Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
12 KB Verschlüsselungstrojaner

12 KB Verschlüsselungstrojaner


Log-Analyse und Auswertung: 12 KB Verschlüsselungstrojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 2 von 2 1 2
Alt 27.02.2013, 10:23   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
12 KB Verschlüsselungstrojaner - Standard

12 KB Verschlüsselungstrojaner


JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 28.02.2013, 20:07   #17
Onesirow0202
 
12 KB Verschlüsselungstrojaner - Standard

12 KB Verschlüsselungstrojaner


Hallo sorry das es ein bisschen gedauert hat. Hatte einen Zwischenfall in der Familie.
Hier die Log-Files von JRT, ADWCleaner und OTL:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.6 (02.27.2013:1)
OS: Windows 7 Ultimate x64
Ran by Moritz Weidner on 28.02.2013 at 19:32:25,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\veohplugin
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{10edb994-47f8-43f7-ae96-f2ea63e9f90f} 



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers.1
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{10edb994-47f8-43f7-ae96-f2ea63e9f90f}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{10edb994-47f8-43f7-ae96-f2ea63e9f90f}



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\************\AppData\Roaming\quickstorestoolbar"
Successfully deleted: [Folder] "C:\Users\************\appdata\locallow\conduit"



~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\niapdbllcanepiiimjjndipklodoedlc



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.02.2013 at 19:39:04,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:
ATTFilter
# AdwCleaner v2.113 - Datei am 28/02/2013 um 19:45:10 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate  (64 bits)
# Benutzer : Moritz Weidner - MORITZWEIDNER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Moritz Weidner\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\************\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
Datei Gelöscht : C:\Users\************\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Datei Gelöscht : C:\Users\************\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Datei Gelöscht : C:\Users\************\Desktop\QuickStores.url
Gelöscht mit Neustart : C:\Users\************\AppData\Local\PutLockerDownloader

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{162E06EC-4E38-4809-AE76-BF2400D34334}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\Moritz Weidner\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.8] : homepage = "hxxp://search.conduit.com/?CUI=UN10949300601796513&ctid=CT2653012&SearchSource=48[...]
Gelöscht [l.12] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?CUI=UN10949300601796513&ctid=CT[...]
Gelöscht [l.43] : icon_url = "hxxp://search.conduit.com/fav.ico",
Gelöscht [l.46] : keyword = "search.conduit.com",
Gelöscht [l.49] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN10[...]
Gelöscht [l.1915] : homepage = "hxxp://search.conduit.com/?CUI=UN10949300601796513&ctid=CT2653012&SearchSource=48",
Gelöscht [l.2234] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?CUI=UN10949300601796513&ctid=CT265[...]

*************************

AdwCleaner[S1].txt - [4436 octets] - [28/02/2013 19:45:10]

########## EOF - C:\AdwCleaner[S1].txt - [4496 octets] ##########

Code:
ATTFilter
OTL logfile created on: 28.02.2013 19:52:55 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\************\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,34% Memory free
4,00 Gb Paging File | 2,60 Gb Available in Paging File | 64,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 424,32 Gb Free Space | 91,10% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 86,40 Gb Free Space | 18,55% Space Free | Partition Type: NTFS
Drive E: | 2,22 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 152,66 Gb Total Space | 112,98 Gb Free Space | 74,01% Space Free | Partition Type: NTFS
 
Computer Name: MORITZWEIDNER | User Name: ************ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Moritz Weidner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Moritz Weidner\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (sesvc) -- C:\Program Files (x86)\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV - (AODDriver4.2) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-46478000-4061922411-4269723171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-46478000-4061922411-4269723171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 31 5B D0 AE 12 CE 01  [binary data]
IE - HKU\S-1-5-21-46478000-4061922411-4269723171-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-46478000-4061922411-4269723171-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-46478000-4061922411-4269723171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\************\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
 
 
[2013.02.01 20:43:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\************\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.11.15 18:30:12 | 000,214,020 | ---- | M] () (No name found) -- C:\Users\************\AppData\Roaming\mozilla\firefox\profiles\extensions\socksharedownloader@socksharedownloader.com.xpi
 
