Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   AKM -ihr Computer wurde gesperrt -50€ PaySafeCard (https://www.trojaner-board.de/114581-akm-computer-wurde-gesperrt-50-paysafecard.html)

TAci01 07.05.2012 22:01
Zitat:
Zitat von markusg (Beitrag 823695)
dann schreibs doch gleich vernünftig hin.
du sagst.
"leider nur auf meinem alten , und der hat nen display schaden
"
und daraus soll ich schließen das das betroffene gerät kein cd laufwerk hatt oder wie?

Erstellen wir einen bootbaren USB Stick für OTLPE

Wichtig:
Der USB Stick muss mindestens 512 MB oder mehr haben. Sichere gegebenfalls alle Dateien von dem USB Stick, diese werden nach den folgenden Schritten nicht
mehr vorhanden sein.
Downloade dir eeepcfr.zip und entpacke die Datei nach Systemroot (meistens
C:\).
  • Leere den USB Stick auf den Du OTLPE erstellen willst.
  • Navigiere nach C:\eeecpfr und starte usb_prep8.cmd.
  • Drücke
    im DOS Fenster eine beliebige Taste.
  • Gehe nun sicher das der richtige Laufwerksbuchstabe deines USB Sticks ganz oben steht.
    Für Drive Label: gib ein OTLPE.
    Unter Source Path to built BartPE/WinPE Files klicke ... und wähle den vorher erstellten OTLPE Ordner .
    Setze ein Häckchen bei Enable File Copy.
  • Klicke Start, akzeptiere die Nutzungsbestimmungen.
Nun kannst Du mit dem USB Stick dein System starten!

Nun boote von mit der OTLPE USB Stick.
Hinweis: Wie boote ich von CD (einfach statt ner CD USB Device
auswählen)
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Wenn Du gefragt
    wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s)
    for scanning"    , dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.

  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt
    und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste
    den Inhalt von C:\OTL.Txt und Extras.Txt.
wenn ich im reatogo auf das OTLPE Icon doppelklicke öffenet sich ein Fenster BROWSE FOR FOLDER -CHOOSE WINDOWS DIRECTORY
und dann MY COMPUTER
mit den Möglichkeiten
RAM DISK (B:)
SYSTEM (C:)
LOCAL DISK (D:)
RECOVERY (E:)
OTPLE(X:)
shared documents

was nun ???

Was mach ich denn nun mit dem OTLPE ???

markusg 08.05.2012 17:52
c oder d: aufklappen und den windows ordner anklicken dann gehts

TAci01 09.05.2012 10:11
OTL Logfile:
Code:
OTL logfile created on: 5/9/2012 11:54:54 AM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows 7 Starter  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,015.00 Mb Total Physical Memory | 742.00 Mb Available Physical Memory | 73.00% Memory free
903.00 Mb Paging File | 810.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 199.00 Mb Total Space | 169.36 Mb Free Space | 85.11% Space Free | Partition Type: NTFS
Drive D: | 221.53 Gb Total Space | 25.97 Gb Free Space | 11.72% Space Free | Partition Type: NTFS
Drive E: | 11.16 Gb Total Space | 1.88 Gb Free Space | 16.82% Space Free | Partition Type: NTFS
Drive X: | 1.97 Gb Total Space | 1.63 Gb Free Space | 82.79% Space Free | Partition Type: FAT
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/04/12 04:31:34 | 000,784,792 | ---- | M] (Spigot, Inc.) [Auto] -- D:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/04/04 09:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/04 08:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand] -- D:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/09/09 12:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto] -- D:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/05/25 10:54:58 | 001,617,296 | ---- | M] (Bandoo Media Inc.) [Auto] -- D:\Program Files\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2011/03/28 12:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto] -- D:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/07/28 17:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand] -- D:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/02/19 08:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/30 10:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto] -- D:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/08 13:55:26 | 000,323,584 | -H-- | M] (DeviceVM, Inc.) [Auto] -- D:\SPLASH.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/06/29 16:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto] -- D:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\stacsv.exe -- (STacSV)
SRV - [2009/06/09 04:55:58 | 000,230,704 | ---- | M] (Stardock Corporation) [Auto] -- D:\Program Files\Stardock\MyColors\VistaSrv.exe -- (WindowBlinds)
SRV - [2009/03/02 17:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto] -- D:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\AEstSrv.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (USBCCID)
DRV - File not found [Kernel | On_Demand] --  -- (RtsUIR)
DRV - File not found [Kernel | On_Demand] --  -- (hwusbdev)
DRV - File not found [Kernel | On_Demand] --  -- (hwdatacard)
DRV - [2012/04/04 09:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/01 05:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/11/01 05:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/11/01 05:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/01 05:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/11/01 05:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/11/01 05:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/07/27 06:01:38 | 000,016,984 | -H-- | M] (DeviceVM, Inc.) [Kernel | System] -- D:\SPLASH.SYS\config\dvmio.sys -- (DVMIO)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/13 18:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/06/29 16:44:38 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/06/24 14:59:10 | 000,167,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/04/27 20:16:06 | 000,050,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2008/08/26 04:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2005/08/17 02:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 02:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 02:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=003dfecf0000000000000c607651ae1b&tlver=1.4.19.19&ss=1&affID=17395
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - D:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\_Gast__ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKU\_Gast__ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKU\_Gast__ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\Taci_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKU\Taci_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
IE - HKU\Taci_ON_D\Software\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\Taci_ON_D\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\Taci_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = Po
IE - HKU\Taci_ON_D\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
IE - HKU\Taci_ON_D\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKU\Taci_ON_D\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - Reg Error: Key error. File not found
IE - HKU\Taci_ON_D\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - D:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKU\Taci_ON_D\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - Reg Error: Key error. File not found
IE - HKU\Taci_ON_D\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - D:\Program Files\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\Taci_ON_D\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKU\Taci_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Taci_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=16508"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: de_AT@dicts.j3e.de:20101229
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: D:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: D:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: D:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/13 19:33:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_4.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_4.0 [2012/03/04 10:49:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/03/04 10:49:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\_Gast_\AppData\Roaming\Mozilla\Firefox\Profiles/gwccjc1e.default\extensions\ffox@bandoo.com
 
