Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Verdacht das Rechner infiziert ist! Antivir gab einie Warnungen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.09.2012, 20:31   #1
RealSnapshot
 
Verdacht das Rechner infiziert ist! Antivir gab einie Warnungen - Standard

Verdacht das Rechner infiziert ist! Antivir gab einie Warnungen



Siehe Überschrift

P.S Antivir ist nicht das beste. Meldet oft Fehlalarm. Habt ihr ne kostenlose Alternative oder n günnstiges Kaufprogramm!?

Danke

Zum Problem:

OTL hat nur die OTL.txt ausgespuckt keine Extra.txt

OTL logfile created on: 9/12/2012 8:21:00 PM - Run 2
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Snapshot\Desktop\Trojaner Board
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.98 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 63.16% Memory free
7.95 Gb Paging File | 6.28 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200.00 Gb Total Space | 106.73 Gb Free Space | 53.36% Space Free | Partition Type: NTFS
Drive D: | 384.25 Gb Total Space | 78.18 Gb Free Space | 20.34% Space Free | Partition Type: NTFS
Drive F: | 1.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SNAPSHOT-MSI | User Name: Snapshot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Snapshot\Desktop\Trojaner Board\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - c:\postgreSQL\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - c:\postgreSQL\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
PRC - C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\26daa22c5b2e8fdef6d29e9778f5cd7c\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\5f372e58dfe4ae5e62245625b925700f\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0af36b5de27960f649fcd6fe6e95c03d\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a9f6cfa4eb1436ff770995822f10e227\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c8aa11ee6789d0f3f5542747aad7a2e4\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\40404dbd013b0ca1e41ab7e57274308b\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c68401de935c813374253d4fc2a18f6a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\338f3c91a0bea33a07a4611d324bf73a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\acbc57d41499fbc2b99194148786c677\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:64bit: - (NIHardwareService) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)
SRV:64bit: - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)
SRV:64bit: - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (postgresql-8.4) -- c:\postgreSQL\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (MSI Foundation Service) -- C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe (MSI)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Micro Star SCM) -- C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MGHwCtrl) -- C:\Program Files\msi\msi Software Install\MGHwCtrl.sys File not found
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\drivers\fltsrv.sys (Acronis)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV:64bit: - (BTMUSB) -- C:\Windows\SysNative\drivers\btmusb.sys (Motorola, Inc.)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (BTMHID) -- C:\Windows\SysNative\drivers\btmhid.sys (Motorola, Inc.)
DRV:64bit: - (BTMCOM) -- C:\Windows\SysNative\drivers\btmcom.sys (Motorola, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (fspad_xp64) -- C:\Windows\SysNative\drivers\fspad_xp64.sys (Sentelic Corporation)
DRV:64bit: - (fspad_wlh64) -- C:\Windows\SysNative\drivers\fspad_wlh64.sys (Sentelic Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NTIOLib_1_0_4) -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys (MSI)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (MSI_MSIBIOS_010507) -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys (Your Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4FD3082A-0D3E-4C5A-AF3B-71E07D4F947D}
IE:64bit: - HKLM\..\SearchScopes\{4FD3082A-0D3E-4C5A-AF3B-71E07D4F947D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSI2DF&pc=MAM2&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://msi.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {EC5D5355-D59D-4754-8C8D-0876EEEDB5AC}
IE - HKLM\..\SearchScopes\{EC5D5355-D59D-4754-8C8D-0876EEEDB5AC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSI2DF&pc=MAM2&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=100482&babsrc=HP_ss&mntrId=523d542f0000000000008ca98241d4d3
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100482&babsrc=SP_ss&mntrId=523d542f0000000000008ca98241d4d3
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: 2.0@disconnect.me:0.0.0
FF - prefs.js..extensions.enabledAddons: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.14
FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.2
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=100482&babsrc=adbartrp&mntrId=523d542f0000000000008ca98241d4d3&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 16:54:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/08 16:54:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Snapshot\AppData\Roaming\5053 [2011/12/12 10:47:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 16:54:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/08 16:54:36 | 000,000,000 | ---D | M]

