Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan Hunt findet die Trojaner sinowal.727 und agent.28. Malwarebytes findet nichts?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.11.2011, 14:31   #1
HumrJay
 
Trojan Hunt findet die Trojaner sinowal.727 und agent.28. Malwarebytes findet nichts? - Standard

Trojan Hunt findet die Trojaner sinowal.727 und agent.28. Malwarebytes findet nichts?



Hallo Trojaner Board Team,
ich hatte, nachdem ich mir ein kostenloses Zip Programm laden wollte plötzlich ein nutzloses Programm namens Sweet IM auf dem Rechner. Ich fand das verdächtig, habe aber mit einem Anti Vir Scan nichts entdeckt.Ich war aber nicht beruhigt und habe nochmal mit TROJAN HUNT gescannt. Dabei wurden 2 Trojaner entdeckt:
[COLOR="Red"]sinowal.727[COLOR="Red"][COLOR="Black"] und [COLOR="Red"]agent.28489[COLOR="Black"].
Nachdem ich hier im Forum einiges gelesen habe, habe ich dann nochmal mit Malwarebyte gescannt und dabei zwar eine Schaddatei entdeckt, doch keinen der beiden Trojaner. Jetzt weiß ich nicht mehr wirklich weiter. Wäre echt froh wenn ihr mir helfen könntet.

Hier mein OTL log (es wurde keine EXTRA.txt Datei erstellt, auch nicht beim zweiten Durchlauf. Ich versuche das noch irgendwie in den Griff zu bekommen und sende sie dann nach)

Zitat:
OTL logfile created on: 15.11.2011 14:07:14 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\earl\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,91 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 68,83% Memory free
7,81 Gb Paging File | 6,48 Gb Available in Paging File | 82,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 422,43 Gb Free Space | 90,72% Space Free | Partition Type: NTFS

Computer Name: EARL-PC | User Name: earl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.11.15 14:05:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\earl\Desktop\OTL.exe
PRC - [2011.11.05 08:10:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.10.04 19:28:28 | 001,088,280 | ---- | M] (Mischel Internet Security) -- C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.01 14:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2011.07.21 11:08:02 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 06:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.01.28 06:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2011.01.28 06:13:43 | 004,538,368 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
PRC - [2010.06.28 12:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2010.06.28 11:59:52 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe


========== Modules (No Company Name) ==========

MOD - [2011.11.05 08:10:35 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.21 11:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.01.28 06:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2010.06.28 12:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009.09.23 20:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.07.21 11:11:10 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.21 11:11:09 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.05.15 15:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2C 4B 48 A1 54 A0 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.17 09:30:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.15 10:19:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.17 09:30:25 | 000,000,000 | ---D | M]

[2011.11.15 10:19:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\earl\AppData\Roaming\mozilla\Extensions
[2011.11.15 10:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.11.05 08:10:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.11.14 14:06:56 | 000,000,795 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [THGuard] C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe (Mischel Internet Security)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\earl\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\earl\Desktop\PartyPoker.lnk ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5A345F7-EC7A-4792-BAC5-9D9018EA2C83}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4d228155-d7f1-11e0-9192-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4d228155-d7f1-11e0-9192-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP



CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.11.15 14:04:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\earl\Desktop\OTL.exe
[2011.11.15 11:20:20 | 000,000,000 | ---D | C] -- C:\Users\earl\AppData\Roaming\Malwarebytes
[2011.11.15 11:18:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.15 11:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.15 11:18:45 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.11.15 11:18:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.11.15 10:19:32 | 000,000,000 | ---D | C] -- C:\Users\earl\AppData\Roaming\Mozilla
[2011.11.14 15:57:04 | 000,000,000 | ---D | C] -- C:\Users\earl\AppData\Roaming\TrojanHunter
[2011.11.14 11:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
[2011.11.14 11:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TrojanHunter
[2011.11.14 11:18:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrojanHunter 5.5
[2011.11.14 10:37:48 | 045,106,984 | ---- | C] (Mischel Internet Security ) -- C:\Users\earl\Desktop\TrojanHunterSetup.exe
[2011.11.14 10:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojancheck 6
[2011.11.14 10:29:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojancheck 6
[2011.11.11 17:38:38 | 000,000,000 | ---D | C] -- C:\Users\earl\AppData\Roaming\WinRAR
[2011.11.11 17:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.11.11 17:38:37 | 000,000,000 | ---D | C] -- C:\Users\earl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.11.11 17:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2011.11.11 17:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2011.11.11 17:33:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM
[2011.11.11 17:30:28 | 000,459,568 | ---- | C] (SweetIM Technologies, Ltd.) -- C:\Users\earl\Desktop\SweetImSetup.exe
[2011.11.11 17:21:54 | 000,000,000 | ---D | C] -- C:\Users\earl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011.11.11 17:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
[2011.11.11 17:08:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra On-Line
[2011.11.11 17:08:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sierra
[2011.11.06 15:35:54 | 000,000,000 | ---D | C] -- C:\Users\earl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JonDoFox
[2011.11.06 15:18:05 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.11.06 15:15:01 | 000,000,000 | ---D | C] -- C:\Users\earl\AppData\Roaming\JonDo
[2011.11.06 15:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.11.06 15:10:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.11.06 15:09:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011.11.06 15:04:31 | 000,000,000 | ---D | C] -- C:\Users\earl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JAP
[2011.11.06 15:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JAP
[2011.11.06 15:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JAP
[2011.11.06 12:42:58 | 000,000,000 | ---D | C] -- C:\Users\earl\AppData\Roaming\Avira
[2011.10.17 09:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011.10.17 09:41:06 | 000,000,000 | ---D | C] -- C:\Users\earl\AppData\Roaming\HP
[2011.10.17 09:41:06 | 000,000,000 | ---D | C] -- C:\Users\earl\AppData\Local\HP
[2011.10.17 09:31:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2011.10.17 09:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011.10.17 09:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011.10.17 09:27:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2011.10.17 09:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2011.10.17 09:26:59 | 000,000,000 | ---D | C] -- C:\Windows\hpoj6500e709
[2011.10.17 09:25:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011.10.17 09:25:03 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011.10.17 09:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.11.15 14:09:25 | 000,014,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.15 14:09:25 | 000,014,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.15 14:06:35 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.15 14:06:35 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.15 14:06:35 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.15 14:06:35 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.15 14:06:35 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.15 14:05:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\earl\Desktop\OTL.exe
[2011.11.15 14:01:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.15 14:01:30 | 3144,773,632 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.15 13:59:40 | 000,000,931 | ---- | M] () -- C:\Users\earl\Desktop\Dokument2.rtf
[2011.11.15 12:38:11 | 000,000,000 | ---- | M] () -- C:\Users\earl\defogger_reenable