========== Chrome  ==========
 
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN10949300601796513&ctid=CT2653012
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\************\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Flatcast Viewer Plugin 5.3.0.784 (Enabled) = C:\Users\************\AppData\Roaming\Mozilla\plugins\NpFv530.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
 
O1 HOSTS File: ([2013.02.26 20:38:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-46478000-4061922411-4269723171-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-46478000-4061922411-4269723171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8:64bit: - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Mit FlashGet laden - C:\Program Files (x86)\FlashGet\jc_link.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe (FlashGet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2B7E4CC-CCE2-419D-AA63-46387A8EA9A2}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.30 23:56:29 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.28 19:41:54 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.02.28 19:32:24 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.02.28 19:32:06 | 000,000,000 | ---D | C] -- C:\JRT
[2013.02.28 19:31:28 | 000,547,491 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\************\Desktop\JRT.exe
[2013.02.26 20:38:24 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.02.26 20:36:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.26 20:30:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.26 20:30:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.26 20:30:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.26 20:30:19 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.02.26 20:30:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.26 20:30:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.26 20:28:30 | 005,036,023 | R--- | C] (Swearware) -- C:\Users\************\Desktop\ComboFix.exe
[2013.02.25 18:44:53 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\************\Desktop\aswMBR.exe
[2013.02.25 13:27:22 | 000,000,000 | ---D | C] -- C:\Users\************\Documents\OpenTTD
[2013.02.25 12:20:40 | 000,000,000 | ---D | C] -- C:\Users\************\AppData\Roaming\Malwarebytes
[2013.02.25 12:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.24 23:02:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\************\Desktop\OTL.exe
[2013.02.24 21:37:58 | 000,000,000 | ---D | C] -- C:\Users\************\AppData\Local\Programs
[2013.02.24 17:16:16 | 000,000,000 | ---D | C] -- C:\Users\************\Doctor Web
[2013.02.24 16:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2013.02.24 16:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2013.02.24 16:45:49 | 000,000,000 | ---D | C] -- C:\Users\************\AppData\Roaming\www.shadowexplorer.com
[2013.02.24 16:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
[2013.02.24 16:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShadowExplorer
[2013.02.24 14:42:34 | 000,000,000 | ---D | C] -- C:\$AVG
[2013.02.24 14:42:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013.02.24 14:38:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.02.24 14:38:43 | 000,000,000 | ---D | C] -- C:\Users\************\AppData\Local\MFAData
[2013.02.24 14:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.02.24 14:38:43 | 000,000,000 | ---D | C] -- C:\Users\************\AppData\Local\Avg2013
[2013.02.18 18:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenTTD
[2013.02.18 18:22:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenTTD
[2013.02.12 00:20:52 | 000,000,000 | ---D | C] -- C:\Users\************\AppData\Roaming\FlashGet
[2013.02.12 00:20:46 | 000,000,000 | ---D | C] -- C:\Users\************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlashGet
[2013.02.12 00:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlashGet
[2013.02.09 12:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2013.02.09 12:19:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2013.02.09 12:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Codec Pack
[2013.02.06 22:31:40 | 000,000,000 | ---D | C] -- C:\Users\************\Desktop\qotrdecoder-win32-0.0.247-r1132
[2013.02.06 21:21:02 | 000,000,000 | ---D | C] -- C:\Users\************\AppData\Local\Logitech® Webcam-Software
[2013.02.06 21:19:05 | 000,000,000 | ---D | C] -- C:\Users\************\AppData\Local\LogiShrd
[2013.02.06 21:10:20 | 000,000,000 | ---D | C] -- C:\Users\************\AppData\Roaming\Leadertech