[2011/06/18 15:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snapshot\AppData\Roaming\mozilla\Extensions
[2012/09/12 19:15:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snapshot\AppData\Roaming\mozilla\Firefox\Profiles\n1sg5p09.default\extensions
[2012/04/11 23:58:25 | 000,000,000 | ---D | M] (Disconnect) -- C:\Users\Snapshot\AppData\Roaming\mozilla\Firefox\Profiles\n1sg5p09.default\extensions\2.0@disconnect.me
[2012/09/12 19:15:20 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Snapshot\AppData\Roaming\mozilla\firefox\profiles\n1sg5p09.default\extensions\testpilot@labs.mozilla.com.xpi
[2012/08/03 16:29:18 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Snapshot\AppData\Roaming\mozilla\firefox\profiles\n1sg5p09.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/02 20:55:23 | 000,699,353 | ---- | M] () (No name found) -- C:\Users\Snapshot\AppData\Roaming\mozilla\firefox\profiles\n1sg5p09.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012/09/09 22:08:19 | 000,000,950 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\mozilla\firefox\profiles\n1sg5p09.default\searchplugins\icqplugin-1.xml
[2011/11/08 02:17:07 | 000,000,950 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\mozilla\firefox\profiles\n1sg5p09.default\searchplugins\icqplugin-10.xml
[2011/06/30 16:08:57 | 000,000,950 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\mozilla\firefox\profiles\n1sg5p09.default\searchplugins\icqplugin-2.xml
[2011/08/17 20:31:52 | 000,000,950 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\mozilla\firefox\profiles\n1sg5p09.default\searchplugins\icqplugin-3.xml
[2011/08/19 12:54:44 | 000,000,950 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\mozilla\firefox\profiles\n1sg5p09.default\searchplugins\icqplugin-4.xml
[2011/08/19 13:14:29 | 000,000,950 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\mozilla\firefox\profiles\n1sg5p09.default\searchplugins\icqplugin-5.xml
[2011/09/03 17:28:51 | 000,000,950 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\mozilla\firefox\profiles\n1sg5p09.default\searchplugins\icqplugin-6.xml
[2011/09/11 14:11:05 | 000,000,950 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\mozilla\firefox\profiles\n1sg5p09.default\searchplugins\icqplugin-7.xml
[2011/10/02 19:47:45 | 000,000,950 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\mozilla\firefox\profiles\n1sg5p09.default\searchplugins\icqplugin-8.xml
[2011/10/09 23:57:06 | 000,000,950 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\mozilla\firefox\profiles\n1sg5p09.default\searchplugins\icqplugin-9.xml
[2011/03/30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Snapshot\AppData\Roaming\mozilla\firefox\profiles\n1sg5p09.default\searchplugins\icqplugin.xml
[2012/09/08 16:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/09/08 16:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2011/12/12 10:47:18 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\SNAPSHOT\APPDATA\ROAMING\5053
[2012/09/08 16:54:39 | 000,260,576 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/08/05 00:19:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/07 17:54:05 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/08/05 00:19:39 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/05 00:19:39 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/06/19 14:30:03 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/08/05 00:19:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/08/05 00:19:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/08/05 00:19:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - Extension: YouTube = C:\Users\Snapshot\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Snapshot\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Snapshot\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/02/01 04:36:23 | 000,002,093 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 195.72.134.100 www.bwin.com
O1 - Hosts: 195.72.134.209 www.bwin.com.mx
O1 - Hosts: 195.72.134.179 www.bwin.com.ar
O1 - Hosts: 195.72.134.187 www.bwin.it
O1 - Hosts: 195.72.134.133 www.betoto.com
O1 - Hosts: 195.72.135.47 home.bwin.com
O1 - Hosts: 195.72.135.49 home.bwin.com.mx
O1 - Hosts: 195.72.135.50 home.bwin.com.ar
O1 - Hosts: 195.72.135.51 home.bwin.it
O1 - Hosts: 195.72.135.86 home.betoto.com
O1 - Hosts: 195.72.135.33 www.betandwin.com
O1 - Hosts: 195.72.135.35 www.betandwin.it
O1 - Hosts: 195.72.134.115 live.bwin.com
O1 - Hosts: 195.72.134.115 live.bwin.com.mx
O1 - Hosts: 195.72.134.115 live.bwin.com.ar
O1 - Hosts: 195.72.134.115 live.bwin.it
O1 - Hosts: 195.72.134.153 www2.bwin.com
O1 - Hosts: 195.72.134.153 www101.bwin.com
O1 - Hosts: 195.72.134.153 www111.bwin.com
O1 - Hosts: 195.72.135.57 casino1.bwin.com
O1 - Hosts: 195.72.135.63 games1.bwin.com
O1 - Hosts: 195.72.135.68 poker1.bwin.com
O1 - Hosts: 195.72.134.111 www.bwin.org
O1 - Hosts: 195.72.134.111 www.bwin.ag
O1 - Hosts: 41 more lines...