[2010/03/04 16:50:47 | 000,000,000 | ---D | M] (No name found) -- D:\Users\_Gast_\AppData\Roaming\Mozilla\Extensions
[2011/10/13 09:49:07 | 000,000,000 | ---D | M] (No name found) -- D:\Users\_Gast_\AppData\Roaming\Mozilla\Firefox\Profiles\xik70o9l.default\extensions
[2011/07/03 18:18:13 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- D:\Users\_Gast_\AppData\Roaming\Mozilla\Firefox\Profiles\xik70o9l.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/10/13 09:49:07 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-AT), Hunspell-unterstützt) -- D:\Users\_Gast_\AppData\Roaming\Mozilla\Firefox\Profiles\xik70o9l.default\extensions\de_AT@dicts.j3e.de
[2012/04/27 11:20:19 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2011/11/24 05:23:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- D:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/06/11 16:05:05 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/15 18:36:59 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/06/14 03:51:06 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/12/02 14:00:52 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/03 18:18:22 | 000,000,000 | ---D | M] (DataMngr) -- D:\PROGRAM FILES\WINDOWS ILIVID TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2011/10/03 00:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/09 13:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- D:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/03/16 09:38:07 | 000,002,310 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/04/15 07:40:18 | 000,002,047 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/07/03 18:18:05 | 000,002,501 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - D:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - D:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - D:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - D:\Program Files\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - D:\Program Files\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - D:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - D:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - D:\Program Files\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - D:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - D:\Program Files\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - D:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\_Gast__ON_D\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\_Gast__ON_D\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKU\_Gast__ON_D\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\_Gast__ON_D\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - D:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] D:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager]  File not found
O4 - HKLM..\Run: [AgentMonitor] D:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [DATAMNGR] D:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [HP] D:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP BTW Detect Program] D:\Program Files\HP\HPBTWD.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SearchSettings] D:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SwitchBoard] D:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SysTrayApp] D:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] D:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] D:\Program Files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\_Gast__ON_D..\Run: [VX5LWxsct4OYCCz] D:\Users\_Gast_\AppData\Roaming\itunes_service86.exe ()
O4 - HKU\Taci_ON_D..\Run: []  File not found
O4 - HKU\Taci_ON_D..\Run: [d31ybB8YFv9cUxg] D:\Users\Taci\AppData\Roaming\itunes_service01.exe ()
O4 - HKU\Taci_ON_D..\Run: [NokiaSuite.exe] D:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\Taci_ON_D..\Run: [Spiele Post]  File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: D:\Users\_Gast_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconPackager.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\_Gast__ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\_Gast__ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\_Gast__ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\_Gast__ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Taci_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Taci_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\Taci_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Taci_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - D:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~1\wi3c8a~1\datamngr\datamngr.dll) - D:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\wi3c8a~1\datamngr\iebho.dll) - D:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - D:\Program Files\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\_Gast__ON_D Winlogon: Shell - (C:\Users\_Gast_\AppData\Roaming\itunes_service86.exe) - D:\Users\_Gast_\AppData\Roaming\itunes_service86.exe ()
O20 - HKU\_Gast__ON_D Winlogon: UserInit - (C:\Users\_Gast_\AppData\Roaming\itunes_service86.exe) - D:\Users\_Gast_\AppData\Roaming\itunes_service86.exe ()
O20 - HKU\Taci_ON_D Winlogon: Shell - (C:\Users\Taci\AppData\Roaming\itunes_service01.exe) - D:\Users\Taci\AppData\Roaming\itunes_service01.exe ()
O20 - HKU\Taci_ON_D Winlogon: UserInit - (C:\Users\Taci\AppData\Roaming\itunes_service01.exe) - D:\Users\Taci\AppData\Roaming\itunes_service01.exe ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 13:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/08 18:34:51 | 000,000,000 | ---D | C] -- D:\Users\_Gast_\AppData\Local\{80D888DF-8AF5-4D1D-A1D1-893B2C626297}
[2012/05/08 18:34:26 | 000,000,000 | ---D | C] -- D:\Users\_Gast_\AppData\Local\{3A3DCFC7-95B7-4B03-9EAC-58AB588EF7DA}
[2012/05/08 06:33:42 | 000,000,000 | ---D | C] -- D:\Users\_Gast_\AppData\Local\{D4BE20EA-56D4-460B-9E34-8F93071C2289}
[2012/05/08 06:33:06 | 000,000,000 | ---D | C] -- D:\Users\_Gast_\AppData\Local\{3170B8BF-5950-49EA-B8F6-A58419A28DC9}
[2012/05/07 18:32:16 | 000,000,000 | ---D | C] -- D:\Users\_Gast_\AppData\Local\{D53ABADB-DDC5-4A4F-BB76-4F626979A8B6}
[2012/05/07 18:32:04 | 000,000,000 | ---D | C] -- D:\Users\_Gast_\AppData\Local\{CF4666B9-29BB-40BD-9691-F8EFB4D54DB5}
[2012/05/07 18:32:04 | 000,000,000 | ---D | C] -- D:\Users\_Gast_\AppData\Local\{9C0D746E-E720-4B5A-9EB3-00AC8B947C59}
[2012/05/07 16:09:11 | 000,000,000 | ---D | C] -- D:\Users\_Gast_\AppData\Local\{659F1338-D47F-43FF-99A1-EFFC8FDCFF35}
[2012/05/07 04:08:26 | 000,000,000 | ---D | C] -- D:\Users\_Gast_\AppData\Local\{B751A1CA-02FC-48EC-B91F-3013B3015ABA}
[2012/05/07 04:08:02 | 000,000,000 | ---D | C] -- D:\Users\_Gast_\AppData\Local\{C2025C0A-0EE9-4298-B4DA-566543621FA9}
[2012/05/06 16:07:17 | 000,000,000 | ---D | C] -- D:\Users\_Gast_\AppData\Local\{7BE29CB9-05BA-48E6-BE75-28346937EBF0}
[2012/05/06 16:07:04 | 000,000,000 | ---D | C] -- D:\Users\_Gast_\AppData\Local\{55228EF3-CEE8-4BD0-8279-AC1A29829F81}
[2012/05/06 16:07:04 | 000,000,000 | ---D | C] -- D:\Users\_Gast_\AppData\Local\{432623EC-1761-4A62-AA05-89421FBFD982}
[2012/05/05 15:52:45 | 000,000,000 | ---D | C] -- D:\Users\_Gast_\AppData\Local\Apple
[2012/05/05 06:10:55 | 000,000,000 | ---D | C] -- D:\Users\_Gast_\Desktop\eeepcfr
[2012/05/04 03:56:01 | 000,000,000 | ---D | C] -- D:\Users\_Gast_\Desktop\OTPLE
[2012/05/04 03:46:13 | 000,000,000 | ---D | C] -- D:\Program Files\7-Zip
[2012/05/04 03:23:42 | 000,000,000 | ---D | C] -- D:\Users\_Gast_\AppData\Local\{E07B0231-B3C3-4F0B-B677-7D5281ECAE97}
[2012/05/03 15:22:22 | 000,000,000 | ---D | C] -- D:\Users\_Gast_\AppData\Local\{F8A070EF-16E0-44A2-BB2C-42A6841E1BDB}
[2012/05/03 06:46:18 | 000,000,000 | ---D | C] -- D:\Users\_Gast_\AppData\Roaming\Winamp
[2012/05/03 02:10:02 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Roaming\Malwarebytes
[2012/05/03 02:09:35 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/03 02:09:33 | 000,000,000 | ---D | C] -- D:\ProgramData\Malwarebytes
[2012/05/03 02:09:31 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- D:\Windows\System32\drivers\mbam.sys
[2012/05/03 02:09:31 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2012/05/03 01:45:40 | 000,000,000 | ---D | C] -- D:\Users\_Gast_\AppData\Local\Apple Computer
[2012/05/03 01:45:39 | 000,000,000 | ---D | C] -- D:\Users\_Gast_\AppData\Roaming\Apple Computer
[2012/05/03 01:45:12 | 000,000,000 | ---D | C] -- D:\Users\_Gast_\AppData\Local\Windows Live
[2012/05/03 01:45:12 | 000,000,000 | ---D | C] -- D:\Users\_Gast_\AppData\Local\{DBB82DD8-ACB4-4770-8D8C-3AAFF2D66482}
[2012/05/03 01:44:53 | 000,000,000 | ---D | C] -- D:\Users\_Gast_\AppData\Local\{A9869BCE-76B4-45FD-837F-5A5CA96A793E}
[2012/05/03 01:43:18 | 000,000,000 | ---D | C] -- D:\Users\_Gast_\AppData\Roaming\Real
[2012/05/02 16:06:59 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{F44147E9-BC4F-4640-A11E-7BB79193BF3F}
[2012/05/02 03:20:48 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{B82BF6FF-7BDE-43DC-9C67-E9477E0E71F5}
[2012/05/02 03:20:18 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{DBCA2C28-26D3-4E3A-B23A-54BE5C42030C}
[2012/05/01 14:41:52 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{69541CA0-76A3-4D3E-97C0-C3A4E89899DA}
[2012/05/01 14:41:27 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{85E55963-6D14-443A-BE6C-FBFFA7D1B547}
[2012/05/01 02:40:36 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{1CD1B9EC-77B6-4383-8B0E-2B46B68F3C73}
[2012/05/01 02:40:05 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{BBD669FC-3C14-421E-8190-AD20D42476C9}
[2012/04/30 14:38:53 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{75E9B17E-819F-41D8-AA5F-8B10F297C2F8}
[2012/04/30 02:08:47 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{96CF8CE1-46E8-4B2D-9ECD-4A83099C21D7}
[2012/04/30 02:08:22 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{A0BFD6CD-977A-48D2-BA2E-CD4DDE1438A5}
[2012/04/29 10:32:47 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{65EC59ED-5819-4B04-8246-2876FABD3F67}
[2012/04/29 10:32:22 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{F533AF34-122D-412B-856C-78435726A864}
