Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR\Crypt.XPACK.Gen.3

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.03.2012, 19:44   #1
Tremor
 
TR\Crypt.XPACK.Gen.3 - Standard

TR\Crypt.XPACK.Gen.3



Hallo, habe mir heute den Trojaner "TR\Crypt.XPACK.Gen.3" eingefangen. (lt. Antivir). Angeblich ist nun meine Festplatte defekt, Desktop Hintergrund fehlt, alle Verknüfpungen + das komplette Start Menü.


Immer wieder öffnet sich auch die Fehlermeldung:

Zitat:
Failed to save all the components for the file \\System32\\0000246d. The file is corrputed or unreadable. This error may be caused by a PC hardware problem.
Das wiederholt sich mit verschiedenen Dateien, "\\00002eb2", "00004c90", etc.

Antivir hat gemeldet:

Code:
ATTFilter
Die Datei 'C:\Users\Matt\AppData\Local\Temp\9SXYol5OHJoZM5.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ac24354.qua' verschoben!
         

Habe Anti-Malware drüber laufen lassen, hat nicht geholfen.

Log:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.18.02

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
**** :: ****-PC [Administrator]

18.03.2012 15:55:09
mbam-log-2012-03-18 (15-55-09).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 937961
Laufzeit: 3 Stunde(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
F:\Programme\Steam\SteamApps\common\bunch of heroes\keyconfig.exe (Trojan.FakeMSGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Hier mal das OLT Logfile:
Code:
ATTFilter
OTL logfile created on: 18.03.2012 19:07:55 - Run 1
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Matt\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,11% Memory free
6,22 Gb Paging File | 4,58 Gb Available in Paging File | 73,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,04 Gb Total Space | 58,04 Gb Free Space | 20,15% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,47 Gb Free Space | 64,68% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 398,79 Gb Free Space | 42,81% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Matt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\mF90qQFOIStw2F.exe ( )
PRC - C:\ProgramData\ycVEDYkOmkxvLr.exe ( )
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Logitech\SetPointG\SetPointII.exe (Logitech, Inc.)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE (Logitech, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Hotspot Shield\bin\openvpntray.exe ()
PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (BioWare)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\sttray.exe (SigmaTel, Inc.)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\attrib.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Matt\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\b7bf9745b6ac67086c7364ee34174c51\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9eb937785d5a8bc2767ae7efcdd29d43\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b74e1ad9110a39851b12cb46b3954163\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\edfa0f31cc4950e16011ecb549f553f7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bdf555b4cfed144a3b0b60e0308cbf2b\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9d5b252266a6084a611b2be84fac9e1c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9dbdf77b1208ccfea1b67b50084c3f1a\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\37cfa5ae8473995db30414fa29167c28\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b6ac99f2787a9a672d7a696ef25588ee\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a588133985ef7510d4cc8cc7924f8ec3\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6be8cdc102f384653338279eff1f78fd\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9c4788acc8f93c33214865395cee2e1c\System.ni.dll ()
MOD - C:\Windows\System32\atitmpxx.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll ()
MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files\Hotspot Shield\bin\openvpntray.exe ()
MOD - C:\Program Files\Hotspot Shield\bin\lang\gui-eng.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe (Logitech, Inc.)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE ()
SRV - (HotspotShieldService) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (TunngleService) -- C:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (DAUpdaterSvc) -- C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (BioWare)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (X4HSX32) -- C:\Program Files\GameTap\bin\Release\X4HSX32.Sys File not found
DRV - (PCANDIS4) -- C:\Windows\system32\PCANDIS4.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (ewdmaudn) -- C:\Users\Matt\AppData\Local\Temp\ewdmaudn.sys File not found
DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found
DRV - (cpuz130) -- C:\Users\Matt\AppData\Local\Temp\cpuz130\cpuz_x32.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avo6xkg8) --  File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdLH3.sys (Advanced Micro Devices)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (HssDrv) -- C:\Windows\System32\drivers\HssDrv.sys (AnchorFree Inc.)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\System32\drivers\tap0901t.sys (Tunngle.net)
DRV - (XENfiltv) -- C:\Windows\System32\drivers\XENfiltv.sys (Creative Technology Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (PRISM_A02) -- C:\Windows\System32\drivers\PRISMA02.sys (Conexant Systems, Inc.)
DRV - (ovt519) -- C:\Windows\System32\drivers\ov519vid.sys (OmniVision Technologies, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4070704
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=4070704
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKCU\..\SearchScopes\{AC854C16-CA1E-43f1-8513-0D2F36C726ED}: "URL" = hxxp://www.wcsearch.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 98.109.55.193:5743
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic_Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q="
FF - prefs.js..browser.search.selectedEngine: "GoogleCOM"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.wcsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.selectedEngine: "GoogleCOM"
FF - user.js..keyword.URL: "hxxp://www.wcsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@gametap.com/npgametaptool,version=1.0: C:\Program Files\GameTap\bin\Release\npgametaptool.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6d: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Matt\AppData\Local\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS1002010_SUA_000\npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.16 23:13:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.27 16:53:36 | 000,000,000 | ---D | M]
 
