|
Plagegeister aller Art und deren Bekämpfung: Habe ein Trojaner und weis nicht mehr weiter...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.09.2010, 15:59 | #1 |
| Habe ein Trojaner und weis nicht mehr weiter... Hallo zusammen ihr könnt mir hoffentlich helfen.. ich habe irgendwie ein Virus oder Trojner eingefangen.. und dieses Teil verhindert das ich ins Internet gehen kann.. Ich habe den Kaspersky installiert erfindet zwar die Trojaner aber kan sie nicht löschen.. Ich habe mal die namen aufgeschriben von diesen Trojaner: Trojan.Win32.Scar.crkt; Datei: C:/Users/****/.COMMgr/complgr.exe Trojan-Dropper.Win32.FrauDrop.bdi; Datei/Users/****/AppData/Roaming/5EEF.../mediafix70700en02.exe und einen konnte das Antivirusprogramm löschen das war der: Trojan-Dropper.Win32.Agent.cyil Ich hoffe ihr könnt mir helfen.. Vielen Dand im Voraus. MFG Simon |
14.09.2010, 16:05 | #2 |
/// Malware-holic | Habe ein Trojaner und weis nicht mehr weiter... 1.
__________________download malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten. 2. ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide |
14.09.2010, 16:12 | #3 |
| Habe ein Trojaner und weis nicht mehr weiter... das problem ist ich kann keine internetseite öffnen.. die einzige internetseite die geht ist irgendeine von amerika für zum downloaden eines Antivirusprogramm... aber ich möchte das nicht herunterladen..
__________________MFG |
14.09.2010, 16:15 | #4 |
/// Malware-holic | Habe ein Trojaner und weis nicht mehr weiter... ne blos nicht. versuch mal ob du in den abgesicherten modus mit netzwerk kommst, ist bei pc start die f8-taste. und dann mal Malwarebytes versuchen |
14.09.2010, 16:16 | #5 |
| Habe ein Trojaner und weis nicht mehr weiter... ok vielen dank werde es gleich mal ausprobieren... |
14.09.2010, 16:35 | #6 |
| Habe ein Trojaner und weis nicht mehr weiter... ich bin nicht gerade der Computer-Spezialist aber wen ich den PC start passiert nix mit F8, also ich habe einen Windows 7.. Tut mir leid... MFG |
14.09.2010, 16:38 | #7 |
/// Malware-holic | Habe ein Trojaner und weis nicht mehr weiter... versuch mal obs eine der anderen f-tasten ist, ist halt net bei jedem pc die selbe taste. wenn nicht, hast du nen usb stick? |
14.09.2010, 16:40 | #8 |
| Habe ein Trojaner und weis nicht mehr weiter... jaa habe ich... ach soo dann lade ich das programm runter und lade ihn über den USB auf den anderen PC.. meinst du soo?? |
14.09.2010, 16:47 | #9 |
/// Malware-holic | Habe ein Trojaner und weis nicht mehr weiter... ja genau. versuch erst Malwarebytes und dann otl :-) |
14.09.2010, 17:13 | #10 |
| Habe ein Trojaner und weis nicht mehr weiter... Malwarebytes: Infizierte Dateien: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully. C:\Users\****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Users\****\.COMMgr\complmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully. und der OTL kann ich dir in di Inbox schreibe ok?? |
14.09.2010, 17:18 | #11 |
| Habe ein Trojaner und weis nicht mehr weiter... ............... |
14.09.2010, 17:20 | #12 |
/// Malware-holic | Habe ein Trojaner und weis nicht mehr weiter... nein, die logs hier posten. warum ist das Malwarebytes log nicht vollständig? |
14.09.2010, 17:25 | #13 |
| Habe ein Trojaner und weis nicht mehr weiter... ok also Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4052 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 14.09.2010 17:50:51 mbam-log-2010-09-14 (17-50-51).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 118665 Laufzeit: 3 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: C:\Users\Simon Pfister\.COMMgr\complmgr.exe (Trojan.Agent) -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\com+ manager (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Simon Pfister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully. C:\Users\Simon Pfister\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Users\Simon Pfister\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Users\Simon Pfister\.COMMgr\complmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully. und der OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.09.2010 18:04:08 - Run 1 OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Simon Pfister\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 453,64 Gb Total Space | 376,50 Gb Free Space | 83,00% Space Free | Partition Type: NTFS Drive D: | 12,03 Gb Total Space | 1,70 Gb Free Space | 14,12% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded Drive H: | 1,90 Gb Total Space | 1,33 Gb Free Space | 69,89% Space Free | Partition Type: FAT I: Drive not present or media not loaded Computer Name: SIMONPFISTER-PC Current User Name: Simon Pfister Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Simon Pfister\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Simon Pfister\AppData\Roaming\5EEFDC88783796B53924F04D3F4D2CB5\mediafix70700en02.exe () PRC - C:\Program Files (x86)\Babylon\Babylon-Pro\Agent\BabylonAgent.exe () PRC - C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab) ========== Modules (SafeList) ========== MOD - C:\Users\Simon Pfister\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll (Kaspersky Lab) MOD - C:\PROGRA~2\KASPER~1\KASPER~1.0\r3hook.dll (Kaspersky Lab) ========== Win32 Services (SafeList) ========== SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\ezsvc7.dll File not found SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation) SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (VX1000) -- C:\Windows\SysNative\drivers\VX1000.sys (Microsoft Corporation) DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symtdiv.