Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Virus tcbhn?

Virus tcbhn?


Log-Analyse und Auswertung: Virus tcbhn?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 3 von 3 12 3
Alt 05.06.2013, 14:40   #31
Jz°
 
Virus tcbhn? - Standard

Virus tcbhn?


Code:
ATTFilter
HitmanPro 3.7.6.201
www.hitmanpro.com

   Computer name . . . . : DERMAL-PC
   Windows . . . . . . . : 6.0.2.6002.X86/2
   User name . . . . . . : Dermal-PC\Dermal
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-06-05 15:33:59
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 1s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 27

   Objects scanned . . . : 1.623.990
   Files scanned . . . . : 17.746
   Remnants scanned  . . : 261.603 files / 1.344.641 keys

Potential Unwanted Programs _________________________________________________

   C:\Users\Dermal\AppData\LocalLow\DataMngr\ (SearchQU)
   C:\Users\Dermal\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED} (SearchQU)

Cookies _____________________________________________________________________

   C:\Users\Dermal\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net

Alt 05.06.2013, 14:42   #32
markusg
/// Malware-holic
 
Virus tcbhn? - Standard

Virus tcbhn?


ok, alle Funde löschen, neustart, neues OTL Log
__________________

__________________
Alt 05.06.2013, 14:49   #33
Jz°
 
Virus tcbhn? - Standard

Virus tcbhn?


sorry war doppelt
__________________
Alt 05.06.2013, 14:51   #34
markusg
/// Malware-holic
 
Virus tcbhn? - Standard

Virus tcbhn?


ist das das selbe log oder konntest du die Funde nicht löschen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.06.2013, 15:17   #35
Jz°
 
Virus tcbhn? - Standard

Virus tcbhn?


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.06.2013 16:05:20 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dermal\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,81% Memory free
6,19 Gb Paging File | 5,16 Gb Available in Paging File | 83,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 132,70 Gb Total Space | 34,75 Gb Free Space | 26,19% Space Free | Partition Type: NTFS
Drive D: | 116,44 Gb Total Space | 116,18 Gb Free Space | 99,78% Space Free | Partition Type: NTFS
Drive E: | 88,46 Gb Total Space | 88,30 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
Drive F: | 116,44 Gb Total Space | 116,20 Gb Free Space | 99,80% Space Free | Partition Type: NTFS
 