[2013.02.06 21:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2013.02.06 21:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2013.02.06 21:09:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LWS
[2013.02.06 21:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013.02.06 21:09:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2013.02.06 21:08:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2013.02.06 21:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2013.02.06 21:01:35 | 000,000,000 | ---D | C] -- C:\Users\************\AppData\Roaming\ooVoo Details
[2013.02.06 21:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
[2013.02.06 21:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ooVoo
[2013.02.06 19:08:07 | 000,000,000 | ---D | C] -- C:\Users\************\AppData\Roaming\WinRAR
[2013.02.06 19:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.02.06 19:08:06 | 000,000,000 | ---D | C] -- C:\Users\************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.02.06 19:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.02.06 18:17:10 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2013.02.06 18:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013.02.03 20:51:37 | 000,000,000 | ---D | C] -- C:\Users\************\AppData\Local\Microsoft Games
[2013.02.02 12:21:47 | 000,000,000 | ---D | C] -- C:\Users\************\AppData\Local\Spotify
[2013.02.02 12:21:30 | 000,000,000 | ---D | C] -- C:\Users\************\AppData\Roaming\Spotify
[2013.02.01 20:43:26 | 000,000,000 | ---D | C] -- C:\Users\************\AppData\Roaming\Mozilla
[2013.02.01 20:43:24 | 000,000,000 | ---D | C] -- C:\Users\************r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SockshareDownloader.com
[2013.02.01 15:10:31 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.01 15:10:31 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.01 15:10:31 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.28 19:52:03 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.28 19:52:03 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.28 19:52:03 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.28 19:52:03 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.28 19:52:03 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.28 19:47:39 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.28 19:47:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.28 19:47:18 | 1609,961,472 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.28 19:46:28 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2013.02.28 19:45:24 | 000,000,125 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.28 19:44:47 | 000,594,019 | ---- | M] () -- C:\Users\************\Desktop\adwcleaner.exe
[2013.02.28 19:31:42 | 000,547,491 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\************\Desktop\JRT.exe
[2013.02.28 19:30:56 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.28 19:30:19 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.27 23:49:22 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.27 23:49:22 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.26 20:38:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.26 20:28:57 | 005,036,023 | R--- | M] (Swearware) -- C:\Users\************\Desktop\ComboFix.exe
[2013.02.25 18:57:09 | 000,000,512 | ---- | M] () -- C:\Users************\Desktop\MBR.dat
[2013.02.25 18:46:22 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\************\Desktop\aswMBR.exe
[2013.02.24 23:02:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\************\Desktop\OTL.exe
[2013.02.24 16:50:22 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2013.02.24 16:45:35 | 000,001,885 | ---- | M] () -- C:\Users\************\Desktop\ShadowExplorer.lnk
[2013.02.18 18:22:35 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\OpenTTD.lnk
[2013.02.12 00:20:46 | 000,001,007 | ---- | M] () -- C:\Users\************\Desktop\FlashGet.lnk
[2013.02.06 21:10:57 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2013.02.06 21:09:01 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[2013.02.06 21:01:28 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2013.02.06 18:21:04 | 000,000,910 | ---- | M] () -- C:\Users\************\Desktop\Windows Mobile-Gerätecenter.lnk
[2013.02.06 18:18:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2013.02.06 16:29:40 | 000,001,786 | ---- | M] () -- C:\Users\************\Desktop\2009Decoder - Verknüpfung.lnk
[2013.02.03 15:45:17 | 000,002,355 | ---- | M] () -- C:\Windows\unins000.dat
[2013.02.03 15:45:14 | 000,715,038 | ---- | M] () -- C:\Windows\unins000.exe
[2013.02.02 12:21:46 | 000,001,812 | ---- | M] () -- C:\Users\************\Desktop\Spotify.lnk
 
