Polizei Österreich Trojaner (CSD)

Brumpf · 11.09.2012, 11:49

Mahlzeit,

nun habe ich mir auch mal was eingefangen.

Dieser Trojaner ist doch eigentlich schon älter oder ?
Ich kann mich errinern 2010/11 davon gelesen zu haben.

Aber zum Glück gibt es helfende Foren wie dieses.

Ich hab die ersten LOGs bereitgestellt.

Adwcleaner

Code:

ATTFilter

# AdwCleaner v2.001 - Datei am 09/11/2012 um 11:44:50 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : ***** - *****-PC
# Bootmodus : Normal
# Ausgeführt unter : G:\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\Users\*****\AppData\Local\Linkury
Ordner Gefunden : C:\Users\*****\AppData\Local\Smartbar
Ordner Gefunden : C:\Users\*****\AppData\Roaming\Babylon

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKCU\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\SmartbarBackup
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\LinkurySmartBar.BHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\LinkurySmartBar.DockingPanel
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkuryMenuForm
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBarBandObject
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKU\S-1-5-21-1801534256-301574902-269103746-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKU\S-1-5-21-1801534256-301574902-269103746-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=AT&userid=9bfab7dd-773c-4872-afee-43c1a2a48ca5&sp=addr&q={searchTerms}&t={Date}
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=AT&userid=9bfab7dd-773c-4872-afee-43c1a2a48ca5&sp=addr&q={searchTerms}&t={Date}
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=AT&userid=9bfab7dd-773c-4872-afee-43c1a2a48ca5&sp=addr&q={searchTerms}&t={Date}
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=AT&userid=9bfab7dd-773c-4872-afee-43c1a2a48ca5&sp=addr&q={searchTerms}&t={Date}

-\\ Opera v12.0.1467.0

Datei : C:\Users\****\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [5763 octets] - [11/09/2012 11:44:50]

########## EOF - C:\AdwCleaner[R1].txt - [5823 octets] ##########

Malware

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.07.13

Windows 7 Service Pack 1 x64 FAT32
Internet Explorer 9.0.8112.16421
**** :: ****-PC [Administrator]

11.09.2012 09:51:55
mbam-log-2012-09-11 (11-41-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 644112
Laufzeit: 1 Stunde(n), 38 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Users\****\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
E:\SPIELE\Rockstar Games\Manhunt 2\Manhunt 2 v1.0 + 5 Trainer.exe (HackTool.GamesCheat) -> Keine Aktion durchgeführt.
C:\Users\******\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Keine Aktion durchgeführt.
C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.

(Ende)

OTL

Code:

ATTFilter

OTL logfile created on: 11.09.2012 11:50:32 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\*****\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 3,79 Gb Available Physical Memory | 47,39% Memory free
16,00 Gb Paging File | 11,80 Gb Available in Paging File | 73,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1863,01 Gb Total Space | 495,38 Gb Free Space | 26,59% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 161,62 Gb Free Space | 69,40% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 0,01 Gb Free Space | 0,00% Space Free | Partition Type: NTFS
Drive G: | 15,11 Gb Total Space | 10,04 Gb Free Space | 66,46% Space Free | Partition Type: FAT32
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\MOUSE Editor\dll\DLL_Wheel4D.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\dll\DLL_MouseDeviceManager.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\dll\DLL_ZoomControl.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\dll\DLL_AnalyzeGesturesInRight.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\dll\DLL_AnalyzeGesturesInOne.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\dll\DLL_ScrollbarControl.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (CLHNServiceForPowerDVD) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()
SRV - (CyberLink PowerDVD 11.0 Service) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe (CyberLink)
SRV - (CyberLink PowerDVD 11.0 Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WinRing0_1_2_0) -- C:\Users\*****\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys (OpenLibSys.org)
DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl (CyberLink Corp.)
DRV - (ntk_PowerDVD) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys (Cyberlink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://www.plusnetwork.com/?sp=addr&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1801534256-301574902-269103746-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=AT&userid=9bfab7dd-773c-4872-afee-43c1a2a48ca5&sp=addr&q={searchTerms}&t={Date}
IE - HKU\S-1-5-21-1801534256-301574902-269103746-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=AT&userid=9bfab7dd-773c-4872-afee-43c1a2a48ca5&sp=addr&q={searchTerms}&t={Date}
IE - HKU\S-1-5-21-1801534256-301574902-269103746-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1801534256-301574902-269103746-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKU\S-1-5-21-1801534256-301574902-269103746-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 88 A7 A8 CF 8F CD 01  [binary data]
IE - HKU\S-1-5-21-1801534256-301574902-269103746-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=AT&userid=9bfab7dd-773c-4872-afee-43c1a2a48ca5&sp=addr&q={searchTerms}&t={Date}
IE - HKU\S-1-5-21-1801534256-301574902-269103746-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=AT&userid=9bfab7dd-773c-4872-afee-43c1a2a48ca5&sp=addr&q={searchTerms}&t={Date}
IE - HKU\S-1-5-21-1801534256-301574902-269103746-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-1801534256-301574902-269103746-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=AT&userid=9bfab7dd-773c-4872-afee-43c1a2a48ca5&sp=addr&q={searchTerms}&t={Date}
IE - HKU\S-1-5-21-1801534256-301574902-269103746-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1801534256-301574902-269103746-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=a21136bb000000000000002215ea6c1e
IE - HKU\S-1-5-21-1801534256-301574902-269103746-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.25 08:26:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.10.22 09:43:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (YouTube to MP3 Converter) - {E71596B0-A83B-453D-82C1-4BE99947C65F} - C:\Users\*****\AppData\Local\Sevas-S\YouTube to MP3 Converter\BrowserExtensions\IE\YouTubeDownloaderExtension.dll (Sevas-S LLC)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1801534256-301574902-269103746-1000..\Run: [OscarEditor] C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =   [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =   [binary data]
O7 - HKU\S-1-5-21-1801534256-301574902-269103746-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C21AE0CB-4D83-4B5B-B672-2ED5BA764549}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C21AE0CB-4D83-4B5B-B672-2ED5BA764549}: NameServer = 195.16.241.140,195.16.241.141
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{697ba394-0797-11e1-8176-002215ea6c1e}\Shell - "" = AutoRun
O33 - MountPoints2\{697ba394-0797-11e1-8176-002215ea6c1e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{697ba3a8-0797-11e1-8176-002215ea6c1e}\Shell - "" = AutoRun
O33 - MountPoints2\{697ba3a8-0797-11e1-8176-002215ea6c1e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.11 11:49:59 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2012.09.11 09:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.11 09:51:19 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.11 09:51:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.09 21:46:41 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Masters of Horror - The Black Cat (2001, Recording Sessions, FLAC) - Rich Ragsdale
[2012.09.09 09:07:38 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\[EAC][DERP-10008~11] Xenoblade OST
[2012.09.09 08:11:45 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\HOSTER
[2012.09.08 08:00:00 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\STREET FIGHTER
[2012.08.24 14:57:08 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\fltk.org
[2012.08.24 12:14:24 | 000,000,000 | R--D | C] -- C:\Users\*****\Desktop\Alben
[2012.08.24 08:05:16 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\cookiegamemusic - Mega Man X Stage 1- Initiate
[2012.08.23 07:10:43 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\LUSTIGE BILDER 2
[2012.08.18 07:22:05 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Schriften
[2012.08.16 09:37:49 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.16 09:37:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.16 09:37:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.16 09:37:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.16 09:37:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.16 09:37:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.16 09:37:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.16 09:37:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.16 09:37:47 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.16 09:37:47 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.16 09:37:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.16 09:37:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.16 09:37:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.16 05:57:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.16 05:57:09 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.16 05:57:09 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.16 05:57:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.08.16 05:57:02 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.15 13:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\WebM Project
[2012.08.15 13:18:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\WebM Project
[2012.08.15 13:17:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.08.12 20:12:01 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\PeaZip
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.11 09:51:20 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.11 09:49:30 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.11 09:49:30 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.11 09:49:30 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.11 09:49:30 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.11 09:49:30 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.11 09:32:38 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2012.09.11 09:18:19 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.11 09:18:19 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.11 09:11:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.11 09:10:56 | 2146,738,175 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.11 09:09:56 | 004,503,728 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.11 09:05:56 | 000,001,895 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.09.09 08:52:34 | 161,337,436 | ---- | M] () -- C:\Users\*****\Desktop\Masters of Horror - The Black Cat (2001, Recording Sessions, FLAC) - Rich Ragsdale.zip
[2012.09.08 12:34:06 | 000,006,656 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.08 06:58:42 | 007,060,810 | ---- | M] () -- C:\Users\*****\Desktop\05.DJ Fresh - Louder (Drumsound & Bassline Smith Remix).mp3
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.31 21:43:31 | 419,430,402 | ---- | M] () -- C:\Users\*****\Desktop\Various.Artists..Oneechanbara.OST.Colletion.2012MP3.part1.rar
[2012.08.31 21:08:51 | 054,680,430 | ---- | M] () -- C:\Users\*****\Desktop\Various.Artists..Oneechanbara.OST.Colletion.2012MP3.part2.rar
[2012.08.29 07:23:33 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.27 20:50:35 | 000,267,705 | ---- | M] () -- C:\Users\*****\Desktop\464009_463592140332328_909104071_o.jpg
[2012.08.27 20:50:35 | 000,072,382 | ---- | M] () -- C:\Users\*****\Desktop\385493_463592140332328_909104071_n.jpg
[2012.08.27 16:31:00 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.27 16:31:00 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.20 18:23:03 | 000,348,518 | ---- | M] () -- C:\Users\*****\Desktop\Forever+alone+Solution.+Forever+alone+Solution+D_87a6e1_3462146.png
[2012.08.18 14:43:17 | 000,022,964 | ---- | M] () -- C:\Users\*****\Desktop\488327_289021987871401_524602202_n.jpg
[2012.08.16 09:41:03 | 000,295,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.11 09:51:20 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.11 09:05:56 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.11 09:05:56 | 000,001,895 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.09.09 08:49:24 | 161,337,436 | ---- | C] () -- C:\Users\*****\Desktop\Masters of Horror - The Black Cat (2001, Recording Sessions, FLAC) - Rich Ragsdale.zip
[2012.09.08 08:04:10 | 007,060,810 | ---- | C] () -- C:\Users\*****\Desktop\05.DJ Fresh - Louder (Drumsound & Bassline Smith Remix).mp3
[2012.08.31 21:07:15 | 054,680,430 | ---- | C] () -- C:\Users\*****\Desktop\Various.Artists..Oneechanbara.OST.Colletion.2012MP3.part2.rar
[2012.08.31 21:07:10 | 419,430,402 | ---- | C] () -- C:\Users\*****\Desktop\Various.Artists..Oneechanbara.OST.Colletion.2012MP3.part1.rar
[2012.08.28 06:37:31 | 000,072,382 | ---- | C] () -- C:\Users\*****\Desktop\385493_463592140332328_909104071_n.jpg
[2012.08.27 20:50:43 | 000,267,705 | ---- | C] () -- C:\Users\*****\Desktop\464009_463592140332328_909104071_o.jpg
[2012.08.20 18:23:03 | 000,348,518 | ---- | C] () -- C:\Users\*****\Desktop\Forever+alone+Solution.+Forever+alone+Solution+D_87a6e1_3462146.png
[2012.08.18 14:44:31 | 000,022,964 | ---- | C] () -- C:\Users\*****\Desktop\488327_289021987871401_524602202_n.jpg
[2012.05.02 06:29:22 | 000,000,076 | ---- | C] () -- C:\Users\*****\AppData\Local\CrystalDiskMark30.ini
[2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.10.20 13:36:46 | 000,000,001 | ---- | C] () -- C:\Users\*****\AppData\Local\llftool.4.12.agreement
[2011.09.29 22:50:19 | 000,006,656 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.10 11:15:53 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011.09.10 11:15:51 | 004,022,504 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011.09.10 11:15:51 | 000,017,950 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011.09.05 20:25:15 | 000,043,158 | ---- | C] () -- C:\Users\*****\qYwzPDv8ETXT_xl.jpg
[2011.09.05 20:25:04 | 000,015,171 | ---- | C] () -- C:\Users\*****\zoMFDZYKTcJh_l.jpg
[2011.08.12 11:03:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.26 18:18:13 | 000,000,204 | ---- | C] () -- C:\Users\*****\AppData\Roaming\6811918e.dat
 