[2012/04/28 18:31:49 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{CD50E46B-7926-4CD7-A72E-5978687CFBDE}
[2012/04/28 05:21:34 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{042F11C8-0A57-4FED-B763-0D4F1B68518F}
[2012/04/28 05:21:04 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{762D9C73-E229-4B98-8BAB-46CD759CA1AF}
[2012/04/28 03:47:53 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{675E63BD-5132-4505-BF3E-50E87855FC4B}
[2012/04/28 03:47:29 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{D5588ED5-C031-4A79-AED0-854844FE218D}
[2012/04/28 02:47:11 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
[2012/04/27 15:46:39 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{696EF33C-5443-4233-BA94-84941E45A28F}
[2012/04/27 06:20:11 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\Apple Computer
[2012/04/27 06:20:10 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Roaming\Apple Computer
[2012/04/27 06:11:53 | 000,000,000 | ---D | C] -- D:\Program Files\Safari
[2012/04/27 06:11:53 | 000,000,000 | ---D | C] -- D:\ProgramData\Apple Computer
[2012/04/27 06:10:32 | 000,000,000 | ---D | C] -- D:\Program Files\Bonjour
[2012/04/27 06:10:22 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\Apple
[2012/04/27 06:10:11 | 000,000,000 | ---D | C] -- D:\Program Files\Apple Software Update
[2012/04/27 06:10:10 | 000,000,000 | ---D | C] -- D:\ProgramData\Apple
[2012/04/27 03:45:34 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{33D0AC70-CA20-47AC-8D13-079390D591ED}
[2012/04/27 03:45:07 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{7151CF51-DD2E-4740-8BD8-79D459C6F09C}
[2012/04/26 09:19:10 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{9DE1F454-7B0A-48FE-A889-26AE6DCA1B71}
[2012/04/26 09:18:56 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{F8630A1D-214C-48FE-BA1F-FFD7EB551427}
[2012/04/25 15:58:04 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{EBFDA872-9295-4D0D-8AF8-823376F98314}
[2012/04/25 03:56:59 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{820FE9F7-9D3E-4F38-A05E-C9055B0B454B}
[2012/04/25 03:56:43 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{CF460BAF-0A07-4CD8-96CB-5F110A66BDC9}
[2012/04/24 15:32:53 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{3FE5D8B3-35CE-40DE-8146-53A6B3399CE1}
[2012/04/24 15:32:28 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{7C584509-0592-4749-84CD-49AD3226E084}
[2012/04/24 03:31:31 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{6434B399-BDA9-4678-A69B-2ACC4DE88FA5}
[2012/04/24 03:31:13 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{FFA55F83-C15D-4C11-8BCF-FBB068AFBB74}
[2012/04/23 09:29:43 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{56B347A7-1CB2-44BC-B08A-8D6638C8E098}
[2012/04/23 09:29:28 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{028B136D-5F5A-4EC8-98C9-91F80DF14FF5}
[2012/04/22 19:23:56 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{C4D14F75-A4F8-4328-B439-9BE55F326665}
[2012/04/22 07:23:11 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{5D575364-33F5-4F49-B289-EFD040056966}
[2012/04/22 07:22:59 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{CBC1C087-E553-41A9-AB8A-149CCE13F3FD}
[2012/04/21 18:26:07 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{B0FA5628-32CD-4585-AE3B-8A17B00EDAB1}
[2012/04/21 18:25:43 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{2ECEEE1A-AC28-41BD-9CF5-9D3B6E058C74}
[2012/04/21 06:24:54 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{3CC5DC79-96B2-4BA9-85F9-CA18C26602D3}
[2012/04/21 06:24:25 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{758043DF-CFD7-412F-AC4F-1284C8CF0682}
[2012/04/20 18:23:19 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{EAE4D240-3452-483C-910B-12508146A164}
[2012/04/20 06:22:31 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{D2123FDD-18E7-4796-8609-7FC7A34E0711}
[2012/04/19 17:57:55 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{B5E8188D-0D0F-4A99-940E-F065DE2890AB}
[2012/04/19 17:57:27 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{D0DF3A2C-C192-4C2E-A086-8E5E6BDE1113}
[2012/04/19 05:56:14 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{A6FB699B-2FE1-4301-BD5E-85D7911D94C0}
[2012/04/19 05:55:31 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{E98F2CB3-DFA5-4212-A9EC-988ADE0A85F2}
[2012/04/18 11:37:30 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{B01409B5-EA59-43BB-93F8-C552ABD85A02}
[2012/04/18 11:37:14 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{3CC8C586-CD6A-41A4-ACDA-948E871B9965}
[2012/04/17 17:37:40 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{49753A16-8693-46D7-A169-C744A8FE4F63}
[2012/04/17 17:37:23 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\{1B775F74-5EEC-401D-8202-A0ACC9FB866A}
[2012/04/17 17:18:47 | 000,000,000 | ---D | C] -- D:\Windows\de
[2012/04/17 17:16:47 | 000,000,000 | R--D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/04/17 17:13:59 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft SQL Server Compact Edition
[2012/04/17 17:03:56 | 000,069,464 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAPOFX1_3.dll
[2012/04/17 17:03:55 | 000,515,416 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAudio2_5.dll
[2012/04/17 17:03:54 | 000,453,456 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx10_42.dll
[2012/04/17 17:01:59 | 003,426,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx9_32.dll
[2012/04/17 16:59:05 | 002,983,424 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\UIRibbon.dll
[2012/04/17 16:59:04 | 001,164,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\UIRibbonRes.dll
[2012/04/17 16:09:22 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\Windows Live
[2012/04/13 17:50:37 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Spigot
[2012/04/13 17:50:37 | 000,000,000 | ---D | C] -- D:\Program Files\pdfforge Toolbar
[2012/04/13 17:50:37 | 000,000,000 | ---D | C] -- D:\Program Files\Application Updater
[2012/04/12 16:31:08 | 000,000,000 | ---D | C] -- D:\ProgramData\Graboid Inc
[2012/04/12 16:30:57 | 000,000,000 | ---D | C] -- D:\Users\Taci\AppData\Local\Geckofx
[2012/04/12 16:29:16 | 000,000,000 | ---D | C] -- D:\Program Files\Graboid
[2012/04/11 18:37:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtml.tlb
[2012/04/11 18:37:42 | 000,716,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2012/04/11 18:37:41 | 001,799,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2012/04/11 18:37:39 | 000,065,024 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jsproxy.dll
[2012/04/11 18:37:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2012/04/11 18:37:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2012/04/11 18:37:34 | 001,427,456 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2012/04/11 18:00:00 | 003,958,128 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntkrnlpa.exe
[2012/04/11 17:59:57 | 003,902,320 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntoskrnl.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/09 04:13:10 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/05/09 04:12:39 | 000,299,520 | ---- | M] () -- D:\Users\_Gast_\AppData\Roaming\itunes_service86.exe
[2012/05/09 03:59:05 | 000,001,094 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/08 17:54:59 | 000,014,128 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 17:54:59 | 000,014,128 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 15:29:41 | 000,000,177 | -H-- | M] () -- D:\dvmexp.idx
[2012/05/08 15:19:37 | 000,001,090 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/08 15:18:56 | 798,466,048 | -HS- | M] () -- D:\hiberfil.sys
[2012/05/03 15:24:31 | 000,002,286 | ---- | M] () -- D:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/03 02:09:36 | 000,001,027 | ---- | M] () -- D:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/03 02:09:36 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/03 01:45:31 | 000,002,503 | ---- | M] () -- D:\Users\_Gast_\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/05/03 01:45:31 | 000,002,479 | ---- | M] () -- D:\Users\Public\Desktop\Safari.lnk
[2012/05/03 01:45:30 | 000,002,491 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/05/03 01:43:11 | 000,001,363 | ---- | M] () -- D:\Users\_Gast_\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/03 01:32:25 | 000,003,416 | ---- | M] () -- D:\bootsqm.dat
[2012/05/03 01:16:12 | 000,320,000 | ---- | M] () -- D:\Users\Taci\AppData\Roaming\itunes_service01.exe
[2012/04/27 12:04:58 | 000,013,540 | ---- | M] () -- D:\Users\Taci\Desktop\safari - Verknüpfung.lnk
[2012/04/27 11:30:00 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\iWin.com
[2012/04/27 10:50:19 | 000,002,491 | ---- | M] () -- D:\Users\Taci\Desktop\Safari (2).lnk
[2012/04/27 06:12:54 | 000,002,503 | ---- | M] () -- D:\Users\Taci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/04/27 06:12:54 | 000,002,491 | ---- | M] () -- D:\Users\Taci\Desktop\Safari.lnk
[2012/04/27 06:10:15 | 000,002,519 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/04/26 18:55:58 | 000,654,166 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012/04/26 18:55:58 | 000,616,008 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/04/26 18:55:58 | 000,130,006 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012/04/26 18:55:58 | 000,106,388 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/04/17 17:17:11 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/04/17 17:16:38 | 000,001,211 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/04/17 17:15:39 | 000,001,280 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/04/17 17:12:25 | 000,001,364 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/04/17 17:11:21 | 000,002,078 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/04/15 17:16:59 | 000,002,203 | ---- | M] () -- D:\Users\Public\Desktop\Babylon.lnk
[2012/04/12 10:57:25 | 000,022,303 | ---- | M] () -- D:\Users\Taci\Documents\serije anketa.rtf
[2012/04/11 09:45:12 | 000,000,937 | ---- | M] () -- D:\Users\Taci\Documents\PROVIDENCA TEKST.rtf
 