[2008.06.30 16:24:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\mozilla\Extensions
[2012.02.24 17:25:01 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\mozilla\Firefox\Profiles\ldbwc78w.default\extensions
[2010.04.29 17:08:05 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matt\AppData\Roaming\mozilla\Firefox\Profiles\ldbwc78w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.18 15:00:51 | 000,000,000 | -H-D | M] (German Dictionary) -- C:\Users\Matt\AppData\Roaming\mozilla\Firefox\Profiles\ldbwc78w.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2008.07.14 20:50:05 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Matt\AppData\Roaming\mozilla\Firefox\Profiles\ldbwc78w.default\extensions\moveplayer@movenetworks.com
[2012.02.01 19:06:30 | 000,000,000 | -H-D | M] ("Ask Toolbar") -- C:\Users\Matt\AppData\Roaming\mozilla\Firefox\Profiles\ldbwc78w.default\extensions\toolbar@ask.com
[2009.02.23 11:18:24 | 000,000,894 | -H-- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ldbwc78w.default\searchplugins\conduit.xml
[2012.03.12 15:18:33 | 000,000,950 | -H-- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ldbwc78w.default\searchplugins\icqplugin-1.xml
[2007.09.21 10:56:07 | 000,000,949 | -H-- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ldbwc78w.default\searchplugins\icqplugin-2.xml
[2007.10.20 20:45:31 | 000,000,949 | -H-- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ldbwc78w.default\searchplugins\icqplugin-3.xml
[2007.11.02 20:24:27 | 000,000,949 | -H-- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ldbwc78w.default\searchplugins\icqplugin-4.xml
[2007.11.29 14:33:08 | 000,000,949 | -H-- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ldbwc78w.default\searchplugins\icqplugin-5.xml
[2007.12.01 16:33:03 | 000,000,949 | -H-- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ldbwc78w.default\searchplugins\icqplugin-6.xml
[2008.02.19 18:16:46 | 000,000,951 | -H-- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ldbwc78w.default\searchplugins\icqplugin.xml
[2011.11.24 01:05:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.03.04 12:06:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.12.21 00:01:07 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\mozilla firefox\extensions\afurladvisor@anchorfree.com
[2011.03.30 21:32:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\distribution\extensions
[2011.03.30 21:32:24 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files\mozilla firefox\distribution\extensions\toolbar@gmx.net
() (No name found) -- C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LDBWC78W.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
() (No name found) -- C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LDBWC78W.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LDBWC78W.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
() (No name found) -- C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LDBWC78W.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2012.03.16 23:13:57 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007.05.27 09:50:02 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2012.03.16 23:13:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.16 23:13:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.16 23:13:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.18 00:09:53 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2008.12.23 15:58:14 | 000,001,307 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-com.xml
[2012.03.16 23:13:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.16 23:13:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.16 23:13:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.03 14:36:47 | 000,412,757 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	163ns.com
O1 - Hosts: 14253 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ycVEDYkOmkxvLr.exe] C:\ProgramData\ycVEDYkOmkxvLr.exe ( )
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] F:\Programme\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7720894E-7A6E-4A81-AB45-7D15C92E25E9}: NameServer = 10.24.40.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2B740F6-3B4D-4FB3-A34D-D0E2BA4A718D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Matt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Matt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f8682ffa-8c54-11de-aefa-0003c975525e}\Shell - "" = AutoRun
O33 - MountPoints2\{f8682ffa-8c54-11de-aefa-0003c975525e}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{fac83151-50d9-11dc-b564-0003c975525e}\Shell - "" = AutoRun
O33 - MountPoints2\{fac83151-50d9-11dc-b564-0003c975525e}\Shell\AutoRun\command - "" = K:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.18 19:06:05 | 000,389,024 | -H-- | C] (Bleeping Computer, LLC) -- C:\Users\Matt\Desktop\unhide.exe
[2012.03.18 19:05:32 | 000,594,432 | -H-- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2012.03.18 15:19:06 | 000,000,000 | -H-D | C] -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.14 12:37:08 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.03.14 12:37:06 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.03.14 12:37:06 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.03.14 12:37:06 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.03.14 12:37:06 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.03.14 12:37:06 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.03.14 12:36:57 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012.03.14 12:29:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.03.09 15:24:08 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.03.09 15:24:08 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.03.09 15:24:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.03.09 15:24:07 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.03.09 15:24:07 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.03.09 15:24:07 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.03.09 15:24:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.03.09 15:24:07 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.03.09 15:24:07 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.03.09 15:24:07 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.03.09 15:24:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.03.09 15:24:06 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.03.09 15:24:06 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.03.09 15:24:06 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.03.09 15:24:06 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.03.09 15:24:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.03.09 15:24:06 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.03.09 15:24:06 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.03.09 15:24:06 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.03.09 15:24:06 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.03.09 15:24:06 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.03.09 15:24:05 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.03.09 15:24:05 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.03.09 15:24:05 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.03.09 15:24:05 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.03.09 15:24:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.03.09 15:24:05 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.03.09 15:24:05 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.03.09 15:24:04 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.03.09 15:24:04 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.03.09 15:24:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.03.09 15:24:04 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.03.09 15:24:04 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.03.09 15:24:03 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012.03.09 15:24:03 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.03.09 15:24:03 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.03.09 15:24:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.03.05 18:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2012.03.05 18:25:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
[2012.03.05 18:24:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 2
[2012.03.04 18:26:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realistic Colors and Real Nights 2.0 - HDR Edition -
[2012.03.04 12:06:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.03.04 12:05:56 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Skype
[2012.03.03 17:20:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.02.27 20:41:12 | 000,000,000 | -H-D | C] -- C:\Users\Matt\Daedalic
[2012.02.27 16:53:36 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012.02.27 16:53:36 | 000,223,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.02.27 16:53:35 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.02.27 16:53:35 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.02.26 19:39:35 | 000,000,000 | -H-D | C] -- C:\Users\Matt\Desktop\PS3
[2012.02.22 16:15:19 | 000,000,000 | -H-D | C] -- C:\Users\Matt\AppData\Local\Daedalic Entertainment
[2012.02.22 16:12:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment
[2012.02.22 16:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Daedalic Entertainment
[2012.02.20 14:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.02.20 14:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012.02.20 14:07:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.02.20 14:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.02.20 13:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.02.20 13:57:26 | 000,000,000 | ---D | C] -- C:\AMD