========== Files Created - No Company Name ==========
 
[2013.02.28 19:45:19 | 000,000,125 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.28 19:44:40 | 000,594,019 | ---- | C] () -- C:\Users\************\Desktop\adwcleaner.exe
[2013.02.26 20:30:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.26 20:30:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.26 20:30:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.26 20:30:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.26 20:30:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.25 18:57:09 | 000,000,512 | ---- | C] () -- C:\Users\************\Desktop\MBR.dat
[2013.02.24 16:50:22 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2013.02.24 16:45:35 | 000,001,885 | ---- | C] () -- C:\Users\************\Desktop\ShadowExplorer.lnk
[2013.02.18 18:22:35 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\OpenTTD.lnk
[2013.02.12 00:20:46 | 000,001,007 | ---- | C] () -- C:\Users\************\Desktop\FlashGet.lnk
[2013.02.09 12:19:37 | 000,696,832 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll
[2013.02.09 12:19:37 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.02.09 12:19:37 | 000,255,488 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll
[2013.02.09 12:19:37 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.02.09 12:19:37 | 000,173,568 | ---- | C] () -- C:\Windows\SysNative\xvid.ax
[2013.02.09 12:19:37 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2013.02.06 21:10:57 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2013.02.06 21:09:01 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[2013.02.06 21:01:28 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2013.02.06 18:21:04 | 000,000,910 | ---- | C] () -- C:\Users\Moritz Weidner\Desktop\Windows Mobile-Gerätecenter.lnk
[2013.02.06 18:18:51 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2013.02.06 18:18:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2013.02.06 16:29:40 | 000,001,786 | ---- | C] () -- C:\Users\************r\Desktop\2009Decoder - Verknüpfung.lnk
[2013.02.03 15:45:17 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2013.02.03 15:45:17 | 000,002,355 | ---- | C] () -- C:\Windows\unins000.dat
[2013.02.02 12:21:47 | 000,001,798 | ---- | C] () -- C:\Users\************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013.02.02 12:21:46 | 000,001,812 | ---- | C] () -- C:\Users\************\Desktop\Spotify.lnk
[2013.01.14 16:43:30 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2013.01.14 16:43:30 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2013.01.14 16:39:22 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013.01.14 16:34:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2013.01.14 16:34:26 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2013.01.14 16:25:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.04 06:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.04 06:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.04.18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.12 00:20:52 | 000,000,000 | ---D | M] -- C:\Users\************\AppData\Roaming\FlashGet
[2013.02.06 21:10:20 | 000,000,000 | ---D | M] -- C:\Users\************\AppData\Roaming\Leadertech
[2013.02.06 21:01:39 | 000,000,000 | ---D | M] -- C:\Users\************\AppData\Roaming\ooVoo Details
[2013.01.28 15:44:10 | 000,000,000 | ---D | M] -- C:\Users\************\AppData\Roaming\OpenOffice.org
[2013.02.26 20:41:57 | 000,000,000 | ---D | M] -- C:\Users\************\AppData\Roaming\Spotify
[2013.02.24 16:45:49 | 000,000,000 | ---D | M] -- C:\Users\************\AppData\Roaming\www.shadowexplorer.com
 
========== Purity Check ==========
 
 

< End of report >

Code:
ATTFilter
OTL Extras logfile created on: 28.02.2013 19:52:55 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\************\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,34% Memory free
4,00 Gb Paging File | 2,60 Gb Available in Paging File | 64,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 424,32 Gb Free Space | 91,10% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 86,40 Gb Free Space | 18,55% Space Free | Partition Type: NTFS
Drive E: | 2,22 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 152,66 Gb Total Space | 112,98 Gb Free Space | 74,01% Space Free | Partition Type: NTFS
 