========== Files Created - No Company Name ==========
 
[2012/05/09 04:12:47 | 000,299,520 | ---- | C] () -- D:\Users\_Gast_\AppData\Roaming\itunes_service86.exe
[2012/05/03 02:09:36 | 000,001,027 | ---- | C] () -- D:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/03 01:45:31 | 000,002,503 | ---- | C] () -- D:\Users\_Gast_\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/05/03 01:45:30 | 000,002,491 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/05/03 01:32:25 | 000,003,416 | ---- | C] () -- D:\bootsqm.dat
[2012/05/03 01:16:27 | 000,320,000 | ---- | C] () -- D:\Users\Taci\AppData\Roaming\itunes_service01.exe
[2012/04/27 12:04:58 | 000,013,540 | ---- | C] () -- D:\Users\Taci\Desktop\safari - Verknüpfung.lnk
[2012/04/27 10:50:19 | 000,002,491 | ---- | C] () -- D:\Users\Taci\Desktop\Safari (2).lnk
[2012/04/27 06:12:54 | 000,002,503 | ---- | C] () -- D:\Users\Taci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/04/27 06:12:54 | 000,002,491 | ---- | C] () -- D:\Users\Taci\Desktop\Safari.lnk
[2012/04/27 06:12:54 | 000,002,479 | ---- | C] () -- D:\Users\Public\Desktop\Safari.lnk
[2012/04/27 06:10:15 | 000,002,519 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/04/17 17:16:13 | 000,001,211 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/04/17 17:14:33 | 000,001,280 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/04/17 17:11:53 | 000,001,364 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/04/17 17:10:42 | 000,002,078 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/04/15 17:16:59 | 000,002,203 | ---- | C] () -- D:\Users\Public\Desktop\Babylon.lnk
[2012/04/11 09:45:11 | 000,000,937 | ---- | C] () -- D:\Users\Taci\Documents\PROVIDENCA TEKST.rtf
[2012/02/29 07:31:18 | 000,116,224 | ---- | C] () -- D:\Windows\System32\pdfcmnnt.dll
[2012/02/15 06:33:12 | 000,017,408 | ---- | C] () -- D:\Users\Taci\AppData\Local\WebpageIcons.db
[2012/02/14 16:09:01 | 000,050,614 | ---- | C] () -- D:\Users\Taci\AppData\Roaming\Taci3SQLite3.dll
[2012/01/17 11:47:12 | 000,000,579 | ---- | C] () -- D:\Users\Taci\AppData\Local\cookies.ini
[2012/01/12 04:46:12 | 000,000,127 | ---- | C] () -- D:\Windows\System32\MRT.INI
[2011/07/03 18:18:59 | 001,524,112 | ---- | C] () -- D:\Windows\System32\bandoolmx.dll
[2011/04/15 08:26:38 | 000,000,032 | ---- | C] () -- D:\Windows\System32\EUOD.DAT
[2011/03/26 04:30:16 | 000,001,849 | ---- | C] () -- D:\Users\Taci\AppData\Roaming\GhostObjGAFix.xml
[2011/01/19 17:22:11 | 000,057,904 | ---- | C] () -- D:\Windows\System32\wbload.dll
[2010/01/17 18:05:13 | 000,000,048 | -H-- | C] () -- D:\ProgramData\ezsidmv.dat
[2009/09/08 15:49:45 | 000,654,166 | ---- | C] () -- D:\Windows\System32\perfh007.dat
[2009/09/08 15:49:45 | 000,295,922 | ---- | C] () -- D:\Windows\System32\perfi007.dat
[2009/09/08 15:49:45 | 000,130,006 | ---- | C] () -- D:\Windows\System32\perfc007.dat
[2009/09/08 15:49:45 | 000,038,104 | ---- | C] () -- D:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 003,625,288 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,008 | ---- | C] () -- D:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,388 | ---- | C] () -- D:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat
[2009/05/22 08:23:02 | 000,362,029 | ---- | C] () -- D:\Windows\System32\sqlite3.dll
[2006/02/24 00:58:52 | 000,105,807 | -H-- | C] () -- D:\Users\Taci\AppData\Roaming\Tacilog.dat
 
========== LOP Check ==========
 
[2010/01/14 19:53:08 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2011/12/03 17:32:55 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon
[2011/08/18 04:16:19 | 000,000,000 | ---D | M] -- D:\ProgramData\Bandoo
[2011/07/05 04:09:08 | 000,000,000 | ---D | M] -- D:\ProgramData\boost_interprocess
[2012/04/27 11:32:29 | 000,000,000 | ---D | M] -- D:\ProgramData\DatacardService
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2012/02/15 07:29:18 | 000,000,000 | ---D | M] -- D:\ProgramData\dMcGg01825
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2010/01/14 19:53:08 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2011/07/05 04:10:24 | 000,000,000 | ---D | M] -- D:\ProgramData\Easybits GO
[2010/01/14 19:53:08 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2012/04/12 16:31:08 | 000,000,000 | ---D | M] -- D:\ProgramData\Graboid Inc
[2012/03/10 19:17:22 | 000,000,000 | ---D | M] -- D:\ProgramData\Intenium
[2012/03/10 19:10:28 | 000,000,000 | ---D | M] -- D:\ProgramData\iWin Games
[2012/03/04 10:49:37 | 000,000,000 | ---D | M] -- D:\ProgramData\Nokia
[2012/03/13 01:58:01 | 000,000,000 | ---D | M] -- D:\ProgramData\NokiaInstallerCache
[2012/03/04 10:53:03 | 000,000,000 | ---D | M] -- D:\ProgramData\PC Suite
[2010/01/30 18:13:50 | 000,000,000 | ---D | M] -- D:\ProgramData\Recovery
[2011/12/03 18:44:27 | 000,000,000 | ---D | M] -- D:\ProgramData\regid.1986-12.com.adobe
[2009/09/27 22:39:21 | 000,000,000 | ---D | M] -- D:\ProgramData\Stardock
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2010/01/14 19:53:08 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2011/12/03 17:08:23 | 000,000,000 | ---D | M] -- D:\ProgramData\Tarma Installer
[2012/03/10 19:12:38 | 000,000,000 | ---D | M] -- D:\ProgramData\Temp
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/12/14 18:18:50 | 000,000,000 | ---D | M] -- D:\ProgramData\tmp
[2010/01/14 19:53:08 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2012/01/17 12:45:40 | 000,000,000 | ---D | M] -- D:\ProgramData\VTech
[2012/02/16 17:58:09 | 000,000,000 | ---D | M] -- D:\ProgramData\Web Installer
[2010/10/01 15:11:09 | 000,000,000 | ---D | M] -- D:\ProgramData\WildTangent
[2012/04/27 11:23:54 | 000,000,000 | ---D | M] -- D:\ProgramData\WinZip
[2010/12/24 17:10:46 | 000,000,000 | ---D | M] -- D:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC}
[2011/01/19 17:21:50 | 000,000,000 | -H-D | M] -- D:\ProgramData\{507FE354-739F-4BBE-9F9F-4DA4538EDEA3}
[2010/04/06 16:29:54 | 000,000,000 | ---D | M] -- D:\ProgramData\{657095DF-DBDB-4B17-8245-B38845C97069}
[2012/01/29 14:11:07 | 000,000,000 | ---D | M] -- D:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2010/02/13 18:52:09 | 000,000,000 | ---D | M] -- D:\ProgramData\{B0689242-B0A0-4F2C-83E0-F3E560357B90}
[2011/01/19 17:22:05 | 000,000,000 | ---D | M] -- D:\ProgramData\{CFA6F4AE-B6D4-4F71-BBA4-ACFE805E7214}
[2011/11/05 11:46:26 | 000,000,000 | ---D | M] -- D:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
[2010/04/23 17:04:57 | 000,000,000 | ---D | M] -- D:\ProgramData\{DA06AA03-DF24-4ECE-939E-1B0939235C66}
[2012/03/27 01:50:57 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> D:\ProgramData\Temp:7631EA83
@Alternate Data Stream - 105 bytes -> D:\ProgramData\Temp:E50C1642
< End of report >
--- --- ---



ist das nun richtig so ???