[2012.02.20 13:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.02.19 23:38:19 | 000,000,000 | -H-D | C] -- C:\Users\Matt\Desktop\Humble Bundle
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.18 19:06:04 | 000,389,024 | -H-- | M] (Bleeping Computer, LLC) -- C:\Users\Matt\Desktop\unhide.exe
[2012.03.18 19:05:51 | 000,711,134 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.18 19:05:51 | 000,649,202 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.18 19:05:51 | 000,158,024 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.18 19:05:51 | 000,130,806 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.18 19:05:28 | 000,594,432 | -H-- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2012.03.18 19:01:41 | 000,000,272 | ---- | M] () -- C:\ProgramData\~mF90qQFOIStw2F
[2012.03.18 19:01:41 | 000,000,192 | ---- | M] () -- C:\ProgramData\~mF90qQFOIStw2Fr
[2012.03.18 18:57:38 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.18 18:57:34 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.18 18:57:34 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.18 18:57:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.18 15:49:00 | 000,002,032 | -H-- | M] () -- C:\Users\Matt\AppData\Local\d3d9caps.dat
[2012.03.18 15:23:53 | 000,000,440 | ---- | M] () -- C:\ProgramData\mF90qQFOIStw2F
[2012.03.18 15:19:27 | 000,000,607 | -H-- | M] () -- C:\Users\Matt\Desktop\System Check.lnk
[2012.03.18 15:17:47 | 000,356,352 | ---- | M] ( ) -- C:\ProgramData\mF90qQFOIStw2F.exe
[2012.03.18 14:55:22 | 000,356,352 | ---- | M] ( ) -- C:\ProgramData\l8FKuuTQMiJGdz.exe
[2012.03.18 14:54:14 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.18 14:52:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2012.03.18 14:45:36 | 000,445,440 | ---- | M] ( ) -- C:\ProgramData\ycVEDYkOmkxvLr.exe
[2012.03.15 23:54:46 | 001,710,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.09 15:24:22 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012.03.09 15:24:22 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012.03.09 15:24:08 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.03.09 15:24:08 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.03.09 15:24:08 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.03.09 15:24:07 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.03.09 15:24:07 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.03.09 15:24:07 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.03.09 15:24:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.03.09 15:24:07 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.03.09 15:24:07 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.03.09 15:24:07 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.03.09 15:24:07 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.03.09 15:24:06 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.03.09 15:24:06 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.03.09 15:24:06 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.03.09 15:24:06 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.03.09 15:24:06 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.03.09 15:24:06 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.03.09 15:24:06 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.03.09 15:24:06 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.03.09 15:24:06 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.03.09 15:24:06 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.03.09 15:24:06 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.03.09 15:24:05 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.03.09 15:24:05 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.03.09 15:24:05 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.03.09 15:24:05 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.03.09 15:24:05 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.03.09 15:24:05 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.03.09 15:24:05 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.03.09 15:24:04 | 001,798,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.03.09 15:24:04 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.03.09 15:24:04 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.03.09 15:24:04 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.03.09 15:24:04 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.03.09 15:24:03 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012.03.09 15:24:03 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.03.09 15:24:03 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.03.09 15:24:03 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.03.07 02:39:52 | 000,094,208 | -H-- | M] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.03 18:32:38 | 000,087,465 | -H-- | M] () -- C:\Users\Matt\Desktop\me and the bigreal.jpg
[2012.03.03 18:31:33 | 000,361,672 | -H-- | M] () -- C:\Users\Matt\Desktop\me and the bigreal.psd
[2012.03.03 18:23:24 | 000,087,187 | -H-- | M] () -- C:\Users\Matt\Desktop\me and the big.jpg
[2012.02.29 20:21:24 | 000,042,392 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[2012.02.27 16:53:17 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012.02.27 16:53:17 | 000,567,184 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.02.27 16:53:17 | 000,223,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.02.27 16:53:17 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.02.27 16:53:17 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.02.26 15:36:27 | 000,032,944 | -H-- | M] () -- C:\Users\Matt\Desktop\wirkungskette.jpg
[2012.02.25 19:58:49 | 000,002,595 | -H-- | M] () -- C:\Users\Matt\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.02.25 16:30:37 | 169,358,619 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.02.20 14:11:06 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012.02.20 13:11:13 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.02.18 15:39:09 | 000,263,832 | -H-- | M] () -- C:\Users\Matt\Desktop\mw3.jpg
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.18 15:19:37 | 000,000,272 | ---- | C] () -- C:\ProgramData\~mF90qQFOIStw2F
[2012.03.18 15:19:37 | 000,000,192 | ---- | C] () -- C:\ProgramData\~mF90qQFOIStw2Fr
[2012.03.18 15:19:27 | 000,000,607 | -H-- | C] () -- C:\Users\Matt\Desktop\System Check.lnk
[2012.03.18 15:18:36 | 000,000,440 | ---- | C] () -- C:\ProgramData\mF90qQFOIStw2F
[2012.03.18 15:17:43 | 000,356,352 | ---- | C] ( ) -- C:\ProgramData\mF90qQFOIStw2F.exe
[2012.03.18 14:55:22 | 000,356,352 | ---- | C] ( ) -- C:\ProgramData\l8FKuuTQMiJGdz.exe
[2012.03.18 14:48:42 | 000,445,440 | ---- | C] ( ) -- C:\ProgramData\ycVEDYkOmkxvLr.exe
[2012.03.09 15:24:06 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.03.03 18:31:33 | 000,361,672 | -H-- | C] () -- C:\Users\Matt\Desktop\me and the bigreal.psd
[2012.03.03 18:30:51 | 000,087,465 | -H-- | C] () -- C:\Users\Matt\Desktop\me and the bigreal.jpg
[2012.03.03 18:23:19 | 000,087,187 | -H-- | C] () -- C:\Users\Matt\Desktop\me and the big.jpg
[2012.02.29 20:21:24 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2012.02.26 15:36:27 | 000,032,944 | -H-- | C] () -- C:\Users\Matt\Desktop\wirkungskette.jpg
[2012.02.25 16:39:46 | 000,002,595 | -H-- | C] () -- C:\Users\Matt\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.02.20 14:11:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.02.18 15:39:08 | 000,263,832 | -H-- | C] () -- C:\Users\Matt\Desktop\mw3.jpg
[2011.12.06 03:10:38 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011.12.05 22:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011.12.05 22:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.11.30 12:07:00 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll
[2011.11.14 20:47:22 | 000,608,507 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.10.07 14:21:34 | 000,000,000 | -H-- | C] () -- C:\Users\Matt\AppData\Roaming\chrtmp
[2011.09.20 12:37:07 | 000,032,434 | ---- | C] () -- C:\Windows\System32\xfiXEN.ini
[2011.09.20 12:37:07 | 000,002,169 | ---- | C] () -- C:\Windows\XENcfg.ini
[2011.09.20 12:37:07 | 000,000,388 | ---- | C] () -- C:\Windows\XENMCcfg.ini
[2011.09.20 12:37:00 | 000,186,880 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2011.09.20 12:37:00 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2011.09.16 10:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.16 10:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.09.16 10:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.09.16 10:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.09.16 10:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.07.22 17:24:33 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.04.07 19:59:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011.01.02 17:55:42 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.10.30 00:35:18 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2010.10.04 18:39:55 | 002,601,752 | ---- | C] () -- C:\Windows\System32\pbsvc_moh.exe
[2010.09.24 14:31:10 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.08.23 14:24:18 | 005,653,224 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010.08.23 14:24:18 | 000,015,341 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010.07.30 10:26:45 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.07.23 13:13:33 | 000,029,847 | ---- | C] () -- C:\Windows\scunin.dat
[2010.06.11 15:46:51 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
 