========== LOP Check ==========
 
[2012.05.04 17:00:10 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ArchiCrypt Ultimate RAM-Disk3
[2012.08.28 10:51:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Audacity
[2012.05.24 15:43:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Babylon
[2011.08.17 07:30:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canon
[2012.07.21 18:37:22 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\CUE Tools
[2012.05.30 20:26:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DAEMON Tools Lite
[2011.08.14 09:00:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\EAC
[2012.07.25 06:40:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FileZilla
[2012.08.24 14:57:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\fltk.org
[2012.09.11 05:44:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\foobar2000
[2011.11.02 21:14:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\fotw
[2011.08.13 14:45:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FreeCommander
[2012.05.05 06:20:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\HandBrake
[2011.08.12 19:14:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\HD Tune Pro
[2011.11.19 08:35:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ImgBurn
[2012.09.10 19:39:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\IrfanView
[2011.09.01 21:37:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\KeePass
[2011.10.16 11:45:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Mipony
[2011.08.31 01:05:00 | 000,000,000 | -HSD | M] -- C:\Users\*****\AppData\Roaming\ms-drivers
[2011.08.12 18:42:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Notepad++
[2011.10.12 13:23:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org
[2012.07.25 07:55:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Opera
[2012.08.12 20:13:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PeaZip
[2012.06.11 21:45:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Sevas-S
[2011.06.15 06:36:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\System
[2011.11.05 13:03:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\T-Mobile
[2012.05.13 22:45:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\T-Mobile Internet Manager
[2011.10.22 09:43:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird
[2012.09.10 19:39:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\uTorrent
[2011.08.31 00:56:48 | 000,000,000 | -HSD | M] -- C:\Users\*****\AppData\Roaming\wyUpdate AU
[2012.07.02 16:37:30 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========

< End of report >

Danke für die Zeit die ihr investiert uns allen zu helfen.

cosinus · 12.09.2012, 10:23

Code:

ATTFilter

Manhunt 2 v1.0 + 5 Trainer.exe (HackTool.GamesCheat)

Aus welcher Quelle ist das? Ist das nur der Trainer?

Zitat:

Keine Aktion durchgeführt.
-> No action taken.

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! Bitte nachholen falls noch nicht getan!

NICHTS voreilig aus der Quarantäne löschen!

Polizei Österreich Trojaner (CSD)

Plagegeister aller Art und deren Bekämpfung: Polizei Österreich Trojaner (CSD)

Polizei Österreich Trojaner (CSD)

Polizei Österreich Trojaner (CSD)

Ähnliche Themen: Polizei Österreich Trojaner (CSD)