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-Q9KAO.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A606FDE-BCF7-46CA-A072-EC3F518D56B9}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACB11BFB-515C-4A82-B3E4-4F90D1DF876F}: DhcpNameServer = 192.168.220.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6BD2981-1170-4796-87D2-0A2A6457E1DD}: DhcpNameServer = 127.0.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - Unable to read "AutoRun" value or value not present!
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/12 20:10:58 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\Desktop\Trojaner Board
[2012/09/10 22:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
[2012/09/10 22:16:32 | 000,000,000 | ---D | C] -- C:\bwinPoker
[2012/09/10 02:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Addictive Drums
[2012/09/10 01:59:59 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\Documents\Addictive Drums
[2012/09/10 01:57:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XLN Audio
[2012/09/08 16:54:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/07 15:54:15 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\Documents\Soulseek Chat Logs
[2012/09/06 04:44:46 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Local\TiltBreaker
[2012/09/06 00:05:43 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\Documents\NBGI
[2012/09/06 00:05:32 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Local\NBGI
[2012/08/31 02:17:47 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStove
[2012/08/31 02:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStove
[2012/08/29 22:10:18 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBCD
[2012/08/29 22:10:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XBCD
[2012/08/29 02:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DinaMo Theme for Pokerstars
[2012/08/29 02:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU
[2012/08/28 00:48:08 | 000,000,000 | ---D | C] -- C:\Sportingbet
[2012/08/24 14:25:39 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Local\PokerStars.FR
[2012/08/24 14:25:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.FR
[2012/08/24 06:44:21 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Roaming\Canneverbe Limited
[2012/08/24 06:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012/08/24 06:44:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2012/08/22 16:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holdem Manager 2
[2012/08/22 16:26:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Holdem Manager 2
[2012/08/19 17:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.4
[2012/08/19 17:09:08 | 000,000,000 | ---D | C] -- C:\postgreSQL
[2012/08/19 17:08:51 | 000,000,000 | ---D | C] -- C:\PostgreSQL-prev-2012-09-Aug-11-17-27
[2012/08/19 15:34:59 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\Desktop\brian bennett & johnny pearson - visual impact (kpm 1172) (1976)+++
[2012/08/17 23:14:34 | 000,000,000 | ---D | C] -- C:\Users\Snapshot\AppData\Local\Hold'em_Manager
[2012/08/17 23:03:19 | 000,000,000 | ---D | C] -- C:\HM2Archive
[2012/08/17 22:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PSQLINSTALL
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/12 20:18:18 | 000,000,168 | ---- | M] () -- C:\Users\Snapshot\defogger_reenable
[2012/09/12 20:11:39 | 000,711,240 | ---- | M] () -- C:\Windows\is-Q9KAO.exe
[2012/09/12 20:11:39 | 000,012,842 | ---- | M] () -- C:\Windows\is-Q9KAO.msg
[2012/09/12 20:11:39 | 000,000,392 | ---- | M] () -- C:\Windows\is-Q9KAO.lst
[2012/09/12 19:55:23 | 003,683,338 | ---- | M] () -- C:\Users\Snapshot\Desktop\Finestremix.mp3
[2012/09/12 17:01:05 | 001,621,524 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/12 17:01:05 | 000,700,494 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/09/12 17:01:05 | 000,655,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/12 17:01:05 | 000,149,258 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/09/12 17:01:05 | 000,122,038 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/12 11:42:03 | 003,696,038 | ---- | M] () -- C:\Users\Snapshot\Desktop\finest - mittelfinger.mp3
[2012/09/12 10:28:15 | 000,024,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/12 10:28:15 | 000,024,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/12 10:19:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/12 10:19:53 | 3203,420,160 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/12 00:24:51 | 009,239,116 | ---- | M] () -- C:\Users\Snapshot\Desktop\finest - mittelfinger (acapella).mp3
[2012/09/12 00:18:58 | 001,415,869 | ---- | M] () -- C:\Users\Snapshot\Desktop\finest - mittelfinger.wma
[2012/09/11 15:44:45 | 000,316,721 | ---- | M] () -- C:\Users\Snapshot\Desktop\paypal.png
[2012/09/11 15:44:17 | 000,351,203 | ---- | M] () -- C:\Users\Snapshot\Desktop\titusrechnung.png
[2012/09/11 15:21:59 | 000,000,860 | ---- | M] () -- C:\Users\Snapshot\Desktop\Start.lnk
[2012/09/10 20:41:07 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\HoldemManager2.lnk
[2012/09/09 21:01:43 | 009,953,723 | ---- | M] () -- C:\Users\Snapshot\Desktop\Finest - funny (marcello master).mp3