Computer Name: MORITZWEIDNER | User Name: ************ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-46478000-4061922411-4269723171-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2243EDA9-77F0-4BF6-9BEA-F6957BB2DF4C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{298BA250-FB8C-4B31-9F96-D0492E3B2151}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2CCAE2A9-5963-4EA5-A5E5-56993AFFA7E4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2D94317F-E52F-48F1-88A7-51B93685D2F3}" = rport=445 | protocol=6 | dir=out | app=system | 
"{39780D52-1987-416A-8150-9B5D5031E8B3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{608B7567-CE79-4666-9334-9D0E1682DE25}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{654E7646-0590-407C-A12E-E3733AF5EFBB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7465D74F-B86A-4D2F-B129-F28D26E7F6AD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9B7D76D1-8B58-4D8F-B176-EB1987AE8562}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B19388AE-C30B-40B3-8022-5CF0909AE9BA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B1B9070E-239F-4171-9188-BCB3F825D7FB}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B3E2A9E4-09E0-4A4E-B0D0-C8F5D1921A74}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BDFB6A61-2767-4EED-B69E-4C758AB0C8A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E065DBDB-C3BB-4616-92DE-A1D57F196C4F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{E0E59AD6-68B0-4F1D-8E5B-1EF771D37229}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{EDF62D56-557A-484D-BAA5-BDDAE8F27F6D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F24A1F36-DCD8-4B95-A10E-3CA81E917850}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FF7CA30A-2F57-4268-8247-82236BBBB8C6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BB85317-DEF5-4F90-8615-9120C63ECAC0}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{123EC797-050E-4949-91F4-A52A5619F48E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{468C205C-0C42-4FC6-A757-C9E72EE8EE52}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4713DD1D-8FFB-47F3-A901-6291D3E29DB6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{61F9AF04-2ADE-4737-9EC2-1F6F57E2797B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{678E2D83-3718-4AA9-951B-098C8E03C100}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{69731983-E876-441B-9C1C-D91320F234D2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{82A1B349-657E-45AA-A6BF-9148855ECD66}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8C0E9D77-08FB-4E30-864F-43C312AC8C13}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8DC22070-A165-4B5E-8667-C80BB43BE36B}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{9109E53F-2E30-4BCE-A38B-8CC344A5B127}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | 
"{9501D0E9-2BE7-418A-BC29-1A6B90F4EEA6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C3C8064B-B666-41C4-87B8-F40A79610D53}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C4628B42-8399-459E-A81C-C092963BBF46}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{CEC107A3-9381-4CF7-97BF-5EA1FE63337D}" = protocol=17 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | 
"{DC4F2DB0-1B06-41D6-B0F6-05F4C7F6A304}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E41899C1-DD47-4176-90C4-B3042E2F89AD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{ECC0D43B-BA1A-41A3-8FB1-C495B1511830}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EE206B8B-9971-4EF9-A1AF-856A53223C4E}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_giraffic.exe | 
"{F475FC42-5931-4F12-884E-945CDC12441C}" = protocol=6 | dir=in | app=c:\program files (x86)\giraffic\veoh_girafficwatchdog.exe | 
"TCP Query User{08B34C0B-E5F7-492A-B3D4-9F71394AA7CF}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | 
"TCP Query User{33B84C85-2286-4196-888F-3070508DEC3D}C:\program files (x86)\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget\flashget.exe | 
"TCP Query User{66BE2F7D-303B-4549-A920-FDC9248600C5}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"TCP Query User{76ED9430-527E-4EF5-859F-B6ECF70DA2D8}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"TCP Query User{9FB0E348-476C-497B-A12F-4D3E4856FBF4}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe | 
"TCP Query User{EE8D0A0A-3B44-4CA4-B208-AECAA88CEF03}C:\users\moritz weidner\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\moritz weidner\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{0BE0D0DC-4D68-4140-A4B1-DA57794F0FD7}C:\users\moritz weidner\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\moritz weidner\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{11A9D442-9298-4749-A65C-8970533B64D4}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | 
"UDP Query User{31ED3A4F-2F05-440E-B45A-7CD91A0657BA}C:\program files (x86)\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget\flashget.exe | 
"UDP Query User{50FA4051-7291-4622-B2D0-C984AE5C0E7F}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"UDP Query User{EB39014B-9CC5-4631-B211-1180008A0154}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
"UDP Query User{EC6579C6-3909-4077-AAFB-7DA9B605C6E1}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{042B10AA-8233-A9E0-4DEB-B7253C686DBB}" = AMD Fuel
"{1012456A-D118-37E0-E837-34AA28602013}" = AMD Drag and Drop Transcoding
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6BB150E8-6CBB-5F8F-CAE7-BE21B2C92D31}" = AMD Accelerated Video Transcoding
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{DA3372D5-F228-5C71-3FAC-177D4AEE8659}" = AMD Media Foundation Decoders
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{38468127-9E6F-4FC9-B5F7-42D4AD437D96}" = Unigine Heaven Benchmark v2.1
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86095E92-1959-8364-920E-82E81F64F8FB}" = AMD VISION Engine Control Center
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FlashGet" = FlashGet 1.9.6.1073
"Flatcast Viewer 5.3_is1" = Flatcast Viewer Plugin 5.3.0.784
"Giraffic" = Veoh Giraffic Video Accelerator
"Google Chrome" = Google Chrome
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Logitech Vid" = Logitech Vid HD
"OpenTTD" = OpenTTD 1.2.0${APPV_EXTRA}
"ShadowExplorer_is1" = ShadowExplorer 0.9
"Star Trek Online" = Star Trek Online
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.1.5
"Windows Codec Pack1.0" = Windows Codec Pack
"Xvid Video Codec 1.3.2" = Xvid Video Codec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-46478000-4061922411-4269723171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.02.2013 14:47:55 | Computer Name = ************ | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: kdbsync.exe, Version: 0.0.0.0, Zeitstempel:
 0x4f67a718  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften Prozesses:
 0xb74  Startzeit der fehlerhaften Anwendung: 0x01ce15e41a4ac6b0  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe  Pfad des fehlerhaften 
Moduls: unknown  Berichtskennung: 5c98be50-81d7-11e2-a932-002618afda58
 