Computer Name: DERMAL-PC | User Name: Dermal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
PRC - C:\Users\Dermal\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Dermal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Program Files\ASUS\ATK Hotkey\MsgTran.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (ASLDRService) -- C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (LGVMODEM) -- system32\DRIVERS\lgvmodem.sys File not found
DRV - (lgbusenum) -- system32\DRIVERS\lgbtbus.sys File not found
DRV - (LgBttPort) -- system32\DRIVERS\lgbtport.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (catchme) -- C:\Users\Dermal\AppData\Local\Temp\catchme.sys File not found
DRV - (ANDModem) -- system32\DRIVERS\lgandmodem.sys File not found
DRV - (AndGps) -- system32\DRIVERS\lgandgps.sys File not found
DRV - (AndDiag) -- system32\DRIVERS\lganddiag.sys File not found
DRV - (Andbus) -- system32\DRIVERS\lgandbus.sys File not found
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0EBA8A82-8106-40E8-8158-884207723351}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BC20CFE5-8809-45BA-ACD0-BB7A411EF052}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKCU\..\SearchScopes\{EFD91EA0-8C3D-429D-A6A2-FA75F1584A5D}: "URL" = hxxp://websearch.search-results.com/redirect?client=ie&tb=STC-SRS&o=41648033&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=96&apn_dtid=YYYYYYYYDE&apn_uid=340D5ADC-5FC1-46D2-AFD1-1CA91B80FB38&apn_sauid=174C2784-EF81-43A6-833F-EFED5AC8A2C6&
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B99079a25-328f-4bd4-be04-00955acaa0a7%7D:4.6.1.01
FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0
FF - prefs.js..extensions.enabledAddons: bbrs_002%40blabbers.com:1.0.5
FF - prefs.js..extensions.enabledAddons: bbrs_003%40blabbers.com:1.0.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dermal\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dermal\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013.04.11 13:37:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.26 13:12:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.26 13:12:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.04.21 13:43:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dermal\AppData\Roaming\mozilla\Extensions
[2012.05.06 14:58:05 | 000,003,367 | ---- | M] () -- C:\Users\Dermal\AppData\Roaming\mozilla\firefox\profiles\kapz8vph.default\searchplugins\search-results.xml
[2013.05.14 23:36:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.05.26 13:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2013.05.26 13:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2013.05.26 13:54:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.04.19 20:02:19 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.04.19 20:02:14 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.19 20:02:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.04.19 20:02:14 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.19 20:02:14 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.19 20:02:14 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.19 20:02:14 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dermal\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dermal\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dermal\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U34 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll
CHR - plugin: Java Deployment Toolkit 6.0.340.4 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - Extension: SiteAdvisor = C:\Users\Dermal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\
CHR - Extension: SiteAdvisor = C:\Users\Dermal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - !{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Dermal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Dermal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B61915F-9D44-4468-8989-C4BA1B9B61ED}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dermal\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dermal\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.05 15:58:19 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013.06.05 15:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013.06.05 15:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.06.05 15:33:25 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.06.05 14:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013.06.05 14:00:41 | 000,000,000 | ---D | C] -- C:\Users\Dermal\Documents\Desktop\Revo Uninstaller
[2013.06.05 14:00:41 | 000,000,000 | ---D | C] -- C:\Users\Dermal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013.06.05 12:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.06.05 12:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.06.04 18:24:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.04 18:24:02 | 000,000,000 | ---D | C] -- C:\Users\Dermal\AppData\Local\temp
[2013.06.04 18:23:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.04 18:09:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.04 18:09:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.04 18:09:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.04 18:09:50 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.04 18:08:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.04 18:07:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.04 17:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.06.04 17:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.06.03 22:32:06 | 000,000,000 | ---D | C] -- C:\Users\Dermal\AppData\Roaming\Malwarebytes
[2013.06.03 22:31:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.03 22:31:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.03 22:31:49 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.06.03 22:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.26 13:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.05.26 13:12:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013.05.26 13:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.05.26 13:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.05.26 13:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.05.26 13:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.05.16 23:31:19 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.16 23:20:28 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.16 23:20:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.16 23:20:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.05.16 23:20:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.16 23:20:27 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.16 23:20:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.16 23:20:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.05.16 22:16:25 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.05.16 22:16:10 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.14 23:44:56 | 000,000,000 | ---D | C] -- C:\Users\Dermal\{09eaafdd-d0b5-4aa7-ae4c-e2eb31169664}
[2013.05.14 23:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.14 23:37:46 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.05.14 23:37:27 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.05.14 23:37:27 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.05.14 23:37:27 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.05.14 23:24:30 | 000,000,000 | ---D | C] -- C:\Users\Dermal\AppData\Roaming\Skype
[2013.05.14 23:24:17 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.05.14 23:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.05.14 23:24:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.05.14 23:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.05 16:01:21 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.05 16:01:19 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.05 16:00:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.05 16:00:33 | 000,027,934 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.06.05 16:00:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.05 16:00:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.05 16:00:24 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.05 15:58:19 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013.06.05 15:33:55 | 000,001,711 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.06.05 15:29:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.05 15:24:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2037266627-3019248292-127095963-1000UA.job
[2013.06.05 14:55:55 | 000,000,150 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.05 14:29:38 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013.06.05 14:00:42 | 000,000,690 | ---- | M] () -- C:\Users\Dermal\Documents\Desktop\Revo Uninstaller.lnk
[2013.06.05 12:37:26 | 000,000,771 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.06.04 23:54:58 | 000,027,934 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.06.04 19:24:06 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2037266627-3019248292-127095963-1000Core.job
[2013.06.04 17:56:45 | 000,000,891 | ---- | M] () -- C:\Users\Dermal\Documents\Desktop\tdsskiller (1).exe - Verknüpfung.lnk
[2013.06.04 16:13:40 | 000,000,525 | ---- | M] () -- C:\Users\Dermal\Documents\Desktop\OTL.exe - Verknüpfung.lnk
[2013.05.31 16:37:40 | 000,000,680 | ---- | M] () -- C:\Users\Dermal\AppData\Local\d3d9caps.dat
[2013.05.28 11:25:04 | 000,002,060 | ---- | M] () -- C:\Users\Dermal\Documents\Desktop\Google Chrome.lnk
[2013.05.26 13:12:28 | 000,001,693 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.05.26 13:01:53 | 000,001,631 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.22 16:34:06 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.22 16:34:06 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.22 16:34:06 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.22 16:34:05 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.17 17:12:53 | 000,398,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.16 12:35:47 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.16 12:35:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.15 17:04:40 | 000,034,816 | ---- | M] () -- C:\Users\Dermal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.14 23:44:19 | 002,399,861 | ---- | M] (Macrovision Corporation) -- C:\Windows\snuninst.exe
[2013.05.14 23:44:19 | 001,772,544 | ---- | M] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2013.05.14 23:44:19 | 000,176,128 | ---- | M] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2013.05.14 23:44:19 | 000,015,497 | ---- | M] () -- C:\Windows\snp2uvc.ini
[2013.05.14 23:44:19 | 000,013,022 | ---- | M] () -- C:\Windows\snp2uvc.src
[2013.05.14 23:44:18 | 000,028,160 | ---- | M] () -- C:\Windows\System32\drivers\sncduvc.sys
[2013.05.14 23:37:03 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.05.14 23:37:02 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.05.14 23:37:02 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.05.14 23:37:02 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.05.14 23:37:01 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013.05.14 23:37:01 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.05.14 23:24:17 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
========== Files Created - No Company Name ==========
 