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/07 02:31:45 | 004,231,887 | ---- | M] () -- C:\Users\Snapshot\Desktop\Finest - Oh Madame.mp3
[2012/09/04 22:44:19 | 000,000,970 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/09/04 17:42:48 | 000,002,214 | ---- | M] () -- C:\Users\Snapshot\Desktop\Kindle.lnk
[2012/08/31 02:17:47 | 000,000,973 | ---- | M] () -- C:\Users\Snapshot\Desktop\PokerStove.lnk
[2012/08/29 02:24:48 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars (No Update).lnk
[2012/08/23 18:10:43 | 001,867,277 | ---- | M] () -- C:\Users\Snapshot\Desktop\So_Fresh.mp3
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/12 20:18:18 | 000,000,168 | ---- | C] () -- C:\Users\Snapshot\defogger_reenable
[2012/09/12 20:11:39 | 000,711,240 | ---- | C] () -- C:\Windows\is-Q9KAO.exe
[2012/09/12 20:11:39 | 000,012,842 | ---- | C] () -- C:\Windows\is-Q9KAO.msg
[2012/09/12 20:11:39 | 000,000,392 | ---- | C] () -- C:\Windows\is-Q9KAO.lst
[2012/09/12 19:55:11 | 003,683,338 | ---- | C] () -- C:\Users\Snapshot\Desktop\Finestremix.mp3
[2012/09/12 11:42:02 | 003,696,038 | ---- | C] () -- C:\Users\Snapshot\Desktop\finest - mittelfinger.mp3
[2012/09/12 00:16:58 | 009,239,116 | ---- | C] () -- C:\Users\Snapshot\Desktop\finest - mittelfinger (acapella).mp3
[2012/09/12 00:16:56 | 001,415,869 | ---- | C] () -- C:\Users\Snapshot\Desktop\finest - mittelfinger.wma
[2012/09/11 15:44:44 | 000,316,721 | ---- | C] () -- C:\Users\Snapshot\Desktop\paypal.png
[2012/09/11 15:44:17 | 000,351,203 | ---- | C] () -- C:\Users\Snapshot\Desktop\titusrechnung.png
[2012/09/11 15:16:36 | 000,000,860 | ---- | C] () -- C:\Users\Snapshot\Desktop\Start.lnk
[2012/09/09 20:54:26 | 009,953,723 | ---- | C] () -- C:\Users\Snapshot\Desktop\Finest - funny (marcello master).mp3
[2012/09/07 02:31:42 | 004,231,887 | ---- | C] () -- C:\Users\Snapshot\Desktop\Finest - Oh Madame.mp3
[2012/08/31 02:17:47 | 000,000,973 | ---- | C] () -- C:\Users\Snapshot\Desktop\PokerStove.lnk
[2012/08/29 02:24:48 | 000,001,935 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars (No Update).lnk
[2012/08/24 06:44:15 | 000,001,909 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012/08/23 18:10:20 | 001,867,277 | ---- | C] () -- C:\Users\Snapshot\Desktop\So_Fresh.mp3
[2012/08/22 16:26:57 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\HoldemManager2.lnk
[2012/08/19 15:34:59 | 004,499,304 | ---- | C] () -- C:\Users\Snapshot\Desktop\03 - sequence of events - brian bennet.mp3
[2012/04/05 22:53:36 | 000,544,256 | ---- | C] () -- C:\Windows\SysWow64\janGraphics.dll
[2012/04/05 22:53:36 | 000,124,416 | ---- | C] () -- C:\Windows\SysWow64\dXCtrls.dll
[2012/02/01 04:45:03 | 000,000,600 | ---- | C] () -- C:\Users\Snapshot\PUTTY.RND
[2012/01/18 20:23:17 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/01/18 20:23:17 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/01/18 17:58:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/18 17:58:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/18 17:58:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/18 17:58:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/18 17:58:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/13 21:18:38 | 000,002,048 | -HS- | C] () -- C:\Users\Snapshot\AppData\Local\a2f760a4\@
[2012/01/11 02:09:08 | 000,000,046 | ---- | C] () -- C:\Windows\Telescope.ini
[2012/01/05 02:59:07 | 000,000,045 | ---- | C] () -- C:\Users\Snapshot\AppData\Local\machpro.dat
[2011/11/22 01:28:48 | 000,000,054 | ---- | C] () -- C:\Users\Snapshot\AppData\Roaming\blckdom.res
[2011/07/24 01:19:53 | 000,005,013 | ---- | C] () -- C:\ProgramData\kmytnfun.aqy
[2011/07/18 01:01:37 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2011/07/11 19:37:32 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/07/03 12:58:45 | 000,000,032 | ---- | C] () -- C:\ProgramData\ojea.aj
[2011/06/24 13:38:34 | 000,353,280 | ---- | C] () -- C:\Windows\SysWow64\pythoncom27.dll
[2011/06/24 13:38:34 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\pywintypes27.dll
[2011/06/23 19:55:26 | 001,598,690 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/21 14:55:04 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2011/06/21 14:55:04 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2011/06/19 14:15:56 | 000,270,848 | ---- | C] () -- C:\Windows\Uzerox_bs.exe
[2011/06/18 22:53:36 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011/04/27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/04/27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/04/27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/04/27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/04/16 09:28:56 | 000,001,200 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011/04/16 09:28:56 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011/04/16 09:28:56 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011/04/16 09:28:55 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/04/16 09:28:55 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== LOP Check ==========