ach ja heut hat der trojaner übrigens auch mein zweites benutzerkonto blockiert :(

markusg 11.05.2012 10:50
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
:OTL
O4 - HKU\Taci_ON_D..\Run: [d31ybB8YFv9cUxg] D:\Users\Taci\AppData\Roaming\itunes_service01.exe ()
O4 - HKU\_Gast__ON_D..\Run: [VX5LWxsct4OYCCz] D:\Users\_Gast_\AppData\Roaming\itunes_service86.exe ()
O20 - HKU\_Gast__ON_D Winlogon: Shell - (C:\Users\_Gast_\AppData\Roaming\itunes_service86.exe) - D:\Users\_Gast_\AppData\Roaming\itunes_service86.exe ()
O20 - HKU\_Gast__ON_D Winlogon: UserInit - (C:\Users\_Gast_\AppData\Roaming\itunes_service86.exe) - D:\Users\_Gast_\AppData\Roaming\itunes_service86.exe
()
O20 - HKU\Taci_ON_D Winlogon: Shell - (C:\Users\Taci\AppData\Roaming\itunes_service01.exe) - D:\Users\Taci\AppData\Roaming\itunes_service01.exe ()
O20 - HKU\Taci_ON_D Winlogon: UserInit - (C:\Users\Taci\AppData\Roaming\itunes_service01.exe) - D:\Users\Taci\AppData\Roaming\itunes_service01.exe ()
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

TAci01 11.05.2012 14:30
irgendwie lässt sich das nicht auf den usb kriegen ???-GESCHAFFT


nun mach ich das oder wie ?
Zitat:
Nun boote von mit der OTLPE USB Stick.
Hinweis: Wie boote ich von CD (einfach statt ner CD USB Device
auswählen)
Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Wenn Du gefragt
wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s)
for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.

OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt
und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste
den Inhalt von C:\OTL.Txt und Extras.Txt.
sorry für die dämlichen fragen ,aber wie gesagt ich bin auf dem gebiet ne absolute null ...

markusg 11.05.2012 14:33
was heißt irgendwie, was soll ich mit so ner beschreibung anfangen.
sag was du machst, und was nicht klappt

TAci01 11.05.2012 14:38
Zitat:
Zitat von markusg (Beitrag 827369)
was heißt irgendwie, was soll ich mit so ner beschreibung anfangen.
sag was du machst, und was nicht klappt
hab schon editiert sorry.

markusg 11.05.2012 14:40
naja, die otl cd wie vorhin starten fix laden und run fix klicken

TAci01 11.05.2012 14:50
Zitat:
Zitat von markusg (Beitrag 827373)
naja, die otl cd wie vorhin starten fix laden und run fix klicken
steh etwas auf dem schlauch :confused: wie lade ich die fix datei ?
-SCHON PASSIERT (gott ich sollte manchmal echt mehr rumprobieren bevor ich jedesmal so dämliche fragen poste *schäm*)

hat lange geladen , nun ist da feld wieder leer , und darunter steht processing complete!?

habs nun nochmal gemacht , da fragt er nun sogar do you want to reboot now , startet aber NICHT neu !?

markusg 11.05.2012 15:25
dann neustart manuell ausführen, evtl. auch über reset, dann cd raus und gucken wie weit er kommt.

TAci01 11.05.2012 15:29
gemacht getan -öffnet ohne dem AKM dings , hintergrund komplett schwarz mit zwei kleinen windows blauen feldern !?
taskleiste da öffnet unten alles wie gewonnt wireless asistent , skype etc...
aufs start meü hab ich scheinbar auch zugriff ...
was nun ???

Überall wo sich ein Fenster öffnet und sich wieder schließt wird der Hintergrund an der stelle blau ,
wie er sein sollte !?

nachdem ich safari kurz geöffnet hab -google, ist der hintergrund wieder wie gehabt da , allerdings sind alle verknüpfungen nicht immernoch weg !?

kann ich ihn nun einfach wieder nutzen ,
oder muss ich noch was tun???

Vielen dank schon mal für die Hilfe !!!:applaus:

markusg 11.05.2012 16:17
immer mit der ruhe.
combofix ausführen, neustarten dann kannst du wieder die symbole einblenden, log posten
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

TAci01 11.05.2012 16:29
Systemwiederherstellungspunkt ???
Ein Datum vor der Infizierung oder wie ?

EDIT: Autoscan hat sich gestartet !

richtig ???