[2013.06.05 15:33:55 | 000,001,711 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.06.05 14:55:14 | 000,000,150 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.05 14:29:38 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013.06.05 14:29:38 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013.06.05 14:00:42 | 000,000,690 | ---- | C] () -- C:\Users\Dermal\Documents\Desktop\Revo Uninstaller.lnk
[2013.06.05 12:37:26 | 000,000,771 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.06.04 18:09:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.04 18:09:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.04 18:09:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.04 18:09:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.04 18:09:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.04 17:56:45 | 000,000,891 | ---- | C] () -- C:\Users\Dermal\Documents\Desktop\tdsskiller (1).exe - Verknüpfung.lnk
[2013.06.04 16:13:40 | 000,000,525 | ---- | C] () -- C:\Users\Dermal\Documents\Desktop\OTL.exe - Verknüpfung.lnk
[2013.05.26 13:12:28 | 000,001,693 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.05.26 13:01:53 | 000,001,631 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.14 23:24:17 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.04.23 13:57:22 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.04.23 13:56:09 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF10A.DAT
[2013.04.23 10:44:11 | 000,039,670 | ---- | C] () -- C:\Users\Dermal\Antwort Prof. Lichtenberg.pdf
[2013.03.24 15:53:37 | 000,104,386 | ---- | C] () -- C:\Users\Dermal\ESt2012_Lemmermeier_Jasmin.elfo
[2012.05.06 15:18:31 | 000,087,187 | ---- | C] () -- C:\Users\Dermal\ESt2011_Lemmermeier_Jasmin.elfo
[2012.01.06 14:52:50 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2012.01.06 14:52:50 | 000,002,411 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011.12.12 22:37:31 | 000,000,680 | ---- | C] () -- C:\Users\Dermal\AppData\Local\d3d9caps.dat
[2011.08.01 13:11:12 | 000,034,816 | ---- | C] () -- C:\Users\Dermal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.28 13:19:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.07.28 13:19:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.07.22 14:17:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.07.22 13:32:38 | 000,027,934 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.07.20 20:31:51 | 000,027,934 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.07.20 05:22:09 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---
Alt 05.06.2013, 17:53   #36
markusg
/// Malware-holic
 
Virus tcbhn? - Standard

Virus tcbhn?


Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
DRV - (lgbusenum) -- system32\DRIVERS\lgbtbus.sys File not found
DRV - (LgBttPort) -- system32\DRIVERS\lgbtport.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (catchme) -- C:\Users\Dermal\AppData\Local\Temp\catchme.sys File not found
DRV - (ANDModem) -- system32\DRIVERS\lgandmodem.sys File not found
DRV - (AndGps) -- system32\DRIVERS\lgandgps.sys File not found
DRV - (AndDiag) -- system32\DRIVERS\lganddiag.sys File not found
DRV - (Andbus) -- system32\DRIVERS\lgandbus.sys File not found
IE - HKCU\..\SearchScopes\{BC20CFE5-8809-45BA-ACD0-BB7A411EF052}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKCU\..\SearchScopes\{EFD91EA0-8C3D-429D-A6A2-FA75F1584A5D}: "URL" = hxxp://websearch.search-results.com/redirect?client=ie&tb=STC-SRS&o=41648033&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=96&apn_dtid=YYYYYYYYDE&apn_uid=340D5ADC-5FC1-46D2-AFD1-1CA91B80FB38&apn_sauid=174C2784-EF81-43A6-833F-EFED5AC8A2C6&
FF - prefs.js..extensions.enabledAddons: bbrs_002%40blabbers.com:1.0.5
FF - prefs.js..extensions.enabledAddons: bbrs_003%40blabbers.com:1.0.5
O3 - HKLM\..\Toolbar: (no name) - !{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
:files
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


bitte teste, ob es im Firefox, internet explorer, und sonstigen
evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt.
Teste wie pc und programme allgemein laufen.
__________________
--> Virus tcbhn?