[2011/11/22 01:28:54 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\5045
[2011/11/22 17:04:26 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\5047
[2011/11/23 15:12:17 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\5048
[2011/11/24 20:13:42 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\5049
[2011/11/25 18:44:50 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\5050
[2011/11/28 18:52:10 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\5051
[2011/12/01 20:40:53 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\5052
[2011/12/12 10:47:18 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\5053
[2011/12/12 10:47:14 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\5054
[2011/12/12 10:47:13 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\5055
[2012/03/09 14:55:01 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Amazon
[2012/05/10 17:10:01 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Applied Acoustics Systems
[2012/04/30 17:45:51 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\ArtsAcoustic
[2012/04/06 21:13:30 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Auslogics
[2012/01/07 17:54:03 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Babylon
[2011/12/27 23:55:28 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\calibre
[2012/08/24 06:44:21 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Canneverbe Limited
[2012/04/08 00:27:12 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\DAEMON Tools Lite
[2011/11/07 20:06:32 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\DVDVideoSoft
[2011/11/07 20:06:26 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/04/14 02:53:29 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\FabFilter
[2011/06/28 15:45:10 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\HEM Data
[2012/09/11 03:11:26 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\HoldemManager
[2012/09/12 10:20:29 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\ICQ
[2011/11/22 01:28:40 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\kock
[2011/07/06 00:10:08 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Lionhead Studios
[2012/01/03 01:31:14 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Microgaming
[2011/07/18 01:09:53 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\MotioninJoy
[2011/06/18 15:34:42 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Nuance
[2012/02/01 04:25:18 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Opera
[2012/05/28 23:34:17 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Plugin Alliance
[2011/07/24 01:15:22 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Pokerazor
[2011/12/01 22:42:07 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\postgresql
[2011/07/02 02:01:59 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Samsung
[2012/02/23 23:25:06 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\TeamViewer
[2011/06/28 22:54:17 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\TuneUp Software
[2011/12/07 15:33:08 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\UAs
[2012/09/12 20:16:23 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\uTorrent
[2011/06/19 14:27:47 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Waves Audio
[2012/04/18 18:45:00 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Waves Preferences
[2011/12/07 15:33:12 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\xmldm
[2011/06/18 15:10:41 | 000,000,000 | ---D | M] -- C:\Users\Snapshot\AppData\Roaming\Zeon
[2012/08/13 15:20:01 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