========== LOP Check ==========
 
[2011.09.20 21:25:45 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\.minecraft
[2011.03.22 14:20:33 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\.Nitrous
[2009.12.29 00:45:47 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Atari
[2012.01.22 16:46:59 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Azureus
[2009.04.12 14:24:56 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Bioshock
[2007.09.03 22:57:38 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\BitTorrent
[2009.12.23 18:21:35 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Braid
[2007.09.27 13:50:21 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Codemasters
[2009.08.19 01:37:29 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\DAEMON Tools Lite
[2009.02.04 22:18:30 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\FarmingSimulator2008Demo
[2011.09.02 00:16:26 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\fltk.org
[2011.06.29 01:09:38 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\FreeFLVConverter
[2009.04.13 23:39:40 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\GetRightToGo
[2010.08.07 18:01:10 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\ICQ
[2007.07.19 17:58:41 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\ICQ Toolbar
[2011.09.18 15:50:00 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Image Zone Express
[2008.04.17 17:32:19 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\InfraRecorder
[2009.05.20 20:47:28 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\JonDo
[2011.12.08 18:34:47 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Leadertech
[2010.09.17 18:49:23 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\LucasArts
[2010.08.27 17:33:01 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Miranda
[2011.01.04 03:19:09 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\mkvtoolnix
[2009.04.24 22:32:42 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\MobMapUpdater
[2009.06.11 16:36:55 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\My Games
[2012.01.14 19:41:25 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\NationRed
[2010.12.17 22:35:57 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Need for Speed World
[2009.02.02 16:52:06 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\OpenOffice.org
[2011.09.28 15:07:30 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Origin
[2007.11.25 22:19:02 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Printer Info Cache
[2011.07.22 17:24:39 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Red Alert 3
[2011.07.30 15:02:34 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Red Alert 3 Uprising
[2010.01.04 19:39:53 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\runic games
[2011.10.26 23:02:56 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Samsung
[2011.09.03 14:19:51 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Simfy
[2007.08.20 11:49:23 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Soldat
[2010.08.23 14:33:46 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Spesoft Audio Converter
[2008.09.07 18:55:54 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\SPORE Creature Creator
[2007.12.11 21:02:26 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Template
[2010.08.12 01:38:17 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\The Creative Assembly
[2010.12.28 16:44:15 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\The Path
[2012.03.15 21:20:45 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\TS3Client
[2010.11.17 19:30:56 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Tunngle
[2008.04.23 21:41:56 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Turbine
[2011.07.21 02:21:27 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Unity
[2009.11.03 14:28:21 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Usenet.to
[2011.03.25 21:04:39 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\uTorrent
[2011.04.18 22:14:18 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\wargaming.net
[2011.01.29 00:51:05 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\Xilisoft
[2011.01.15 01:59:37 | 000,000,000 | -H-D | M] -- C:\Users\Matt\AppData\Roaming\ZombieDriver
[2012.03.18 14:52:19 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Kann mir jemand weiterhelfen? Habe einige ähnliche Fälle gefunden, aber die Lösungen da waren zu spezifisch als das ich sie hätte bei mir anwenden können.