Error - 28.02.2013 14:51:20 | Computer Name = ************ | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\******
 ******\Downloads\SoftonicDownloader_fuer_tales-of-monkey-island.exe". Fehler in
Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 28.02.2013 14:51:20 | Computer Name = ************ | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\******
 ******\Downloads\SoftonicDownloader_fuer_ati-catalyst.exe". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
[ System Events ]
Error - 28.02.2013 14:49:39 | Computer Name = ************ | Source = Service Control Manager | ID = 7000
Description = Der Dienst "sppsvc" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >


Mfg Onesirow0202
__________________
Alt 01.03.2013, 14:06   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
12 KB Verschlüsselungstrojaner - Standard

12 KB Verschlüsselungstrojaner


Scan mit SystemLook (x64)

Lade SystemLook von jpshortstuff herunter, speichere das Tool auf dem Desktop=> Download SystemLook (64 bit)
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    ATTFilter
    :file
conduit
softonic
quickstore

:regfind
conduit
softonic
quickstore
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.
__________________
__________________
Alt 04.03.2013, 17:31   #19
Onesirow0202
 
12 KB Verschlüsselungstrojaner - Standard

12 KB Verschlüsselungstrojaner


So hier ist das Log-File von System Look


Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 17:27 on 04/03/2013 by Moritz Weidner
Administrator - Elevation successful

========== file ==========

conduit - Unable to find/read file.

softonic - Unable to find/read file.

quickstore - Unable to find/read file.