Combofix Logfile:
Code:
ComboFix 12-05-11.02 - Taci 11.05.2012  20:33:53.1.2 - x86
Microsoft Windows 7 Starter  6.1.7600.0.1252.43.1031.18.1015.199 [GMT 2:00]
ausgeführt von:: c:\users\Taci\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\HP\HPBTWD.exe
c:\users\Taci\AppData\Local\sysbrowseclient
c:\users\Taci\AppData\Roaming\MSA
c:\users\Taci\AppData\Roaming\MSA\userid.dat
c:\users\Taci\AppData\Roaming\MSA\w2_0.exe
c:\users\Taci\AppData\Roaming\Taci3SQLite3.dll
c:\users\Taci\AppData\Roaming\Tacilog.dat
c:\windows\FacebookUpadate
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-04-11 bis 2012-05-11  ))))))))))))))))))))))))))))))
.
.
2012-05-11 22:01 . 2011-07-13 08:55        2237440        ----a-w-        C:\OTLPE.exe
2012-05-11 21:54 . 2012-05-11 21:54        --------        d-----w-        C:\_OTL
2012-05-11 19:03 . 2012-05-11 19:03        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-05-11 19:03 . 2012-05-11 19:03        --------        d-----w-        c:\users\_Gast_\AppData\Local\temp
2012-05-11 18:32 . 2012-05-11 18:32        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{CAB49477-15B7-4934-A0D5-2773BEF05FDA}\offreg.dll
2012-05-11 17:35 . 2012-04-13 07:36        6734704        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{CAB49477-15B7-4934-A0D5-2773BEF05FDA}\mpengine.dll
2012-05-11 17:31 . 2012-05-11 17:31        --------        d-----w-        c:\program files\Application Updater
2012-05-11 17:31 . 2012-05-11 17:31        --------        d-----w-        c:\program files\pdfforge Toolbar
2012-05-11 17:31 . 2012-05-11 17:31        --------        d-----w-        c:\program files\Common Files\Spigot
2012-05-05 19:52 . 2012-05-05 19:52        --------        d-----w-        c:\users\_Gast_\AppData\Local\Apple
2012-05-04 07:46 . 2012-05-08 06:43        --------        d-----w-        c:\program files\7-Zip
2012-05-03 10:46 . 2012-05-08 06:43        --------        d-----w-        c:\users\_Gast_\AppData\Roaming\Winamp
2012-05-03 06:10 . 2012-05-03 06:10        --------        d-----w-        c:\users\Taci\AppData\Roaming\Malwarebytes
2012-05-03 06:09 . 2012-05-03 06:09        --------        d-----w-        c:\programdata\Malwarebytes
2012-05-03 06:09 . 2012-05-03 06:09        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-05-03 06:09 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-05-03 05:45 . 2012-05-04 22:52        --------        d-----w-        c:\users\_Gast_\AppData\Local\Apple Computer
2012-05-03 05:45 . 2012-05-04 16:41        --------        d-----w-        c:\users\_Gast_\AppData\Roaming\Apple Computer
2012-05-03 05:45 . 2012-05-08 22:34        --------        d-----w-        c:\users\_Gast_\AppData\Local\Windows Live
2012-04-27 10:20 . 2012-04-27 19:24        --------        d-----w-        c:\users\Taci\AppData\Local\Apple Computer
2012-04-27 10:20 . 2012-04-28 17:32        --------        d-----w-        c:\users\Taci\AppData\Roaming\Apple Computer
2012-04-27 10:11 . 2012-04-27 10:12        --------        d-----w-        c:\program files\Safari
2012-04-27 10:11 . 2012-04-27 10:11        --------        d-----w-        c:\programdata\Apple Computer
2012-04-27 10:10 . 2012-04-27 10:10        --------        d-----w-        c:\program files\Bonjour
2012-04-27 10:10 . 2012-04-27 10:10        --------        d-----w-        c:\users\Taci\AppData\Local\Apple
2012-04-27 10:10 . 2012-04-27 10:10        --------        d-----w-        c:\program files\Apple Software Update
2012-04-27 10:10 . 2012-04-27 10:10        --------        d-----w-        c:\programdata\Apple
2012-04-17 21:18 . 2012-04-17 21:18        --------        d-----w-        c:\windows\de
2012-04-17 21:17 . 2012-03-08 16:32        39272        ----a-w-        c:\windows\system32\drivers\fssfltr.sys
2012-04-17 21:13 . 2012-04-17 21:13        --------        d-----w-        c:\program files\Microsoft SQL Server Compact Edition
2012-04-17 21:03 . 2009-09-04 15:44        69464        ----a-w-        c:\windows\system32\XAPOFX1_3.dll
2012-04-17 21:03 . 2009-09-04 15:44        515416        ----a-w-        c:\windows\system32\XAudio2_5.dll
2012-04-17 21:03 . 2009-09-04 15:29        453456        ----a-w-        c:\windows\system32\d3dx10_42.dll
2012-04-17 21:01 . 2006-11-29 11:06        3426072        ----a-w-        c:\windows\system32\d3dx9_32.dll
2012-04-17 20:59 . 2010-08-11 04:44        2983424        ----a-w-        c:\windows\system32\UIRibbon.dll
2012-04-17 20:59 . 2010-08-11 04:35        1164800        ----a-w-        c:\windows\system32\UIRibbonRes.dll
2012-04-17 20:21 . 2012-04-17 20:21        7450888        ----a-w-        c:\program files\Common Files\Windows Live\.cache\99c5e4c61cd1cd745\bingbarsetup.exe
2012-04-17 20:18 . 2012-04-17 20:18        15712        ----a-w-        c:\program files\Common Files\Windows Live\.cache\429150441cd1cd737\MeshBetaRemover.exe
2012-04-17 20:16 . 2012-04-17 20:16        537432        ----a-w-        c:\program files\Common Files\Windows Live\.cache\e692025b1cd1cd629\DXSETUP.exe
2012-04-17 20:16 . 2012-04-17 20:16        1801048        ----a-w-        c:\program files\Common Files\Windows Live\.cache\e692025b1cd1cd629\dsetup32.dll
2012-04-17 20:15 . 2012-04-17 20:15        89944        ----a-w-        c:\program files\Common Files\Windows Live\.cache\e692025b1cd1cd629\DSETUP.dll
2012-04-17 20:15 . 2012-04-17 20:15        525656        ----a-w-        c:\program files\Common Files\Windows Live\.cache\df19ab1b1cd1cd628\DXSETUP.exe
2012-04-17 20:15 . 2012-04-17 20:15        1691480        ----a-w-        c:\program files\Common Files\Windows Live\.cache\df19ab1b1cd1cd628\dsetup32.dll
2012-04-17 20:15 . 2012-04-17 20:15        94040        ----a-w-        c:\program files\Common Files\Windows Live\.cache\df19ab1b1cd1cd628\DSETUP.dll
2012-04-17 20:09 . 2012-05-11 17:27        --------        d-----w-        c:\users\Taci\AppData\Local\Windows Live
2012-04-12 20:31 . 2012-04-12 20:31        --------        d-----w-        c:\programdata\Graboid Inc
2012-04-12 20:30 . 2012-04-12 20:30        --------        d-----w-        c:\users\Taci\AppData\Local\Geckofx
2012-04-12 20:29 . 2012-04-27 15:28        --------        d-----w-        c:\program files\Graboid
2012-04-11 22:00 . 2012-03-01 05:53        19312        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2012-04-11 22:00 . 2012-03-01 05:49        172544        ----a-w-        c:\windows\system32\wintrust.dll
2012-04-11 22:00 . 2012-03-01 05:40        5120        ----a-w-        c:\windows\system32\wmi.dll
2012-04-11 22:00 . 2012-03-01 05:45        158720        ----a-w-        c:\windows\system32\imagehlp.dll
2012-04-11 22:00 . 2012-03-06 05:59        3958128        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-04-11 21:59 . 2012-03-06 05:59        3902320        ----a-w-        c:\windows\system32\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-17 21:06 . 2011-03-28 16:36        19352        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-22 19:12 . 2012-03-22 19:12        4435968        ----a-w-        c:\windows\system32\GPhotos.scr