Alt 18.03.2012, 19:49   #2
markusg
/// Malware-holic
 
TR\Crypt.XPACK.Gen.3 - Standard

TR\Crypt.XPACK.Gen.3



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
PRC - C:\ProgramData\ycVEDYkOmkxvLr.exe ( )
PRC - C:\ProgramData\mF90qQFOIStw2F.exe ( )
O4 - HKLM..\Run: [ycVEDYkOmkxvLr.exe] C:\ProgramData\ycVEDYkOmkxvLr.exe ( )
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 98.109.55.193:5743
 
[2012.03.18 15:19:37 | 000,000,272 | ---- | C] () -- C:\ProgramData\~mF90qQFOIStw2F
[2012.03.18 15:19:37 | 000,000,192 | ---- | C] () -- C:\ProgramData\~mF90qQFOIStw2Fr
[2012.03.18 15:19:27 | 000,000,607 | -H-- | C] () -- C:\Users\Matt\Desktop\System Check.lnk
[2012.03.18 15:18:36 | 000,000,440 | ---- | C] () -- C:\ProgramData\mF90qQFOIStw2F
[2012.03.18 15:17:43 | 000,356,352 | ---- | C] ( ) -- C:\ProgramData\mF90qQFOIStw2F.exe
[2012.03.18 14:55:22 | 000,356,352 | ---- | C] ( ) -- C:\ProgramData\l8FKuuTQMiJGdz.exe
[2012.03.18 14:48:42 | 000,445,440 | ---- | C] ( ) -- C:\ProgramData\ycVEDYkOmkxvLr.exe
[2012.03.18 15:19:06 | 000,000,000 | -H-D | C] -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
 :Files
C:\ProgramData\ycVEDYkOmkxvLr.exe
C:\ProgramData\mF90qQFOIStw2F.exe
:Commands
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________

Alt 18.03.2012, 20:14   #3
Tremor
 
TR\Crypt.XPACK.Gen.3 - Standard

TR\Crypt.XPACK.Gen.3



Danke für die schnelle Antwort. Alles gemacht wie gesagt, Datei hochgeladen.

Code:
ATTFilter
========== OTL ==========
Process ycVEDYkOmkxvLr.exe killed successfully!
Process mF90qQFOIStw2F.exe killed successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ycVEDYkOmkxvLr.exe deleted successfully.
C:\ProgramData\ycVEDYkOmkxvLr.exe moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\ProgramData\~mF90qQFOIStw2F moved successfully.
C:\ProgramData\~mF90qQFOIStw2Fr moved successfully.
C:\Users\Matt\Desktop\System Check.lnk moved successfully.
C:\ProgramData\mF90qQFOIStw2F moved successfully.
C:\ProgramData\mF90qQFOIStw2F.exe moved successfully.
C:\ProgramData\l8FKuuTQMiJGdz.exe moved successfully.
File C:\ProgramData\ycVEDYkOmkxvLr.exe not found.
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check folder moved successfully.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.39.1 log created on 03182012_195049
         
Nach Neustart war mittlerweile der komplette Inhalt von C "versteckt".

Habe den Rest mit unhide wieder sichtbar machen könne. Danke nochmals für die Hilfe!
__________________

Geändert von Tremor (18.03.2012 um 20:54 Uhr)

Alt 18.03.2012, 21:09   #4
markusg
/// Malware-holic
 
TR\Crypt.XPACK.Gen.3 - Standard

TR\Crypt.XPACK.Gen.3



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.03.2012, 23:52   #5
Tremor
 
TR\Crypt.XPACK.Gen.3 - Standard

TR\Crypt.XPACK.Gen.3



ComboFix ausgeführt, Log:

Code:
ATTFilter
ComboFix 12-03-17.01 - Matt 18.03.2012  22:47:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1844 [GMT 1:00]
ausgeführt von:: c:\users\Matt\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe.b
c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe
c:\program files\Hotspot Shield\HssIE\HsSIe.dll
c:\users\Matt\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
c:\users\Matt\AppData\Local\Windows Server
c:\users\Matt\AppData\Local\Windows Server\flags.ini
c:\users\Matt\AppData\Local\Windows Server\uses32.dat
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
F:\install.exe
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Recent\???????????????????????? . . . . Nicht in der Lage zu löschen
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-18 bis 2012-03-18  ))))))))))))))))))))))))))))))
.
.
2012-03-18 22:01 . 2012-03-18 22:07	--------	d-----w-	c:\users\Matt\AppData\Local\temp
2012-03-18 22:01 . 2012-03-18 22:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-18 22:01 . 2012-03-18 22:01	--------	d-----w-	c:\users\Administrator.Matt-PC\AppData\Local\temp
2012-03-18 19:00 . 2012-03-18 19:00	6804	----a-w-	c:\windows\system32\PerfStringBackup.TMP
2012-03-18 18:50 . 2012-03-18 19:10	--------	d-----w-	C:\_OTL
2012-03-16 22:13 . 2012-03-16 22:13	97208	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-03-16 22:13 . 2012-03-16 22:13	2106216	----a-w-	c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-03-16 22:13 . 2012-03-16 22:13	19384	----a-w-	c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-03-16 22:13 . 2012-03-16 22:13	125880	----a-w-	c:\program files\Mozilla Firefox\crashreporter.exe
2012-03-16 22:13 . 2012-03-16 22:13	592824	----a-w-	c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-16 22:13 . 2012-03-16 22:13	548864	----a-w-	c:\program files\Mozilla Firefox\msvcp80.dll
2012-03-16 22:13 . 2012-03-16 22:13	479232	----a-w-	c:\program files\Mozilla Firefox\msvcm80.dll
2012-03-16 22:13 . 2012-03-16 22:13	44472	----a-w-	c:\program files\Mozilla Firefox\mozglue.dll
2012-03-16 22:13 . 2012-03-16 22:13	626688	----a-w-	c:\program files\Mozilla Firefox\msvcr80.dll
2012-03-14 11:37 . 2012-02-14 15:45	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-03-14 11:37 . 2012-02-14 15:45	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-03-14 11:37 . 2012-02-13 14:12	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-03-14 11:37 . 2012-02-13 13:47	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-03-14 11:37 . 2012-02-13 13:44	1068544	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 11:37 . 2012-01-31 10:59	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-03-14 11:36 . 2012-01-09 15:54	613376	----a-w-	c:\windows\system32\rdpencom.dll
2012-03-14 11:36 . 2012-01-09 13:58	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-05 17:25 . 2012-03-05 17:26	--------	d-----w-	c:\program files\AGEIA Technologies
2012-03-05 17:25 . 2012-03-05 17:25	--------	d-----w-	c:\windows\system32\AGEIA
2012-03-04 11:05 . 2012-03-04 11:05	--------	d-----w-	c:\program files\Common Files\Skype
2012-02-27 19:41 . 2012-02-27 19:41	--------	d-----w-	c:\users\Matt\Daedalic
2012-02-27 15:53 . 2012-02-27 15:53	637848	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-02-22 15:15 . 2012-02-22 15:15	--------	d-----w-	c:\users\Matt\AppData\Local\Daedalic Entertainment
2012-02-22 15:08 . 2012-02-27 15:55	--------	d-----w-	c:\program files\Daedalic Entertainment
2012-02-20 13:13 . 2012-02-20 13:13	--------	d-----w-	c:\programdata\ATI
2012-02-20 13:11 . 2012-02-20 13:11	0	----a-w-	c:\windows\ativpsrm.bin
2012-02-20 13:07 . 2012-02-20 13:07	--------	d-----w-	c:\program files\AMD APP
2012-02-20 13:02 . 2012-02-20 13:02	--------	d-----w-	c:\program files\ATI
2012-02-20 12:58 . 2012-02-20 13:07	--------	d-----w-	c:\program files\ATI Technologies
2012-02-20 12:57 . 2012-02-20 12:57	--------	d-----w-	C:\AMD
2012-02-20 12:48 . 2012-03-18 22:05	--------	d-----w-	c:\programdata\NVIDIA
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-09 14:24 . 2012-03-09 14:24	1127424	----a-w-	c:\windows\system32\wininet.dll
2012-03-09 14:24 . 2012-03-09 14:24	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-03-09 14:24 . 2012-03-09 14:24	152064	----a-w-	c:\windows\system32\wextract.exe
2012-02-29 19:21 . 2012-02-29 19:21	42392	----a-w-	c:\windows\system32\xfcodec.dll
2012-02-27 15:53 . 2010-07-03 14:38	567184	----a-w-	c:\windows\system32\deployJava1.dll
2012-02-20 12:11 . 2011-05-26 10:50	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-09 22:55 . 2003-03-18 21:14	499712	----a-w-	c:\windows\system32\msvcp71.dll
2012-02-02 16:50 . 2010-03-03 21:12	215128	----a-w-	c:\windows\system32\PnkBstrB.xtr
2012-02-02 16:50 . 2008-07-28 10:46	215128	----a-w-	c:\windows\system32\PnkBstrB.exe
2012-02-02 15:16 . 2012-03-14 11:37	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-03-16 22:13 . 2012-03-16 22:13	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\prxtbSof0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
2011-05-09 09:49	176936	----a-w-	c:\program files\Softonic_Deutsch\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29	1490312	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\prxtbSof0.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}"= "c:\program files\Softonic_Deutsch\prxtbSof0.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"Steam"="f:\programme\Steam\steam.exe" [2011-08-02 1242448]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-09-29 20880]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-15 17146504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-09-29 929680]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-09-29 3508112]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-02-09 296056]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
.
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2012-2-29 3537304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10	35696	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51	691656	----a-w-	c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 11:09	460784	----a-w-	c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 20:52	49152	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-02-24 17:20	1103216	----a-w-	c:\program files\Download Manager\DLM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2006-02-13 16:33	214648	----a-w-	c:\users\Matt\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 10:22	221184	----a-w-	c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-790676162-1787872899-2443555529-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 16:04]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 16:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
IE: Download with Xilisoft Download YouTube Video - c:\program files\Xilisoft\Download YouTube Video\upod_link.HTM
TCP: Interfaces\{7720894E-7A6E-4A81-AB45-7D15C92E25E9}: NameServer = 10.24.40.1
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ldbwc78w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - GoogleCOM