========== regfind ==========

Searching for "conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository]
"gadgetsContextHash_129199665576658841___fealnpfjifonchkodiffbdkfaipmpkhe"="%7B%22appId%22%3A%22129199665576658841%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2224.0.1312.57%22%2C%22locale%22%3A%22de%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT2653012%22%2C%22oID%22%3A%22CT2653012%22%2C%22name%22%3A%22Veoh_Web_Player%22%2C%22downloadUrl%22%3A%22http%3A//VeohWebPlayer.OurToolbar.com/%22%2C%22version%22%3A%2210.14.40.128%22%2C%22cID%22%3A%22fealnpfjifonchkodiffbdkfaipmpkhe%22%7D%2C%22appId%22%3A%22129199665576658841%22%2C%22onBef
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository]
"CT2653012.embeddedsData"="%5B%7B%22appId%22%3A%22129199665576658841%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22onBeforeLoadData%22%3A%22%7B%5C%22view%5C%22%3A%7B%5C%22html%5C%22%3A%5C%22%3Ctable%20id%3D%5C%5C%5C%22main%5C%5C%5C%22%20class%3D%5C%5C%5C%22mainwrapper%5C%5C%5C%22%20cellpadding%3D%5C%5C%5C%220%5C%5C%5C%22%20cellspacing%3D%5C%5C%5C%220%5C%5C%5C%22%3E%5C%5Cn%20%20%20%20%3Ctbody%3E%3Ctr%3E%5C%5Cn%20%20%20%20%20%20%20%20%3C%21--%20don%27t%20remove%20the%20width%3D%5C%5C%5C%22100%25%5C%5C%5C%22%20bug%20in%20chrome%20the%20width%20become%20in%20px--%3E%5C%5Cn%20%20%20%20%20%20%20%20%3Ctd%20id%3D%5C%5C%5C%22textboxWrapper%5C%5C%5C%22%20width%3D%5C%5C%5C%22100%25%5C%5C%5C%22%20style%3D%5C%5C%5C%
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_veoh_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_veoh_RASMANCS]
[HKEY_USERS\S-1-5-21-46478000-4061922411-4269723171-1000\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\S-1-5-21-46478000-4061922411-4269723171-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository]
"gadgetsContextHash_129199665576658841___fealnpfjifonchkodiffbdkfaipmpkhe"="%7B%22appId%22%3A%22129199665576658841%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2224.0.1312.57%22%2C%22locale%22%3A%22de%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT2653012%22%2C%22oID%22%3A%22CT2653012%22%2C%22name%22%3A%22Veoh_Web_Player%22%2C%22downloadUrl%22%3A%22http%3A//VeohWebPlayer.OurToolbar.com/%22%2C%22version%22%3A%2210.14.40.128%22%2C%22cID%22%3A%22fealnpfjifonchkodiffbdkfaipmpkhe%22%7D%2C%22appId%22
[HKEY_USERS\S-1-5-21-46478000-4061922411-4269723171-1000\Software\AppDataLow\Software\Conduit\ChromeExtData\fealnpfjifonchkodiffbdkfaipmpkhe\Repository]
"CT2653012.embeddedsData"="%5B%7B%22appId%22%3A%22129199665576658841%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22onBeforeLoadData%22%3A%22%7B%5C%22view%5C%22%3A%7B%5C%22html%5C%22%3A%5C%22%3Ctable%20id%3D%5C%5C%5C%22main%5C%5C%5C%22%20class%3D%5C%5C%5C%22mainwrapper%5C%5C%5C%22%20cellpadding%3D%5C%5C%5C%220%5C%5C%5C%22%20cellspacing%3D%5C%5C%5C%220%5C%5C%5C%22%3E%5C%5Cn%20%20%20%20%3Ctbody%3E%3Ctr%3E%5C%5Cn%20%20%20%20%20%20%20%20%3C%21--%20don%27t%20remove%20the%20width%3D%5C%5C%5C%22100%25%5C%5C%5C%22%20bug%20in%20chrome%20the%20width%20become%20in%20px--%3E%5C%5Cn%20%20%20%20%20%20%20%20%3Ctd%20id%3D%5C%5C%5C%22textboxWrapper%5C%5C%5C%22%20width%3D%5C%5C%5C%221

Searching for "softonic"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\75118bed_0]
@="{0.0.0.00000000}.{b8251309-4742-4474-ad5d-3b37f53dbab8}|\Device\HarddiskVolume3\Users\Moritz Weidner\Downloads\SoftonicDownloader_fuer_tales-of-monkey-island.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\8a4498da_0]
@="{0.0.0.00000000}.{b8251309-4742-4474-ad5d-3b37f53dbab8}|\Device\HarddiskVolume3\Users\Moritz Weidner\Downloads\SoftonicDownloader_fuer_ati-catalyst.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\************\Downloads\SoftonicDownloader_fuer_ati-catalyst.exe"="Softonic Downloader"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\************\Downloads\SoftonicDownloader_fuer_tales-of-monkey-island.exe"="Softonic Downloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_ati-catalyst_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_ati-catalyst_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_tales-of-monkey-island_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_tales-of-monkey-island_RASMANCS]
[HKEY_USERS\S-1-5-21-46478000-4061922411-4269723171-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\75118bed_0]
@="{0.0.0.00000000}.{b8251309-4742-4474-ad5d-3b37f53dbab8}|\Device\HarddiskVolume3\Users\************\Downloads\SoftonicDownloader_fuer_tales-of-monkey-island.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-46478000-4061922411-4269723171-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\8a4498da_0]
@="{0.0.0.00000000}.{b8251309-4742-4474-ad5d-3b37f53dbab8}|\Device\HarddiskVolume3\Users\************\Downloads\SoftonicDownloader_fuer_ati-catalyst.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-46478000-4061922411-4269723171-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\************\Downloads\SoftonicDownloader_fuer_ati-catalyst.exe"="Softonic Downloader"
[HKEY_USERS\S-1-5-21-46478000-4061922411-4269723171-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\************\Downloads\SoftonicDownloader_fuer_tales-of-monkey-island.exe"="Softonic Downloader"
[HKEY_USERS\S-1-5-21-46478000-4061922411-4269723171-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\************\Downloads\SoftonicDownloader_fuer_ati-catalyst.exe"="Softonic Downloader"
[HKEY_USERS\S-1-5-21-46478000-4061922411-4269723171-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\************\Downloads\SoftonicDownloader_fuer_tales-of-monkey-island.exe"="Softonic Downloader"

