Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bundespolizei-Trojan

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.07.2012, 20:18   #1
Neven
 
Bundespolizei-Trojan - Standard

Bundespolizei-Trojan



Ich bin heute von dem Mist infiziert worden (Win XP sp3). Habe System Restore im Safe Mode gemacht. Konnte dann wieder im Normal Mode starten und habe dann mit Malwarebytes gescannt:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.19.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Neven :: ACROPOLIS [administrator]

19.07.2012 18:45:52
mbam-log-2012-07-19 (21-08-09).txt

Scan type: Full scan (C:\|D:\|F:\|M:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 342550
Time elapsed: 1 hour(s), 10 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Neven\Local Settings\Temp\toip0_tmp.exe (Spyware.Zbot.DG) -> No action taken.

(end)
         
Also Spyware.Zbot.DG gefunden. Ich habe noch nichts gemacht.

Habe auch mit OTL gescannt:

Code:
ATTFilter
OTL logfile created on: 19.07.2012 21:09:00 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Documents and Settings\Neven\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Austria | Language: DEA | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,46 Gb Available Physical Memory | 26,43% Memory free
3,60 Gb Paging File | 2,58 Gb Available in Paging File | 71,67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,07 Gb Total Space | 4,63 Gb Free Space | 11,84% Space Free | Partition Type: NTFS
Drive D: | 20,55 Gb Total Space | 1,63 Gb Free Space | 7,92% Space Free | Partition Type: NTFS
Drive F: | 53,83 Gb Total Space | 13,89 Gb Free Space | 25,80% Space Free | Partition Type: NTFS
Drive M: | 132,47 Gb Total Space | 15,95 Gb Free Space | 12,04% Space Free | Partition Type: NTFS
 
Computer Name: ACROPOLIS | User Name: Neven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.19 20:03:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neven\Desktop\OTL.exe
PRC - [2012.07.18 11:09:20 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.07.18 10:57:47 | 000,400,352 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.05.20 17:00:57 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.01.17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010.09.07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.07.24 09:51:16 | 004,334,272 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files\SpeedFan\speedfan.exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.19 02:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2007.06.27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.02.07 00:10:34 | 000,098,304 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2400 Series\ezprint.exe
PRC - [2006.02.02 22:11:22 | 000,495,616 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcrcoms.exe
PRC - [2006.01.22 12:45:08 | 000,286,720 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
PRC - [2005.02.16 16:15:20 | 000,581,632 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.19 18:38:48 | 000,192,512 | ---- | M] () -- C:\Documents and Settings\Neven\Local Settings\Temp\sfamcc00001.dll
MOD - [2012.07.19 18:38:47 | 000,172,032 | ---- | M] () -- C:\Documents and Settings\Neven\Local Settings\Temp\sfareca00001.dll
MOD - [2012.07.19 09:06:41 | 001,784,320 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12071901\algo.dll
MOD - [2012.07.18 11:09:18 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.07.18 10:58:01 | 001,936,352 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2012.07.18 10:58:00 | 000,162,784 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012.07.18 10:58:00 | 000,021,984 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012.07.12 13:26:39 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012.04.30 22:17:11 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.11.03 17:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.08 17:15:40 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll
MOD - [2010.09.07 17:27:52 | 000,188,976 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll
MOD - [2010.09.07 17:13:40 | 000,142,872 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\aswDld.dll
MOD - [2010.08.16 00:08:44 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2008.03.19 02:21:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\jsd.dll
MOD - [2008.03.19 02:21:20 | 000,512,000 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\js32.dll
MOD - [2008.01.09 00:50:10 | 000,349,147 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\sqlite3.dll
MOD - [2006.01.25 11:27:42 | 000,241,664 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\iptk.dll
MOD - [2006.01.22 12:47:36 | 000,684,032 | ---- | M] () -- C:\WINDOWS\system32\lxcrdrs.dll
MOD - [2006.01.22 12:45:08 | 000,286,720 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
MOD - [2006.01.22 12:44:34 | 000,274,432 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrscw.dll
MOD - [2006.01.12 09:20:04 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxcrpp5c.dll
MOD - [2005.12.29 10:34:22 | 000,143,360 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrdrec.dll
MOD - [2005.12.20 11:54:04 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\lxcrcnv4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.18 11:09:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.12 13:26:40 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2006.02.02 22:11:22 | 000,495,616 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\system32\lxcrcoms.exe -- (lxcr_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.07.19 18:45:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010.12.03 11:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2010.10.25 09:11:34 | 000,010,828 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbkey.sys -- (USBKey)
DRV - [2010.09.11 04:19:16 | 005,417,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.09.07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.09.07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.09.07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.09.07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.09.07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.09.07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010.07.09 13:18:54 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010.05.11 12:00:34 | 000,020,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2009.07.20 13:08:26 | 005,795,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.05.25 09:21:28 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.04.22 14:28:08 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2009.04.22 14:28:06 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009.02.09 02:32:16 | 000,022,328 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008.08.05 14:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007.10.11 15:40:00 | 000,009,096 | R--- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\amdide.sys -- (amdide)
DRV - [2007.04.16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006.01.31 14:21:48 | 000,025,900 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006.01.04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.guardian.co.uk/environment
IE - HKCU\..\SearchScopes,DefaultScope = {1900ED55-EEF8-400E-986C-A7E248558580}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1900ED55-EEF8-400E-986C-A7E248558580}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.guardian.co.uk/environment"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Neven\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.30 11:50:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 11:09:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.12 13:28:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.19 10:46:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.04.12 13:28:53 | 000,000,000 | ---D | M]
 