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://www.wcsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.search.selectedEngine - GoogleCOM
FF - user.js: keyword.URL - hxxp://www.wcsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
HKU-Default-Run-DelayShred - c:\progra~1\mcafee\mshr\ShrCL.EXE
MSConfigStartUp-BLASC - c:\program files\buffed.de\Blasc\BLASC.exe
MSConfigStartUp-IP Changer 2 - c:\program files\Plustech Inc\IP Changer 2.0\IPChanger.exe
AddRemove-Age Of Empires 2 & The Conquerors Expansion - Full Game - o:\games\Age Of Empires 2 & The Conquerors Expansion - Full Game\uninstall.exe
AddRemove-AWP - j:\games\Postal 2\ApocalypseWeekend\AWPuninst.exe
AddRemove-BitTorrent - c:\program files\BitTorrent\uninstall.exe
AddRemove-Die Völker - c:\windows\IsUn0407.exe
AddRemove-EVEREST Home Edition_is1 - o:\programme\EVEREST Home Edition\unins000.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe
AddRemove-Free M4a to MP3 Converter_is1 - o:\programme\Free M4a to MP3 Converter\unins000.exe
AddRemove-InsurgencyMod - j:\games\valve\steam\SteamApps\SourceMods\insurgency\Uninstall.exe
AddRemove-IP Changer 2.0 - c:\program files\Plustech Inc.\IP Changer 2.0\Uninst.isu
AddRemove-Kain 2 - f:\programme\Eidos Interactive\Soul Reaver\UninstSR.isu
AddRemove-Krankheitssimulator - c:\windows\unin0407.exe
AddRemove-Manhunt 2 - o:\games\Manhunt 2\Uninstall.exe
AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe
AddRemove-NVIDIAStereo - c:\program files\NVIDIA Corporation\3D Vision\nvStInst.exe
AddRemove-pepakura_viewer3en - o:\programme\Pepakura\viewer\epuninst.exe
AddRemove-Poke646 1.0 - c:\program files\Steam\SteamApps\der_el_gringo_loco\half-life\SXUNINST.EXE
AddRemove-RapeLay - o:\games\RapeLay\uninstall.exe
AddRemove-Real Life - c:\program files\Real Life\uninst.exe
AddRemove-SeriousSam2 - o:\games\Serious Sam 2\Bin\Uninstall.exe
AddRemove-Soldat_is1 - j:\games\Soldat\unins000.exe
AddRemove-Soldier of Fortune II - SP Demo - c:\progra~1\SOLDIE~1\Uninstall\Unwise.exe
AddRemove-SShockDeinstallKey - c:\windows\IsUn0407.exe
AddRemove-Steam App 1250 - c:\program files\Steam\steam.exe
AddRemove-Steam App 12900 - c:\program files\Steam\steam.exe
AddRemove-Steam App 130 - c:\program files\Steam\steam.exe
AddRemove-Steam App 15130 - c:\program files\Steam\steam.exe
AddRemove-Steam App 20 - c:\program files\Steam\steam.exe
AddRemove-Steam App 20500 - c:\program files\Steam\steam.exe
AddRemove-Steam App 22000 - c:\program files\Steam\steam.exe
AddRemove-Steam App 27030 - c:\program files\Steam\steam.exe
AddRemove-Steam App 32360 - c:\program files\Steam\steam.exe
AddRemove-Steam App 32380 - c:\program files\Steam\steam.exe
AddRemove-Steam App 32390 - c:\program files\Steam\steam.exe
AddRemove-Steam App 32400 - c:\program files\Steam\steam.exe
AddRemove-Steam App 3730 - c:\program files\Steam\steam.exe
AddRemove-Steam App 3830 - c:\program files\Steam\steam.exe
AddRemove-Steam App 3970 - c:\program files\Steam\steam.exe
AddRemove-Steam App 400 - c:\program files\Steam\steam.exe
AddRemove-Steam App 41000 - c:\program files\Steam\steam.exe
AddRemove-Steam App 41500 - c:\program files\Steam\steam.exe
AddRemove-Steam App 420 - c:\program files\Steam\steam.exe
AddRemove-Steam App 4760 - c:\program files\Steam\steam.exe
AddRemove-Steam App 4770 - c:\program files\Steam\steam.exe
AddRemove-Steam App 50 - c:\program files\Steam\steam.exe
AddRemove-Steam App 500 - c:\program files\Steam\steam.exe
AddRemove-Steam App 510 - c:\program files\Steam\steam.exe
AddRemove-Steam App 513 - c:\program files\Steam\steam.exe
AddRemove-Steam App 550 - c:\program files\Steam\steam.exe
AddRemove-Steam App 6020 - c:\program files\Steam\steam.exe
AddRemove-Steam App 6030 - c:\program files\Steam\steam.exe
AddRemove-Steam App 630 - c:\program files\Steam\steam.exe
AddRemove-Steam App 6980 - c:\program files\Steam\steam.exe
AddRemove-Steam App 70 - c:\program files\Steam\steam.exe
AddRemove-Steam App 8080 - c:\program files\Steam\steam.exe
AddRemove-Steam App 8980 - c:\program files\Steam\steam.exe
AddRemove-Steam App 9860 - c:\program files\Steam\steam.exe
AddRemove-The Suffering - c:\program files\Midway Games\The Suffering\uninstall.exe
AddRemove-The Thing - o:\games\The Thing\UnInst.exe
AddRemove-Turok 2 - c:\windows\IsUn0407.exe
AddRemove-Unreal Gold - o:\games\UnrealGold\System\Setup.exe
AddRemove-Usenet.to_is1 - o:\programme\Usenet.to\unins000.exe
AddRemove-uTorrent - o:\programme\uTorrent\uTorrent.exe
AddRemove-WChat - c:\westwood\WWONLINE\UNINSTWC.EXE
AddRemove-YouTube FLV to AVI Easy Converter_is1 - o:\programme\YouTube FLV to AVI Easy Converter\unins000.exe
AddRemove-Zombie Shooter_is1 - o:\games\Zombie Shooter\unins000.exe
AddRemove-Zompie - c:\program files\Zompie\uninstall.exe
AddRemove-{A8DE8C34-7F51-4cc8-B326-C425793EE741} - o:\games\Riddick\Uninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-Steam App 215 - c:\program files\Steam\steam.exe
AddRemove-Steam App 6510 - c:\program files\Steam\steam.exe
AddRemove-Steam App 7080 - c:\program files\Steam\steam.exe
AddRemove-Zog 1 - c:\program files\Zog 1\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-18 23:07
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-790676162-1787872899-2443555529-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F342BA67-4505-0009-353F-8EA9F20C666E}*]
"bbfmhbnjggjelkpjpgaaliffddpepifdiang"=hex:61,61,00,00
"abfmhbnjggjelkpjpghaehedplclejmjkb"=hex:61,61,00,00
.
[HKEY_USERS\S-1-5-21-790676162-1787872899-2443555529-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:a2,cd,bb,df,c4,e0,96,9a,6b,6a,71,cd,1d,fb,e0,12,af,9a,e7,59,81,df,6e,
   66,77,3b,c3,f1,c2,2c,b2,de,4d,fb,a4,6d,8d,d0,31,3a,7c,33,e8,78,d8,05,52,68,\
"??"=hex:ed,ae,0e,73,63,27,4c,ff,35,8f,bb,fe,93,a6,2a,d5
.
[HKEY_USERS\S-1-5-21-790676162-1787872899-2443555529-1000\Software\SecuROM\License information*]
"datasecu"=hex:4f,b1,82,a9,ae,25,9d,8a,e7,0b,68,df,59,aa,99,da,5a,46,7e,06,ab,
   6d,7e,e7,60,2d,4e,7d,03,77,c5,91,ad,78,90,7f,98,af,09,ef,2a,0d,d5,03,30,d0,\
"rkeysecu"=hex:ce,e5,c0,bc,4d,7d,f5,65,b6,51,8b,ad,02,45,65,3a
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5360)
c:\program files\Xfire\xfire_toucan_45320.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\conime.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\LogMeIn Hamachi\hamachi-2.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Hotspot Shield\bin\hsswd.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\Tunngle\TnglCtrl.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\sttray.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Hotspot Shield\bin\openvpntray.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Last.fm\LastFM.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Logitech\SetPointG\SetPointII.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-18  23:25:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-18 22:25
.
Vor Suchlauf: 24 Verzeichnis(se), 61.582.508.032 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 62.335.086.592 Bytes frei
.
- - End Of File - - E5DDF46A52BEAE8090846AAE51E6E81A
         