Searching for "quickstore"
No data found.

-= EOF =-

Mfg Onesirow0202

Alt 04.03.2013, 19:11   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
12 KB Verschlüsselungstrojaner - Standard

12 KB Verschlüsselungstrojaner


Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:Reg
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_veoh_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_veoh_RASMANCS]
[-HKEY_USERS\S-1-5-21-46478000-4061922411-4269723171-1000\Software\AppDataLow\Software\Conduit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_ati-catalyst_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_ati-catalyst_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_tales-of-monkey-island_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_tales-of-monkey-island_RASMANCS]
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.03.2013, 17:15   #21
Onesirow0202
 
12 KB Verschlüsselungstrojaner - Standard

12 KB Verschlüsselungstrojaner


So hier ist das Log-File von OTL

Code:
ATTFilter
All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_veoh_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_veoh_RASMANCS\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-46478000-4061922411-4269723171-1000\Software\AppDataLow\Software\Conduit\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_ati-catalyst_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_ati-catalyst_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_tales-of-monkey-island_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_tales-of-monkey-island_RASMANCS\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\************\Desktop\cmd.bat deleted successfully.
C:\Users\************\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ************
->Temp folder emptied: 61703 bytes
->Temporary Internet Files folder emptied: 14110258 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 777089085 bytes
->Flash cache emptied: 843 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3358 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 602112 bytes
 
Total Files Cleaned = 755,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 03052013_170724

Files\Folders moved on Reboot...
C:\Users\************\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Mfg Onesirow0202

Alt 06.03.2013, 00:37   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
12 KB Verschlüsselungstrojaner - Standard

12 KB Verschlüsselungstrojaner


Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 2 von 2 1 2

Themen zu 12 KB Verschlüsselungstrojaner
anderen, anhang, anleitung, bestimmte, bildschirm, computer, dateien, e-mail, fake, fake e-mail, festplatte, festplatten, format, gelöscht, gesperrt, guten, internet, laptop, log, malwarebytes, platte, programm, rechner, speichern, version, wieder herstellen, zeichen


« Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun? | fake Prozesse, ssh Netzwerkverkehr, keine Befunde außer unknown mbr »


Ähnliche Themen: 12 KB Verschlüsselungstrojaner


  1. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 29.10.2012 (3)
  2. (2x) Verschlüsselungstrojaner
    Mülltonne - 27.10.2012 (1)
  3. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 21.08.2012 (23)
  4. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 15.08.2012 (1)
  5. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 30.07.2012 (1)
  6. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 27.07.2012 (1)
  7. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (24)
  8. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 24.06.2012 (1)
  9. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 22.06.2012 (21)
  10. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  11. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  12. Verschlüsselungstrojaner!
    Log-Analyse und Auswertung - 16.06.2012 (3)
  13. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 14.06.2012 (5)
  14. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (2)
  15. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 30.05.2012 (1)
  16. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 24.05.2012 (1)
  17. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 03.05.2012 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema 12 KB Verschlüsselungstrojaner - JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden. Bitte lade Junkware Removal Tool auf Deinen Desktop Starte das Tool mit Doppelklick. Ab Windows Vista - 12 KB Verschlüsselungstrojaner...
Archiv
Du betrachtest: 12 KB Verschlüsselungstrojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131