Alt 06.06.2013, 08:23   #37
Jz°
 
Virus tcbhn? - Standard

Virus tcbhn?


Guten Morgen, ich habe den Eindruck, dass der Laptop im ganzen etwas länger braucht zum Starten, ansonsten konnte ich keine Toolbars oder ähnliches finden.

All processes killed
========== OTL ==========
Service lgbusenum stopped successfully!
Service lgbusenum deleted successfully!
File system32\DRIVERS\lgbtbus.sys File not found not found.
Service LgBttPort stopped successfully!
Service LgBttPort deleted successfully!
File system32\DRIVERS\lgbtport.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys File not found not found.
Service hwdatacard stopped successfully!
Service hwdatacard deleted successfully!
File system32\DRIVERS\ewusbmdm.sys File not found not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\Users\Dermal\AppData\Local\Temp\catchme.sys File not found not found.
Service ANDModem stopped successfully!
Service ANDModem deleted successfully!
File system32\DRIVERS\lgandmodem.sys File not found not found.
Service AndGps stopped successfully!
Service AndGps deleted successfully!
File system32\DRIVERS\lgandgps.sys File not found not found.
Service AndDiag stopped successfully!
Service AndDiag deleted successfully!
File system32\DRIVERS\lganddiag.sys File not found not found.
Service Andbus stopped successfully!
Service Andbus deleted successfully!
File system32\DRIVERS\lgandbus.sys File not found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BC20CFE5-8809-45BA-ACD0-BB7A411EF052}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC20CFE5-8809-45BA-ACD0-BB7A411EF052}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EFD91EA0-8C3D-429D-A6A2-FA75F1584A5D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFD91EA0-8C3D-429D-A6A2-FA75F1584A5D}\ not found.
Prefs.js: bbrs_002%40blabbers.com:1.0.5 removed from extensions.enabledAddons
Prefs.js: bbrs_003%40blabbers.com:1.0.5 removed from extensions.enabledAddons
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dermal
->Temp folder emptied: 3844209 bytes
->Temporary Internet Files folder emptied: 476738 bytes
->Java cache emptied: 654638 bytes
->FireFox cache emptied: 73880536 bytes
->Google Chrome cache emptied: 27443981 bytes
->Flash cache emptied: 662 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 413664 bytes
RecycleBin emptied: 662001 bytes

Total Files Cleaned = 102,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06062013_091551

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 08.06.2013, 16:27   #38
markusg
/// Malware-holic
 
Virus tcbhn? - Standard

Virus tcbhn?


Hi
wie siehts nach deinstalation von Malwarebytes aus?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.06.2013, 07:11   #39
Jz°
 
Virus tcbhn? - Standard

Virus tcbhn?


Guten Morgen!
Bisher ist keine Meldung mehr über tcbhn aufgetaucht. Allerdings braucht mein Laptop immer noch sehr lange zum Hochfahren bzw. Desktop laden und in Gebrauch arbeitet er sich fast zu tode.

Kann ich etwas tun, um mich besser zu schützen?

LG Jz°

Alt 11.06.2013, 12:08   #40
markusg
/// Malware-holic
 
Virus tcbhn? - Standard

Virus tcbhn?


also ist Malwarebytes deinstaliert?
öffne ccleaner, extras, autostartliste, windows, als txt speichern, inhalt posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.06.2013, 16:18   #41
Jz°
 
Virus tcbhn? - Standard

Virus tcbhn?


Hey, entschuldige bitte, dass sich da hier so verzögert, bin leider die ganze Zeit arbeiten.

