - 26.12.2005 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner"Zahlungsauforderung Suisa" - Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: - Trojaner"Zahlungsauforderung Suisa"...
Archiv
Du betrachtest: Trojaner"Zahlungsauforderung Suisa" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130