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys (Symantec Corporation) DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.sys (Symantec Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100719.001\BHDrvx64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100809.001\IDSviA64.sys (Symantec Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Compaq | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Compaq | MSN IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyB1.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN IE - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search IE - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyB1.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092 FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010.06.15 18:14:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010.06.14 04:01:45 | 000,000,000 | ---D | M] [2010.07.16 19:57:20 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\mozilla\Extensions [2010.07.16 19:57:20 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyB1.dll (Conduit Ltd.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyB1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\..\Toolbar\WebBrowser: (no name) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - No CLSID value found. O3 - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files (x86)\myBabylon_English\tbmyB1.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Programme\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.) O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [WindowsLivePhone] C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2821837280-3185932139-283334984-1000..\Run: [mediafix70700en02.exe] C:\Users\Simon Pfister\AppData\Roaming\5EEFDC88783796B53924F04D3F4D2CB5\mediafix70700en02.exe () O4 - HKU\S-1-5-21-2821837280-3185932139-283334984-1000..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2821837280-3185932139-283334984-1000..\Run: [WindowsLivePhone] C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - Startup: C:\Users\Simon Pfister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9:64bit: - Extra Button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 7.0\x64\SCIEPlgn.dll (Kaspersky Lab) O9 - Extra Button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll (Kaspersky Lab) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1.0\x64\adialhk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1.0\x64\adialhk.dll (Kaspersky Lab) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1.0\x64\r3hook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1.0\x64\r3hook.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1.0\r3hook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1.0\r3hook.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1.0\adialhk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1.0\adialhk.dll (Kaspersky Lab) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.05.06 14:26:23 | 000,000,309 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{088ebd82-1db3-11df-8381-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{088ebd82-1db3-11df-8381-806e6f6e6963}\Shell\AutoRun\command - "" = E:\KIS73PLATZ.EXE -- File not found O33 - MountPoints2\{debc97c9-9e9c-11df-b386-18a9052ed2de}\Shell - "" = AutoRun O33 - MountPoints2\{debc97c9-9e9c-11df-b386-18a9052ed2de}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007.10.23 09:45:39 | 001,336,632 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.14 18:03:45 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Simon Pfister\Desktop\OTL.exe [2010.09.14 17:47:17 | 000,000,000 | ---D | C] -- C:\Users\Simon Pfister\AppData\Roaming\Malwarebytes [2010.09.14 17:47:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.09.14 17:46:58 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.09.14 17:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.14 17:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.09.14 17:45:32 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Simon Pfister\Desktop\mbam-setup.exe [2010.09.14 15:47:33 | 000,000,000 | ---D | C] -- C:\Users\Simon Pfister\AppData\Local\ElevatedDiagnostics [2010.09.13 09:23:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2010.09.13 09:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2010.09.13 09:23:00 | 000,173,336 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2010.09.05 16:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2010.09.05 15:37:01 | 000,000,000 | ---D | C] -- C:\Users\Simon Pfister\AppData\Local\fdyjecuxg [2010.09.05 15:36:52 | 000,000,000 | -HSD | C] -- C:\Users\Simon Pfister\.COMMgr [2010.09.05 15:36:47 | 000,000,000 | ---D | C] -- C:\Users\Simon Pfister\AppData\Local\Windows Server [2010.09.05 15:36:41 | 000,000,000 | ---D | C] -- C:\Users\Simon Pfister\AppData\Roaming\5EEFDC88783796B53924F04D3F4D2CB5 [2010.09.05 15:24:48 | 000,000,000 | ---D | C] -- C:\Users\Simon Pfister\AppData\Local\Babylon [2010.09.05 15:24:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\myBabylon_English [2010.09.05 15:24:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Babylon [2010.09.05 15:24:21 | 000,000,000 | ---D | C] -- C:\Users\Simon Pfister\AppData\Roaming\Babylon [2010.09.05 15:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2010.09.05 15:23:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RadioBar [2010.08.27 10:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nemesys Team Studio [2010.08.25 11:40:10 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2010.08.24 20:02:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam [2010.08.24 20:02:51 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft LifeCam [2010.08.24 20:02:46 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll [2010.08.24 20:02:46 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll [2010.08.24 19:57:15 | 000,000,000 | ---D | C] -- C:\Users\Simon Pfister\AppData\Local\WLDM [2010.08.19 21:49:20 | 000,000,000 | ---D | C] -- C:\Users\Simon Pfister\Documents\Anno 1404 [2010.08.19 20:58:42 | 000,000,000 | ---D | C] -- C:\Users\Simon Pfister\AppData\Roaming\Ubisoft [2010.08.19 20:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages [2010.08.19 20:56:43 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll [2010.08.19 20:56:43 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll [2010.08.19 20:56:43 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll [2010.08.19 20:56:43 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll [2010.08.19 20:56:42 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll [2010.08.19 20:56:42 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll [2010.08.19 20:56:42 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll [2010.08.19 20:56:42 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll [2010.08.19 20:56:42 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll [2010.08.19 20:56:42 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll [2010.08.19 20:56:42 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll [2010.08.19 20:56:42 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2010.08.19 20:56:41 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll [2010.08.19 20:56:41 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll [2010.08.19 20:56:40 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll [2010.08.19 20:56:40 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll [2010.08.19 20:56:40 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll [2010.08.19 20:56:40 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll [2010.08.19 20:56:39 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll [2010.08.19 20:56:39 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll [2010.08.19 18:20:56 | 000,000,000 | ---D | C] -- C:\Users\Simon Pfister\AppData\Roaming\skypePM [2010.08.19 18:20:16 | 000,000,000 | ---D | C] -- C:\Users\Simon Pfister\AppData\Roaming\Skype [2010.08.19 18:19:59 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2010.08.19 18:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010.08.19 18:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [1 C:\Users\Simon Pfister\*.tmp files -> C:\Users\Simon Pfister\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.14 18:06:03 | 001,835,008 | -HS- | M] () -- C:\Users\Simon Pfister\ntuser.dat [2010.09.14 18:00:40 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.14 18:00:40 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.14 18:00:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Simon Pfister\Desktop\OTL.exe [2010.09.14 17:52:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.14 17:52:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.14 17:51:57 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2010.09.14 17:51:22 | 001,140,361 | -H-- | M] () -- C:\Users\Simon Pfister\AppData\Local\IconCache.db [2010.09.14 17:47:08 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.14 17:38:50 | 000,001,445 | ---- | M] () -- C:\Users\Simon Pfister\Desktop\Internet Explorer (2).lnk [2010.09.14 17:34:24 | 000,149,773 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2010.09.14 17:34:24 | 000,106,765 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2010.09.14 17:34:13 | 000,524,288 | -HS- | M] () -- C:\Users\Simon Pfister\ntuser.dat{4249ef51-c015-11df-b40f-001b11bcf1e3}.TMContainer00000000000000000002.regtrans-ms [2010.09.14 17:34:13 | 000,524,288 | -HS- | M] () -- C:\Users\Simon Pfister\ntuser.dat{4249ef51-c015-11df-b40f-001b11bcf1e3}.TMContainer00000000000000000001.regtrans-ms [2010.09.14 17:34:13 | 000,065,536 | -HS- | M] () -- C:\Users\Simon Pfister\ntuser.dat{4249ef51-c015-11df-b40f-001b11bcf1e3}.TM.blf [2010.09.14 17:28:38 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Simon Pfister\Desktop\mbam-setup.exe [2010.09.13 09:24:37 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.09.13 09:24:37 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.09.13 09:24:37 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.09.13 09:24:37 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.09.13 09:24:37 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.09.13 09:23:00 | 000,173,336 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2010.09.05 16:31:42 | 000,000,355 | ---- | M] () -- C:\Users\Simon Pfister\Desktop\Computer.lnk [2010.09.03 10:57:30 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job [2010.08.27 10:21:02 | 000,001,267 | ---- | M] () -- C:\Users\Public\Desktop\Air Traffic Control.lnk [2010.08.24 20:03:26 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk [2010.08.19 20:56:46 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys [2010.08.19 20:56:45 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2010.08.19 18:21:52 | 000,000,126 | ---- | M] () -- C:\Users\Simon Pfister\AppData\Roaming\wklnhst.dat [2010.08.19 18:19:59 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [1 C:\Users\Simon Pfister\*.tmp files -> C:\Users\Simon Pfister\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.14 17:47:08 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.14 17:38:50 | 000,001,445 | ---- | C] () -- C:\Users\Simon Pfister\Desktop\Internet Explorer (2).lnk [2010.09.14 17:32:44 | 000,524,288 | -HS- | C] () -- C:\Users\Simon Pfister\ntuser.dat{4249ef51-c015-11df-b40f-001b11bcf1e3}.TMContainer00000000000000000002.regtrans-ms [2010.09.14 17:32:44 | 000,524,288 | -HS- | C] () -- C:\Users\Simon Pfister\ntuser.dat{4249ef51-c015-11df-b40f-001b11bcf1e3}.TMContainer00000000000000000001.regtrans-ms [2010.09.14 17:32:44 | 000,065,536 | -HS- | C] () -- C:\Users\Simon Pfister\ntuser.dat{4249ef51-c015-11df-b40f-001b11bcf1e3}.TM.blf [2010.09.13 09:23:38 | 000,149,773 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2010.09.13 09:23:38 | 000,106,765 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2010.09.05 16:31:42 | 000,000,355 | ---- | C] () -- C:\Users\Simon Pfister\Desktop\Computer.lnk [2010.08.27 10:21:02 | 000,001,267 | ---- | C] () -- C:\Users\Public\Desktop\Air Traffic Control.lnk [2010.08.24 20:03:26 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk [2010.08.19 20:56:46 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys [2010.08.19 20:56:45 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2010.08.19 18:19:59 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2010.08.09 18:03:04 | 000,000,126 | ---- | C] () -- C:\Users\Simon Pfister\AppData\Roaming\wklnhst.dat [2009.09.29 16:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL [2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.26 17:24:18 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini [2009.06.10 21:12:24 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll ========== LOP Check ========== [2010.09.15 03:26:04 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\5EEFDC88783796B53924F04D3F4D2CB5 [2010.09.05 16:27:58 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\Babylon [2010.08.15 14:19:05 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\Flight One Software [2010.06.12 19:57:00 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\GOL_byHasbro [2010.09.14 17:55:27 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\LimeWire [2010.08.08 16:18:49 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\Spesoft Audio Converter [2010.08.09 18:03:06 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\Template [2010.08.19 20:58:42 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\Ubisoft [2010.06.12 19:07:55 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\WildTangent [2010.07.05 21:12:31 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\WinBatch [2010.06.12 17:15:07 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\_MDLogs [2010.09.03 10:57:30 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job [2009.07.14 07:08:49 | 000,005,418 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
14.09.2010, 17:30 | #14 |
/// Malware-holic | Habe ein Trojaner und weis nicht mehr weiter... na gut dass ichs noch mal sehen wollte, bitte malwarebytes öffnen, registerkarte aktualisierung, programm updaten. registerkarte scanner, komplett scan, funde entfernen, log posten. |
Themen zu Habe ein Trojaner und weis nicht mehr weiter... |
antivirusprogramm, datei, hallo zusammen, hoffe, installier, installiert, inter, interne, internet, kaspersky, konnte, namen, nicht mehr, troja, trojaner, verhindert, virus, zusammen |