[2011.03.24 15:31:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Neven\Application Data\Mozilla\Extensions
[2010.10.24 08:05:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Neven\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.05 19:09:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Neven\Application Data\Mozilla\Firefox\Profiles\qikr6udx.default\extensions
[2012.03.30 16:04:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Neven\Application Data\Mozilla\Firefox\Profiles\qikr6udx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.17 12:57:19 | 000,000,000 | ---D | M] (German Dictionary, extended for Austria) -- C:\Documents and Settings\Neven\Application Data\Mozilla\Firefox\Profiles\qikr6udx.default\extensions\de-AT@dictionaries.addons.mozilla.org
[2012.02.20 10:26:20 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Documents and Settings\Neven\Application Data\Mozilla\Firefox\Profiles\qikr6udx.default\extensions\dictionary-switcher@design-noir.de
[2011.04.17 12:57:19 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Neven\Application Data\Mozilla\Firefox\Profiles\qikr6udx.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011.10.08 11:49:46 | 000,000,000 | ---D | M] (Dictionnaire français «Moderne») -- C:\Documents and Settings\Neven\Application Data\Mozilla\Firefox\Profiles\qikr6udx.default\extensions\fr-moderne@dictionaries.addons.mozilla.org
[2012.03.21 20:54:12 | 000,000,000 | ---D | M] (Woordenboek Nederlands) -- C:\Documents and Settings\Neven\Application Data\Mozilla\Firefox\Profiles\qikr6udx.default\extensions\nl-NL@dictionaries.addons.mozilla.org
[2012.05.27 21:08:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.02.20 14:08:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.07.07 17:55:18 | 000,041,878 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\NEVEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QIKR6UDX.DEFAULT\EXTENSIONS\{546D2A00-2BBF-11DC-8314-0800200C9A66}.XPI
[2011.12.30 11:50:42 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2010.10.25 14:27:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.07.18 11:09:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.09 10:37:24 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2012.02.25 16:00:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.25 16:00:51 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Neven\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Neven\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Neven\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Neven\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Neven\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Current Commodities = C:\Documents and Settings\Neven\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hmjbibcbljbkocjhkdhpgpnpfampcijn\1.0_0\
 