Ja Malwarebytes wie von Dir gewünscht deinstalliert, hier der gewünschte txt;


Ja HKCU:Run ehTray.exe Microsoft Corporation C:\Windows\ehome\ehTray.exe
Ja HKCU:Run OfficeSyncProcess Microsoft Corporation "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
Ja HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Ja HKCU:Run Spotify Web Helper Spotify Ltd "C:\Users\Dermal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
Ja HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Ja HKLM:Run APSDaemon Apple Inc. "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Ja HKLM:Run ATKMEDIA ASUS C:\Program Files\ASUS\ATK Media\DMedia.exe
Ja HKLM:Run ATKOSD2 ASUS C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
Ja HKLM:Run avgnt Avira Operations GmbH & Co. KG "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
Ja HKLM:Run B2C_AGENT LG Electronics C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
Ja HKLM:Run BCSSync Microsoft Corporation "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Ja HKLM:Run BrStsMon00 Brother Industries, Ltd. C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
Ja HKLM:Run ControlCenter3 Brother Industries, Ltd. C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
Ja HKLM:Run HControlUser ASUS C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
Ja HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Ja HKLM:Run NvCplDaemon Microsoft Corporation RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Ja HKLM:Run NvMediaCenter Microsoft Corporation RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Ja HKLM:Run QuickTime Task Apple Inc. "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Ja HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Ja HKLM:Run WinampAgent Nullsoft, Inc. "C:\Program Files\Winamp\winampa.exe"
Ja Startup Common McAfee Security Scan Plus.lnk McAfee, Inc. C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
Ja Startup User OpenOffice.org 3.3.lnk C:\Program Files\OpenOffice.org 3\program\quickstart.exe

Alt 12.06.2013, 17:18   #42
markusg
/// Malware-holic
 
Virus tcbhn? - Standard

Virus tcbhn?


deaktiviere alle außer:
avgnt

2 mal neustarten, gucken wie der PC läuft
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort
Seite 3 von 3 12 3

Themen zu Virus tcbhn?
anti-malware, beendet, bereits, dankbar, einzige, festgestellt, feststellen, folge, folgendes, gestellt, helfer, laptop, liebe, malwarebytes, malwarebytes anti-malware, meldung, nicht mehr, problem, schritt, stelle, tcbhn.exe, virus, virus?, vista, windows, windows vista


« ADSPY/AdSpy.Gen2 - \Intel\Intel(R) Management Engine Components\UNS\UNS.exe' .lapi total am hängen | Wie bringe ich den Installationsdialog betr. wssetup.exe zum Verschwinden? »


Ähnliche Themen: Virus tcbhn?


  1. tcbhn hat ein Problem festgestellt und muß beendet werden
    Log-Analyse und Auswertung - 08.02.2015 (1)
  2. tcbhn wurde beendet
    Log-Analyse und Auswertung - 15.08.2013 (39)
  3. Fehlermeldung: tcbhn wurde geschlossen
    Log-Analyse und Auswertung - 08.07.2013 (11)
  4. TCBHN vom PC runterschmeißen
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (5)
  5. tcbhn wurde beendet und geschlossen!
    Log-Analyse und Auswertung - 14.06.2013 (30)
  6. tcbhn wurde beendet und geschlossen
    Plagegeister aller Art und deren Bekämpfung - 13.06.2013 (47)
  7. Tcbhn wurde beendet und geschlossen - Virus?
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (9)
  8. tcbhn.exe wurde beendet und geschlossen.
    Plagegeister aller Art und deren Bekämpfung - 14.05.2013 (17)
  9. tcbhn.exe wurde beendet und geschlossen.
    Plagegeister aller Art und deren Bekämpfung - 07.05.2013 (3)
  10. Tcbhn wurde beendet und geschlossen
    Log-Analyse und Auswertung - 03.05.2013 (7)
  11. tcbhn hat ein Problem festgestellt und muß beendet werden
    Log-Analyse und Auswertung - 28.04.2013 (4)
  12. Meldung: tcbhn wurde beendet und geschlossen
    Plagegeister aller Art und deren Bekämpfung - 23.04.2013 (21)
  13. tcbhn wurde beendet und geschlossen?
    Log-Analyse und Auswertung - 23.04.2013 (8)
  14. tcbhn im Autostart!
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (58)
  15. tcbhn wurde beendet und geschlossen?
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (43)
  16. tcbhn.exe Blabbers gefunden im Startmenü
    Log-Analyse und Auswertung - 08.12.2012 (8)
  17. tcbhn.exe *32
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (13)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Virus tcbhn? - Code: Alles auswählen Aufklappen ATTFilter HitmanPro 3.7.6.201 www.hitmanpro.com Computer name . . . . : DERMAL-PC Windows . . . . . . . : 6.0.2.6002.X86/2 User name . . - Virus tcbhn?...
Archiv
Du betrachtest: Virus tcbhn? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19