Alt 19.03.2012, 12:24   #6
markusg
/// Malware-holic
 
TR\Crypt.XPACK.Gen.3 - Standard

TR\Crypt.XPACK.Gen.3



welche probleme gibts aktuell noch?
__________________
--> TR\Crypt.XPACK.Gen.3

Alt 19.03.2012, 15:22   #7
Tremor
 
TR\Crypt.XPACK.Gen.3 - Standard

TR\Crypt.XPACK.Gen.3



Keine mehr, danke für die Hilfe!

Alt 19.03.2012, 16:41   #8
markusg
/// Malware-holic
 
TR\Crypt.XPACK.Gen.3 - Standard

TR\Crypt.XPACK.Gen.3



wir sind nicht fertig.
lade den CCleaner standard:
CCleaner Download - CCleaner 3.16.1666
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu TR\Crypt.XPACK.Gen.3
antivir, avira, bho, bonjour, conduit, dateisystem, desktop, device driver, error, failed, festplatte, firefox, google earth, helper, heuristiks/extra, heuristiks/shuriken, home, hotspot, hotspot shield, launch, logfile, mbamservice.exe, mozilla, mp3, object, programm, registry, safer networking, scan, searchscopes, softonic, softonic deutsch toolbar, software, sttray.exe, system, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, usb, virus, vista



Ähnliche Themen: TR\Crypt.XPACK.Gen.3


  1. avira findet : tr/crypt.zpack.36522 ,tr/crypt.xpack.gen ,adware/installcore.gen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (4)
  2. AntiVir hat folgede Viren gefunden: TR/Crypt.ZPACK.Gen2' & 'TR/Crypt.XPACK.Gen5' [trojan
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (33)
  3. Probleme mit .NET Framework, windows update und Systemwiederherstellung, Trojaner TR/Crypt.XPACK.Gen8, TR/Crypt.ULPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 23.09.2012 (11)
  4. TR/Crypt.EPACK.Gen8, TR/Crypt.XPACK.Gen, TR/Vcaredrix.A.3 und einige EXP/CVE-xx, EXP/2010-xx Viren.
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (7)
  5. TR/Crypt.XPACK.Gen, TR/Sirefef.BV.2, TR/Crypt.XPACK.Gen3, TR/PSW.Karagany.A.73
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (2)
  6. TR/Crypt.XPACK.Gen5, TR/Crypt.ZPACK.Gen2, TR/Fake.Rean.3394, TR/PSW.Fareit.A.64
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (30)
  7. TR/Crypt.XPACK.Gen und TR/Crypt.ZPACK.Gen2 gefunden PC extrem langsam
    Log-Analyse und Auswertung - 19.10.2011 (8)
  8. Kurze Fragen zu TR/Crypt.XPACK.Gen + TR/Crypt.ZPACK.Gen + Avira Scan
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (3)
  9. W32/Induc.A, TR/Dropper.Gen, TR/Crypt.ZPACK.Gen, TR/Crypt.XPACK.Gen3 gefunden - wie entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  10. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
  11. TR/Crypt.XPACK.Gen3, TR/Crypt.XPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 11.10.2010 (4)
  12. Befall mit TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 21.09.2010 (23)
  13. TR/Dropper.gen und TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen2 und TR/Dldr.Agent.cxyf.3
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (32)
  14. tr\crypt.xpack.gen2 und tr\crypt.xpack.gen
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (4)
  15. TR/dldr.swizzor.gen2, TR/crypt.xpack.gen, TR/crypt.zpack.gen unter Windows XP
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (15)
  16. Massives Trojaner Problem TR/Crypt.XPACK.Gen TR/dropper.Gen TR/Crypt.ASPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 21.03.2010 (1)
  17. Heftiger Trojaner Befall Crypt.XPACK.Gen/Click.YABECTOR.B.1/ Crypt.PEPM.Gen
    Log-Analyse und Auswertung - 28.12.2009 (1)

Zum Thema TR\Crypt.XPACK.Gen.3 - Hallo, habe mir heute den Trojaner "TR\Crypt.XPACK.Gen.3" eingefangen. (lt. Antivir). Angeblich ist nun meine Festplatte defekt, Desktop Hintergrund fehlt, alle Verknüfpungen + das komplette Start Menü. Immer wieder öffnet sich - TR\Crypt.XPACK.Gen.3...
Archiv
Du betrachtest: TR\Crypt.XPACK.Gen.3 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.