O1 HOSTS File: ([2010.10.24 06:43:48 | 000,000,781 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Neven\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Neven\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Neven\Start Menu\Programs\Startup\SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O4 - Startup: C:\Documents and Settings\Neven\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1287897241375 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1AF8241-64D8-4D49-A8FE-58567792EBF5}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Neven\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Neven\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.06 00:04:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.19 20:03:24 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Neven\Desktop\OTL.exe
[2012.07.19 18:44:57 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.07.14 14:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neven\Desktop\Eden's Island – Eden Ahbez
[2012.07.10 17:09:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neven\Desktop\mano negra - discographie
[2012.07.02 13:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neven\Start Menu\Programs\Tivola
[2012.06.27 09:37:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neven\Application Data\Opera
[2010.11.09 16:39:45 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Neven\Application Data\pcouffin.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.19 21:09:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.19 20:26:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.07.19 20:09:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.19 20:05:45 | 000,624,883 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\adwcleaner.exe
[2012.07.19 20:03:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neven\Desktop\OTL.exe
[2012.07.19 20:00:37 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Data.job
[2012.07.19 18:45:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.07.19 18:44:52 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.19 18:38:21 | 000,001,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012.07.19 18:38:20 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.07.19 18:33:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.19 18:27:49 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.07.19 18:21:27 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012.07.19 18:21:22 | 004,503,728 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\pmt_0piot.pad
[2012.07.19 14:57:51 | 000,109,056 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\AUX QUATRE COINS DU MONDE_SAISON2_EP1_LA GUERRE DES SAINTES - DUT.STL
[2012.07.19 10:35:18 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.18 16:08:44 | 000,010,810 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\rhhf.jpeg
[2012.07.18 14:26:50 | 000,627,624 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\MBS 59b+GW.skp
[2012.07.17 16:21:11 | 000,625,637 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\AutoSave_MBS 59b.skp
[2012.07.17 00:05:19 | 000,122,368 | ---- | M] () -- C:\Documents and Settings\Neven\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.16 21:05:35 | 004,810,027 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\MBS 59a.skp
[2012.07.16 21:05:23 | 004,810,243 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\MBS 59a.skb
[2012.07.16 21:05:09 | 000,625,555 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\MBS 59b.skp
[2012.07.14 20:35:50 | 000,631,205 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\MBS 59b.skb
[2012.07.14 14:46:04 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.07.13 19:39:07 | 000,096,640 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\Carnets du bourlingueur - Ep03 - Naufrage gare aux requins VM.STL
[2012.07.12 13:26:40 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.07.12 13:26:39 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.07.12 11:15:34 | 000,573,877 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\Kienast2.jpg
[2012.07.12 11:11:34 | 000,529,086 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\Kienast1.jpg
[2012.07.11 19:42:41 | 000,131,456 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\D6bels on stage - Ep16 - DUT.STL
[2012.07.11 19:17:57 | 000,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.11 10:39:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.07.10 19:22:16 | 000,109,568 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\AUX QUATRE COINS DU MONDE_SAISON2_EP1_LA GUERRE DES SAINTES - VM simulé.stl
[2012.07.10 12:44:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012.07.10 10:28:56 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\Passe-moi les jumelles - EP 02 - La vie des autres - DUT.STL
[2012.07.09 20:30:27 | 000,022,522 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\Brandstof Combo.ods
[2012.07.05 19:41:04 | 000,083,968 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\Passe-moi les jumelles - EP 02 - La vie des autres - VM.stl
[2012.07.05 19:39:45 | 000,134,784 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\D6bels on stage - Ep16 VM.STL
[2012.07.05 04:21:48 | 000,115,584 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\D6bels on stage - EP 15 - DUT.STL
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.02 13:32:16 | 000,000,033 | ---- | M] () -- C:\WINDOWS\Oscar4.ini
[2012.07.01 13:41:32 | 000,119,296 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\D6bels on stage - EP 15 - VM.STL
[2012.07.01 12:41:35 | 003,623,009 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\04 Everything Remains Raw.mp3
[2012.06.27 08:39:14 | 781,410,304 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\BBC.Horizon.2009.How.Many.People.Can.Live.on.Planet.Earth.PDTV.XviD.AC3.MVGroup.org.avi
[2012.06.26 17:11:50 | 000,048,640 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\URBANIA_QUEBEC_S3_Episode 5 VM Simulé.stl
[2012.06.22 17:58:11 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.19 20:05:45 | 000,624,883 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\adwcleaner.exe
[2012.07.19 18:15:20 | 004,503,728 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pmt_0piot.pad
[2012.07.18 16:08:43 | 000,010,810 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\rhhf.jpeg
[2012.07.18 14:26:50 | 000,627,624 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\MBS 59b+GW.skp
[2012.07.17 16:21:11 | 000,625,637 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\AutoSave_MBS 59b.skp