2012-03-08 16:50 . 2012-03-08 16:50        49016        ----a-w-        c:\windows\system32\sirenacm.dll
2012-03-08 16:37 . 2012-03-08 16:37        302448        ----a-w-        c:\windows\WLXPGSS.SCR
2012-03-08 00:59 . 2012-03-08 00:59        74752        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-03-08 00:59 . 2012-03-08 00:59        161792        ----a-w-        c:\windows\system32\msls31.dll
2012-03-08 00:59 . 2012-03-08 00:59        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll
2012-03-08 00:59 . 2012-03-08 00:59        86528        ----a-w-        c:\windows\system32\iesysprep.dll
2012-03-08 00:59 . 2012-03-08 00:59        76800        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-03-08 00:59 . 2012-03-08 00:59        63488        ----a-w-        c:\windows\system32\tdc.ocx
2012-03-08 00:59 . 2012-03-08 00:59        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2012-03-08 00:59 . 2012-03-08 00:59        367104        ----a-w-        c:\windows\system32\html.iec
2012-03-08 00:59 . 2012-03-08 00:59        74752        ----a-w-        c:\windows\system32\iesetup.dll
2012-03-08 00:59 . 2012-03-08 00:59        420864        ----a-w-        c:\windows\system32\vbscript.dll
2012-03-08 00:59 . 2012-03-08 00:59        35840        ----a-w-        c:\windows\system32\imgutil.dll
2012-03-08 00:59 . 2012-03-08 00:59        23552        ----a-w-        c:\windows\system32\licmgr10.dll
2012-03-08 00:59 . 2012-03-08 00:59        152064        ----a-w-        c:\windows\system32\wextract.exe
2012-03-08 00:59 . 2012-03-08 00:59        150528        ----a-w-        c:\windows\system32\iexpress.exe
2012-03-08 00:59 . 2012-03-08 00:59        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-03-08 00:59 . 2012-03-08 00:59        11776        ----a-w-        c:\windows\system32\mshta.exe
2012-03-08 00:59 . 2012-03-08 00:59        101888        ----a-w-        c:\windows\system32\admparse.dll
2012-02-23 08:18 . 2010-03-16 22:11        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-02-15 05:44 . 2012-03-14 10:59        826368        ----a-w-        c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-14 10:59        177152        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-14 10:59        24064        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-02-13 23:32 . 2009-03-19 18:38        499712        ----a-w-        c:\windows\system32\msvcp71.dll
2012-02-13 23:32 . 2009-03-19 18:38        348160        ----a-w-        c:\windows\system32\msvcr71.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2011-09-28 1937736]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-01-11 14:29        241872        ----a-w-        c:\program files\Softonic\softonic\1.5.11.5\bh\softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files\Softonic\softonic\1.5.11.5\softonicTlbr.dll" [2012-01-11 250064]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-09 39408]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-12 1533224]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-29 458844]
"UpdatePRCShortCut"="c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2011-12-13 357800]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-02-13 296056]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-04-23 983904]
.
c:\users\_Gast_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\
IconPackager.lnk - c:\program files\Stardock\MyColors\IconPackager.exe [2009-10-14 1389944]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\WI3C8A~1\Datamngr\datamngr.dll c:\progra~1\WI3C8A~1\Datamngr\IEBHO.dll c:\progra~1\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-21 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-21 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-04-28 50176]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-11-01 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-11-01 8576]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 167424]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-07-27 16984]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ee8b9ab8d1b9a68e\aestsrv.exe [2009-03-02 81920]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2012-04-23 785304]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-07-08 323584]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-21 21:31]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-21 21:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.videoteka.tv/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\Taci\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
URLSearchHooks-{1d8566bd-f06f-4029-a3be-ba80af5a09f3} - (no file)
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
Toolbar-10 - (no file)
HKCU-Run-Spiele Post - c:\program files\OXXOGames\GPlayer\GameCenterNotifier.exe
HKCU-Run-d31ybB8YFv9cUxg - c:\users\Taci\AppData\Roaming\itunes_service01.exe
HKLM-Run-HP BTW Detect Program - c:\program files\HP\HPBTWD.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-47685150-2999858180-2709919981-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-47685150-2999858180-2709919981-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-47685150-2999858180-2709919981-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-47685150-2999858180-2709919981-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-47685150-2999858180-2709919981-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-47685150-2999858180-2709919981-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-47685150-2999858180-2709919981-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-47685150-2999858180-2709919981-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-47685150-2999858180-2709919981-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-47685150-2999858180-2709919981-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-47685150-2999858180-2709919981-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-47685150-2999858180-2709919981-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-47685150-2999858180-2709919981-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-47685150-2999858180-2709919981-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-47685150-2999858180-2709919981-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-47685150-2999858180-2709919981-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-47685150-2999858180-2709919981-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-05-11  21:13:00
ComboFix-quarantined-files.txt  2012-05-11 19:12
.
Vor Suchlauf: 19 Verzeichnis(se), 38.348.836.864 Bytes frei
Nach Suchlauf: 33 Verzeichnis(se), 37.789.896.704 Bytes frei
.
- - End Of File - - 38974FBE7259E5A0E4D802C0366A581C[/QUOTE]
--- --- ---