[2011.11.15 12:30:59 | 000,050,477 | ---- | M] () -- C:\Users\earl\Desktop\Defogger.exe
[2011.11.15 11:18:50 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.15 10:19:26 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.11.14 11:18:50 | 000,059,392 | R--- | M] () -- C:\Windows\SysWow64\streamhlp.dll
[2011.11.14 11:18:50 | 000,001,005 | ---- | M] () -- C:\Users\earl\Desktop\TrojanHunter.lnk
[2011.11.14 10:39:26 | 045,106,984 | ---- | M] (Mischel Internet Security ) -- C:\Users\earl\Desktop\TrojanHunterSetup.exe
[2011.11.14 10:29:30 | 000,001,011 | ---- | M] () -- C:\Users\earl\Desktop\Trojancheck.lnk
[2011.11.11 17:38:20 | 001,531,359 | ---- | M] () -- C:\Users\earl\Desktop\wrar401d.exe
[2011.11.11 17:30:31 | 000,459,568 | ---- | M] (SweetIM Technologies, Ltd.) -- C:\Users\earl\Desktop\SweetImSetup.exe
[2011.11.11 17:24:46 | 000,021,840 | ---- | M] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011.11.11 17:24:45 | 000,017,212 | ---- | M] () -- C:\Windows\SysWow64\SIntf32.dll
[2011.11.11 17:24:45 | 000,012,067 | ---- | M] () -- C:\Windows\SysWow64\SIntf16.dll
[2011.11.11 17:17:42 | 000,000,450 | ---- | M] () -- C:\Windows\SIERRA.INI
[2011.10.29 01:04:21 | 127,789,384 | ---- | M] () -- C:\Users\earl\Desktop\reks-in-between-the-lines-vol-2.zip
[2011.10.17 17:24:41 | 000,409,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.17 09:41:05 | 000,266,092 | ---- | M] () -- C:\Windows\hpwins23.dat
[2011.10.17 09:30:48 | 000,002,099 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011.10.17 09:20:42 | 000,036,243 | ---- | M] () -- C:\Users\earl\Desktop\Lebenslauf.rtf
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.11.15 13:59:40 | 000,000,931 | ---- | C] () -- C:\Users\earl\Desktop\Dokument2.rtf
[2011.11.15 12:38:11 | 000,000,000 | ---- | C] () -- C:\Users\earl\defogger_reenable
[2011.11.15 12:30:58 | 000,050,477 | ---- | C] () -- C:\Users\earl\Desktop\Defogger.exe
[2011.11.15 11:18:50 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.15 10:19:26 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.11.15 10:19:26 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.11.14 11:18:50 | 000,001,005 | ---- | C] () -- C:\Users\earl\Desktop\TrojanHunter.lnk
[2011.11.14 11:18:28 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll
[2011.11.14 10:29:30 | 000,001,011 | ---- | C] () -- C:\Users\earl\Desktop\Trojancheck.lnk
[2011.11.11 17:38:14 | 001,531,359 | ---- | C] () -- C:\Users\earl\Desktop\wrar401d.exe
[2011.11.11 17:22:34 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011.11.11 17:22:34 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011.11.11 17:22:34 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011.11.11 17:08:10 | 000,000,450 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.10.29 01:00:49 | 127,789,384 | ---- | C] () -- C:\Users\earl\Desktop\reks-in-between-the-lines-vol-2.zip
[2011.10.17 09:30:48 | 000,002,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011.10.17 09:28:55 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2011.10.17 09:22:38 | 000,266,092 | ---- | C] () -- C:\Windows\hpwins23.dat
[2011.09.05 21:05:52 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2009.11.06 10:17:18 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011.09.06 14:07:54 | 000,000,000 | ---D | M] -- C:\Users\earl\AppData\Roaming\GetRightToGo
[2011.09.05 21:01:50 | 000,000,000 | ---D | M] -- C:\Users\earl\AppData\Roaming\HEM Data
[2011.11.06 15:15:54 | 000,000,000 | ---D | M] -- C:\Users\earl\AppData\Roaming\JonDo
[2011.11.14 15:57:04 | 000,000,000 | ---D | M] -- C:\Users\earl\AppData\Roaming\TrojanHunter
[2009.07.14 06:08:49 | 000,028,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2011.09.05 20:09:59 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.11.15 12:07:10 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.09.05 20:09:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.09.06 13:53:58 | 000,000,000 | ---D | M] -- C:\Dosgames
[2011.09.05 21:06:33 | 000,000,000 | ---D | M] -- C:\HMArchive
[2011.10.15 12:39:26 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.10.15 12:41:14 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.11.15 12:58:20 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.11.15 11:18:49 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.09.05 20:09:32 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.09.05 20:44:47 | 000,000,000 | ---D | M] -- C:\Programs
[2011.09.05 20:09:32 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.11.15 14:09:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.09.05 20:59:39 | 000,000,000 | R--D | M] -- C:\Users
[2011.11.11 17:18:01 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >


< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WININIT.EXE >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Alt 15.11.2011, 14:38   #2
HumrJay
 
Trojan Hunt findet die Trojaner sinowal.727 und agent.28. Malwarebytes findet nichts? - Standard

Trojan Hunt findet die Trojaner sinowal.727 und agent.28. Malwarebytes findet nichts?



Hoppla, tut mir leid.Ich hätte das Logfile wohl nicht als Zitat einfügen sollen.
Habe im nachhinein erst den Hinweis mit dem ESET Online Scanner gesehen. SRY
__________________


Antwort

Themen zu Trojan Hunt findet die Trojaner sinowal.727 und agent.28. Malwarebytes findet nichts?
adobe, antivir, avira, black, c:\windows\system32\rundll32.exe, explorer, firefox, format, langs, log, logfile, malwarebytes, microsoft, mozilla, object, plug-in, programm, programme, registry, required, rundll, scan, security, software, sweetim, trojan, trojaner, trojaner board, webcheck, windows, winlogon, winlogon.exe



Ähnliche Themen: Trojan Hunt findet die Trojaner sinowal.727 und agent.28. Malwarebytes findet nichts?


  1. Windows 7: Malwarebytes Anti-Malware findet Trojan.Agent.RC und setzt SkyDriveSetup.exe in Quarantäne
    Log-Analyse und Auswertung - 12.06.2015 (17)
  2. Malwarebytes findet Trojan.Agent.UKED in Datei MSTORDB.EXE
    Log-Analyse und Auswertung - 30.04.2015 (9)
  3. Malwarebytes findet mehrere Trojan.Agent
    Plagegeister aller Art und deren Bekämpfung - 11.09.2014 (12)
  4. Trojan.Agent - netlogger.exe - MalwareBytes findet nach Routinescan einen Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.09.2014 (11)
  5. Windows 7: Malwarebytes findet Trojan.Agent, jedoch lässt sich dieser nicht löschen!
    Log-Analyse und Auswertung - 17.05.2014 (12)
  6. Nur ClamAV findet Win.Trojan.Lmir-1366, Trojan.Agent-280119, W32.Perelett.14919, andere nichts
    Plagegeister aller Art und deren Bekämpfung - 05.02.2014 (9)
  7. Kaspersky findet 7 Trojaner, kann aber nur 2 verarbeiten - malwarebytes findet nichts
    Plagegeister aller Art und deren Bekämpfung - 18.12.2013 (6)
  8. AVG findet 32 Rootkits,kann sie aber nicht eliminieren ,Malwarebytes findet nichts
    Plagegeister aller Art und deren Bekämpfung - 16.10.2013 (5)
  9. snap.do entfernen, malwarebytes findet nichts!
    Plagegeister aller Art und deren Bekämpfung - 06.04.2013 (11)
  10. Avira meldet Trojaner, Malwarebytes findet nichts
    Log-Analyse und Auswertung - 24.01.2013 (11)
  11. Startfenster.com von VLC, Malwarebytes findet aber nichts...
    Log-Analyse und Auswertung - 07.01.2013 (11)
  12. AntiVir findet nichts doch Malwarebytes findet 22 infizierte Dateien
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (21)
  13. Malwarebytes findet Virus (Trojan.Agent)
    Log-Analyse und Auswertung - 24.01.2012 (1)
  14. Malwarebytes Antimalware findet "Trojan.Agent", MBAM/OTL Logs mit dabei
    Log-Analyse und Auswertung - 24.06.2011 (1)
  15. Malwarebytes findet Trojan.Bancos + RiskWare.Tool.CK + Trojan.Agent.CK...
    Plagegeister aller Art und deren Bekämpfung - 18.05.2011 (7)
  16. Trojaner TR/FakeSysdef.B Malwarebytes findet nichts mehr- trotzdem aktiv!
    Plagegeister aller Art und deren Bekämpfung - 03.02.2011 (11)
  17. EasyScan - Malwarebytes findet nichts - was mach' ich falsch?
    Plagegeister aller Art und deren Bekämpfung - 10.01.2011 (32)

Zum Thema Trojan Hunt findet die Trojaner sinowal.727 und agent.28. Malwarebytes findet nichts? - Hallo Trojaner Board Team, ich hatte, nachdem ich mir ein kostenloses Zip Programm laden wollte plötzlich ein nutzloses Programm namens Sweet IM auf dem Rechner. Ich fand das verdächtig, habe - Trojan Hunt findet die Trojaner sinowal.727 und agent.28. Malwarebytes findet nichts?...
Archiv
Du betrachtest: Trojan Hunt findet die Trojaner sinowal.727 und agent.28. Malwarebytes findet nichts? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.