[2012.07.14 20:40:21 | 000,109,056 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\AUX QUATRE COINS DU MONDE_SAISON2_EP1_LA GUERRE DES SAINTES - DUT.STL
[2012.07.14 20:35:50 | 000,631,205 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\MBS 59b.skb
[2012.07.14 11:56:58 | 000,625,555 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\MBS 59b.skp
[2012.07.13 19:39:06 | 000,096,640 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\Carnets du bourlingueur - Ep03 - Naufrage gare aux requins VM.STL
[2012.07.12 11:15:32 | 000,573,877 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\Kienast2.jpg
[2012.07.12 11:11:30 | 000,529,086 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\Kienast1.jpg
[2012.07.10 10:47:19 | 000,131,456 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\D6bels on stage - Ep16 - DUT.STL
[2012.07.09 11:07:15 | 000,109,568 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\AUX QUATRE COINS DU MONDE_SAISON2_EP1_LA GUERRE DES SAINTES - VM simulé.stl
[2012.07.07 14:06:42 | 000,076,288 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\Passe-moi les jumelles - EP 02 - La vie des autres - DUT.STL
[2012.07.05 19:41:04 | 000,083,968 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\Passe-moi les jumelles - EP 02 - La vie des autres - VM.stl
[2012.07.05 19:39:44 | 000,134,784 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\D6bels on stage - Ep16 VM.STL
[2012.07.03 13:09:25 | 000,183,040 | ---- | C] () -- C:\WINDOWS\PI.EXE
[2012.07.02 13:32:16 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Oscar4.ini
[2012.07.01 13:41:49 | 000,115,584 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\D6bels on stage - EP 15 - DUT.STL
[2012.06.30 10:13:04 | 003,623,009 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\04 Everything Remains Raw.mp3
[2012.06.29 18:34:24 | 000,119,296 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\D6bels on stage - EP 15 - VM.STL
[2012.06.26 17:11:49 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\URBANIA_QUEBEC_S3_Episode 5 VM Simulé.stl
[2012.06.24 13:35:06 | 781,410,304 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\BBC.Horizon.2009.How.Many.People.Can.Live.on.Planet.Earth.PDTV.XviD.AC3.MVGroup.org.avi
[2012.06.22 17:58:10 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2012.02.16 17:48:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.11 16:42:02 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Neven\Local Settings\Application Data\PUTTY.RND
[2011.06.28 17:44:15 | 000,001,795 | ---- | C] () -- C:\Documents and Settings\Neven\Application Data\SAS7_000.DAT
[2011.06.28 17:34:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2011.05.27 12:54:34 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.05.27 12:54:34 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.04.17 10:36:51 | 000,000,014 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2010.11.22 19:12:40 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010.11.09 16:45:32 | 000,000,564 | ---- | C] () -- C:\Documents and Settings\Neven\Application Data\AutoGK.ini
[2010.11.09 16:39:46 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Neven\Application Data\inst.exe
[2010.11.09 16:39:46 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Neven\Application Data\pcouffin.cat
[2010.11.09 16:39:45 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Neven\Application Data\pcouffin.inf
[2010.10.26 13:08:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcrvs.dll
[2010.10.26 13:08:40 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrinpa.dll
[2010.10.26 13:08:40 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcriesc.dll
[2010.10.26 13:08:40 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\lxcrcoin.dll
[2010.10.26 13:08:23 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\lxcrdrs.dll
[2010.10.26 13:08:23 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcrcaps.dll
[2010.10.26 13:08:23 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcrcnv4.dll
[2010.10.26 13:08:10 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrserv.dll
[2010.10.26 13:08:10 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrusb1.dll
[2010.10.26 13:08:10 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomc.dll
[2010.10.26 13:08:10 | 000,536,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrlmpm.dll
[2010.10.26 13:08:10 | 000,495,616 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcoms.exe
[2010.10.26 13:08:10 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomm.dll
[2010.10.26 13:08:10 | 000,380,928 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrih.exe
[2010.10.26 13:08:10 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\LXCRinst.dll
[2010.10.26 13:08:10 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrprox.dll
[2010.10.26 13:08:10 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrpplc.dll
[2010.10.26 11:16:01 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.25 21:49:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.10.25 21:03:04 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.10.25 21:03:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.10.25 20:59:42 | 001,663,488 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010.10.25 20:59:42 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010.10.25 20:59:42 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010.10.25 20:59:42 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010.10.25 20:59:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010.10.25 18:14:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010.10.25 18:14:21 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010.10.25 18:14:21 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010.10.25 18:14:21 | 000,224,342 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010.10.25 18:14:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010.10.25 18:14:21 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010.10.25 18:08:35 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.10.25 17:44:55 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010.10.25 09:11:34 | 000,010,828 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbkey.sys
[2010.10.25 09:11:34 | 000,004,990 | ---- | C] () -- C:\WINDOWS\System32\ukeyvdd.dll
[2010.10.24 23:20:00 | 000,122,368 | ---- | C] () -- C:\Documents and Settings\Neven\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.06 00:49:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Neven\initdebug.nfo