Huhu

Könnte eventuell jemand die letzten schritte mit mir durchgehen !?
Ich weiß es ist etwas unhöflich zu drängeln ,
aber ich fahr morgen nachmittag für drei wochen weg ,
und würd gern mein notebook mitnehmen , insofern es dann schon 'sauber' ist .

Aufjedenfall möcht ich mich bei Markus und dem ganzen Team herzlich bedanken,
echt klasse was ihr macht ,
ne freundin meinte gestern noch den Trojaner werd ich auf die weise mit sicherheit nicht los :rolleyes:

markusg 12.05.2012 14:09
öffne malwarebytes, logdateien, poste alle berichte, bitte.

TAci01 12.05.2012 18:38
so hier , hab nochmal nen kompletten Scan gemacht ,
da ich den letzten abgebrochen hatte :pfeiff:

Zitat:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.11.04

Windows 7 x86 FAT32
Internet Explorer 9.0.8112.16421
Taci :: TACI-PC [Administrator]

Schutz: Aktiviert

12.05.2012 20:23:29
mbam-log-2012-05-12 (22-29-47).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 410324
Laufzeit: 1 Stunde(n), 57 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\_OTL\MovedFiles\05112012_175425\D_Users\Taci\AppData\Roaming\itunes_service01.exe (Trojan.Agent.H) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\05112012_175425\D_Users\_Gast_\AppData\Roaming\itunes_service86.exe (Trojan.Agent.H) -> Keine Aktion durchgeführt.
C:\Qoobox\Quarantine\C\Users\Taci\AppData\Roaming\MSA\w2_0.exe.vir (Trojan.Dropper) -> Keine Aktion durchgeführt.
C:\Users\Taci\Downloads\Download Ordner\SoftonicDownloader_fuer_free-youtube-to-mp3-converter.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\Taci\Downloads\Download Ordner\SoftonicDownloader_fuer_jewel-quest-heritage.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.

(Ende)
soweit ich hier sehe sind es zwei downloads von softonic ,
hab schon in nem anderen Thread gelesen das man dort NICHT downloaden sollte -
daher war ich auch sicher das solche infizierten dateien auch bei mir vorhanden snd :( .

Aber was sind die zwei oben ???
ein und die selbe seite hatten wir uns angesehen ,
von beiden benutzerkonto ,bevor sich der trojaner gemeldet hat :(
wird wohl das sein , oder !?


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:08 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131