GMER

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-12 21:26:14
Windows 6.1.7601 Service Pack 1
Running: 9hckheqs.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\406186a4a3e7
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\406186a4a3e7 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

kommt mir arg kurz vor die GMER Datei... war der Suchlauf irgendwie nicht erfolgreich, heisst ist er aus welchem Grund auch immer abgebrochen!? Lief ewig aber wundert mich dass das File nur so klein ist.


Vielen Dank im Voraus!

Tolle Arbeit die ihr hier leistet!

Gruß

Alt 12.09.2012, 21:00   #2
markusg
/// Malware-holic
 
Verdacht das Rechner infiziert ist! Antivir gab einie Warnungen - Standard

Verdacht das Rechner infiziert ist! Antivir gab einie Warnungen



hi
und die funde, sollen wir erraten?
öffne avira, ereignisse, poste alle fundmeldungen.
avira, berichte, poste logs mit funden.
malwarebytes, berichte, logs mit funden posten
__________________

__________________

Alt 12.09.2012, 21:06   #3
RealSnapshot
 
Verdacht das Rechner infiziert ist! Antivir gab einie Warnungen - Standard

Verdacht das Rechner infiziert ist! Antivir gab einie Warnungen



Achja...

Ein Quick Scan mit Anti Malware findet rein gar nichts

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.07.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Snapshot :: SNAPSHOT-MSI [Administrator]

12.09.2012 22:01:52
mbam-log-2012-09-12 (22-01-52).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 258608
Laufzeit: 3 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
__________________

Alt 13.09.2012, 17:04   #4
markusg
/// Malware-holic
 
Verdacht das Rechner infiziert ist! Antivir gab einie Warnungen - Standard

Verdacht das Rechner infiziert ist! Antivir gab einie Warnungen



schön, aber lies bitte alles was ich angefordert hab, danke :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Verdacht das Rechner infiziert ist! Antivir gab einie Warnungen
adobe, alternative, antivir, autorun, avira, bho, desktop, explorer, firefox, format, google, helper, home, infiziert, libusb0.sys, logfile, microsoft, nodrives, nvidia, plug-in, problem, realtek, registry, scan, search the web, software, trojaner, usb, usb 3.0, windows




Ähnliche Themen: Verdacht das Rechner infiziert ist! Antivir gab einie Warnungen


  1. AntiVir zeigt Warnungen an
    Plagegeister aller Art und deren Bekämpfung - 17.08.2014 (3)
  2. Antivir findet mehrfach Trojan.Dropper.Gen, Rechner infiziert?
    Plagegeister aller Art und deren Bekämpfung - 21.03.2011 (3)
  3. ~150 Warnungen bei Avira Antivir 10
    Antiviren-, Firewall- und andere Schutzprogramme - 03.04.2010 (2)
  4. Antivir-Fehlermeldung + weitere Fehler - Rechner infiziert?
    Plagegeister aller Art und deren Bekämpfung - 17.01.2010 (1)
  5. 33 Warnungen von AntiVir
    Plagegeister aller Art und deren Bekämpfung - 14.08.2009 (4)
  6. Logfile: 2 Warnungen von Antivir...
    Log-Analyse und Auswertung - 06.08.2009 (1)
  7. 15 Warnungen bei AntiVir
    Mülltonne - 21.12.2008 (0)
  8. AntiVir 25 Warnungen
    Antiviren-, Firewall- und andere Schutzprogramme - 26.11.2008 (2)
  9. 25 Warnungen bei AntiVir???
    Mülltonne - 15.11.2008 (0)
  10. 25 Warnungen bei AntiVir?
    Mülltonne - 15.11.2008 (0)
  11. Warnungen von AntiVir
    Mülltonne - 03.07.2006 (1)
  12. Warnungen bei Antivir
    Antiviren-, Firewall- und andere Schutzprogramme - 28.01.2006 (1)
  13. warnungen von antivir
    Plagegeister aller Art und deren Bekämpfung - 06.07.2005 (1)
  14. Antivir Warnungen
    Antiviren-, Firewall- und andere Schutzprogramme - 20.06.2005 (4)
  15. Antivir Warnungen und Hinweise
    Antiviren-, Firewall- und andere Schutzprogramme - 02.06.2005 (4)
  16. logfile von antivir- warnungen?!?
    Log-Analyse und Auswertung - 20.12.2004 (6)
  17. Warnungen bei AntiVir
    Antiviren-, Firewall- und andere Schutzprogramme - 28.07.2004 (1)

Zum Thema Verdacht das Rechner infiziert ist! Antivir gab einie Warnungen - Siehe Überschrift P.S Antivir ist nicht das beste. Meldet oft Fehlalarm. Habt ihr ne kostenlose Alternative oder n günnstiges Kaufprogramm!? Danke Zum Problem: OTL hat nur die OTL.txt ausgespuckt keine - Verdacht das Rechner infiziert ist! Antivir gab einie Warnungen...
Archiv
Du betrachtest: Verdacht das Rechner infiziert ist! Antivir gab einie Warnungen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.