< End of report >
         
Ich hoffe jemand kann mir helfen. Vielen Dank im Voraus.

Da war auch noch einen Extras.txt von OLT dabei:

Code:
ATTFilter
OTL Extras logfile created on: 19.07.2012 21:09:00 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Documents and Settings\Neven\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Austria | Language: DEA | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,46 Gb Available Physical Memory | 26,43% Memory free
3,60 Gb Paging File | 2,58 Gb Available in Paging File | 71,67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,07 Gb Total Space | 4,63 Gb Free Space | 11,84% Space Free | Partition Type: NTFS
Drive D: | 20,55 Gb Total Space | 1,63 Gb Free Space | 7,92% Space Free | Partition Type: NTFS
Drive F: | 53,83 Gb Total Space | 13,89 Gb Free Space | 25,80% Space Free | Partition Type: NTFS
Drive M: | 132,47 Gb Total Space | 15,95 Gb Free Space | 12,04% Space Free | Partition Type: NTFS
 
Computer Name: ACROPOLIS | User Name: Neven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LeechFTP\Leechftp.exe" = C:\Program Files\LeechFTP\Leechftp.exe:*:Enabled:LeechFTP -- (jan debis)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\WINDOWS\system32\lxcrcoms.exe" = C:\WINDOWS\system32\lxcrcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Documents and Settings\Neven\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Neven\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{023C9E50-C216-4E7A-A8A5-3457DE58106C}" = Catalyst Control Center - Branding
"{03D8A0D6-8455-B550-A808-391C82127447}" = CCC Help Greek
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{09756AF6-AFAD-EF82-AB78-3297FD81E821}" = CCC Help Japanese
"{10CD9AF7-5D3A-2772-F617-8BD9D82EC3A3}" = CCC Help Dutch
"{1447E6D2-1015-AE95-5976-E15EF8684347}" = CCC Help Portuguese
"{17B4113F-D6AA-3970-127A-C09D10886EB0}" = CCC Help German
"{187DC7F2-3C76-62C6-575B-03EC8B9B0BC8}" = Catalyst Control Center Graphics Full Existing
"{1A4B2698-683C-769B-7E67-339F23858DEB}" = Catalyst Control Center Graphics Full New
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200BFFBD-3B5F-47C7-F6DB-3162EF559880}" = Skins
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23970E31-948B-466E-8376-1224D32FDF0C}" = Convert
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2964F96C-FC72-4F97-9A71-88795BFD91A1}_is1" = 2011c
"{337A4845-48F0-3363-4424-5047FD6AB456}" = CCC Help Hungarian
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{511CD3D6-8A90-8D4F-B16B-DA80BD0E0FBE}" = CCC Help Turkish
"{53C06EDE-6FB0-643E-7193-7053F9C7190A}" = ccc-utility
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C9C1AD9-CBA2-8EBD-8252-D39F40C29F4B}" = CCC Help Thai
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63717D97-103F-4310-E8E9-22F26F9E2C38}" = CCC Help Korean
"{652F3200-5E12-4CAD-BA2E-88EFE0113BCD}" = AMD OverDrive
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A13436F-4D18-D4B5-181E-B6AC603BFED7}" = CCC Help Czech
"{6C878433-FDDC-6C9E-2E6C-55F979761B30}" = Catalyst Control Center Core Implementation
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E0696CF-2869-578B-F8AB-C82B80F9EF12}" = CCC Help Italian
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90A8E958-F3F9-CE7C-B084-F90B8F40F3C3}" = Catalyst Control Center Graphics Light
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A51026AB-F833-413F-5BB3-AE1B3CF3F539}" = ccc-core-static
"{A879106A-9275-0397-CA14-76B24943ACE3}" = CCC Help Swedish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration
"{B22C04E5-C923-94E2-A33A-25B988686934}" = CCC Help Finnish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7C58F3A-7E49-453E-918D-587FEA66CA0D}" = Spot 4.4
"{BB6BB891-CA30-060D-5D63-860F59DBD29D}" = CCC Help Spanish
"{BFB91468-460B-68B6-C666-BB5CC09BC93B}" = Catalyst Control Center Localization All
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{CF287D73-E32C-19C1-E895-2EC4BC7334AE}" = CCC Help Chinese Traditional
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D85D835B-E26E-99E0-CB4E-9DEA34EC19FD}" = CCC Help Russian
"{DA57EFCC-90DA-A202-9AC8-A1278918F481}" = CCC Help Polish
"{DCB51FBC-68AD-42FF-8426-199F1FE2C4F5}" = AMD USB Filter Driver
"{DD97597E-7AB9-8A67-5C18-31015D91B337}" = ccc-core-preinstall
"{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}" = Dragon NaturallySpeaking 9
"{E2958428-E345-CB5E-239D-FE031BDA3A89}" = CCC Help Chinese Standard
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA36EFF1-DFB9-E5A7-29C0-9DBAF7EBAEF6}" = CCC Help English
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3A4A3DA-D7E8-C3CD-966D-9B57762739FF}" = CCC Help French
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{F8C3DA4D-3837-50E7-10B2-0EE0D656B63C}" = CCC Help Danish
"{F943B1DF-711F-7D8E-3257-ED05026895E1}" = Catalyst Control Center InstallProxy
"{FFB7426F-1531-6AB4-BFB9-3CC1336FE406}" = CCC Help Norwegian
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AMP Font Viewer" = AMP Font Viewer
"Audacity_is1" = Audacity 1.2.6
"AutoBauDeinstKey" = Autos bauen mit Willy Werkel
"AutoGK" = Auto Gordian Knot 2.55
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2
"CDex" = CDex - Open Source Digital Audio CD Extractor
"Cool Timer_is1" = Cool Timer 3.6
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.16
"DivX Setup" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 4.0 Home Edition
"Easy GIF Animator Cracked by zoo_is1" = Easy GIF Animator 5.2
"Easy Thumbnails_is1" = Easy Thumbnails (Remove only)
"ExtractNow_is1" = ExtractNow
"FileZilla Client" = FileZilla Client 3.3.0.1
"FormatFactory" = FormatFactory 2.50
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.22.602
"Glary Utilities_is1" = Glary Utilities 2.44.0.1450
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Lexmark 2400 Series" = Lexmark 2400 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"Mozilla Thunderbird 14.0 (x86 en-US)" = Mozilla Thunderbird 14.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Notepad++" = Notepad++
"Oscar der Ballonfahrer und die Abenteuer der Wiese" = Oscar der Ballonfahrer und die Abenteuer der Wiese
"PowerISO" = PowerISO
"Recordpad" = RecordPad Sound Recorder
"SopCast" = SopCast 3.5.0
"SpeedFan" = SpeedFan (remove only)
"Switch" = Switch Sound File Converter
"SyncBack_is1" = SyncBack
"TeamViewer 7" = TeamViewer 7
"uTorrent" = µTorrent
"Van Dale Grote woordenboeken Duits" = Van Dale Grote woordenboeken Duits
"Van Dale Grote woordenboeken Engels" = Van Dale Grote woordenboeken Engels
"Van Dale Grote woordenboeken Frans" = Van Dale Grote woordenboeken Frans
"Van Dale Grote woordenboeken Spaans" = Van Dale Grote woordenboeken Spaans
"vdegwn.exe" = Van Dale Groot woordenboek van de Nederlandse taal 14
"VLC media player" = VLC media player 1.1.11
"VobSub" = VobSub v2.23 (Remove Only)
"WavePad" = WavePad Sound Editor
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"WXDecoder" = WXDecoder
"XMedia Recode" = XMedia Recode 3.0.5.6
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Integrated Data Viewer" = Integrated Data Viewer
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.07.2012 13:26:01 | Computer Name = ACROPOLIS | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262,
 faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113b5.
 
Error - 04.07.2012 07:26:03 | Computer Name = ACROPOLIS | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262,
 faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.
 
Error - 07.07.2012 10:26:01 | Computer Name = ACROPOLIS | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262,
 faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113b5.
 
Error - 11.07.2012 07:26:02 | Computer Name = ACROPOLIS | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262,
 faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113b5.
 
Error - 14.07.2012 15:26:02 | Computer Name = ACROPOLIS | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.265,
 faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.
 
Error - 15.07.2012 05:41:42 | Computer Name = ACROPOLIS | Source = Application Hang | ID = 1002
Description = Hanging application spot.exe, version 4.4.0.20, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 15.07.2012 11:26:01 | Computer Name = ACROPOLIS | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.265,
 faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113b5.
 
Error - 16.07.2012 11:26:02 | Computer Name = ACROPOLIS | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.265,
 faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113b5.
 
Error - 16.07.2012 19:26:00 | Computer Name = ACROPOLIS | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.265,
 faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113b5.
 
Error - 17.07.2012 15:26:02 | Computer Name = ACROPOLIS | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.265,
 faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113b5.
 
[ System Events ]
Error - 19.07.2012 04:35:54 | Computer Name = ACROPOLIS | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:   %%1058
 
Error - 19.07.2012 12:21:33 | Computer Name = ACROPOLIS | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:   %%1058
 
Error - 19.07.2012 12:30:02 | Computer Name = ACROPOLIS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 19.07.2012 12:30:56 | Computer Name = ACROPOLIS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 19.07.2012 12:38:14 | Computer Name = ACROPOLIS | Source = Service Control Manager | ID = 7022
Description = The avast! Antivirus service hung on starting.
 
Error - 19.07.2012 12:38:14 | Computer Name = ACROPOLIS | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:   %%1058
 
Error - 19.07.2012 12:38:19 | Computer Name = ACROPOLIS | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 19.07.2012 12:38:20 | Computer Name = ACROPOLIS | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 19.07.2012 12:38:20 | Computer Name = ACROPOLIS | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 19.07.2012 14:29:51 | Computer Name = ACROPOLIS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
 while processing the file 'desktop.ini' on the volume 'HarddiskVolume5'.  It has
 stopped monitoring the volume.
 
 
< End of report >
         

Alt 19.07.2012, 21:03   #2
t'john
/// Helfer-Team
 
Bundespolizei-Trojan - Standard

Bundespolizei-Trojan





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe 
PRC - [2006.01.22 12:45:08 | 000,286,720 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon.exe 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKCU\..\SearchScopes,DefaultScope = {1900ED55-EEF8-400E-986C-A7E248558580} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{1900ED55-EEF8-400E-986C-A7E248558580}: "URL" = http://www.google.de/search?q={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.startup.homepage: "http://www.guardian.co.uk/environment" 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O32 - HKLM CDRom: AutoRun - 1 

[2012.07.19 21:09:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.19 20:26:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job 
[2012.07.19 20:09:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job 
[2012.07.19 20:00:37 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Data.job 
[2012.07.19 18:21:27 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job 
[2012.07.19 18:21:22 | 004,503,728 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\pmt_0piot.pad 
[2012.07.10 12:44:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job 
[2012.06.22 17:58:11 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job 
[2012.06.22 17:58:10 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\switchShakeIcon.job 
[2012.07.19 18:15:20 | 004,503,728 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pmt_0piot.pad 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 19.07.2012, 21:07   #3
Neven
 
Bundespolizei-Trojan - Standard

Bundespolizei-Trojan



Danke!

Bevor ich anfange, frage ich es nur zur Sicherheit: Was mache ich mit Malwarebytes (noch offen)? Löschen?
__________________

Alt 19.07.2012, 21:08   #4
t'john
/// Helfer-Team
 
Bundespolizei-Trojan - Standard

Bundespolizei-Trojan



ja, loeschen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 19.07.2012, 21:21   #5
Neven
 
Bundespolizei-Trojan - Standard

Bundespolizei-Trojan



OTL Fix gemacht:

Code:
ATTFilter
All processes killed
========== OTL ==========
No active process named DivXUpdate.exe was found!
No active process named lxcrmon.exe was found!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1900ED55-EEF8-400E-986C-A7E248558580}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1900ED55-EEF8-400E-986C-A7E248558580}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "hxxp://www.guardian.co.uk/environment" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\SyncBack Data.job moved successfully.
C:\WINDOWS\tasks\GlaryInitialize.job moved successfully.
C:\Documents and Settings\All Users\Application Data\pmt_0piot.pad moved successfully.
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job moved successfully.
C:\WINDOWS\tasks\switchShakeIcon.job moved successfully.
File C:\WINDOWS\tasks\switchShakeIcon.job not found.
File C:\Documents and Settings\All Users\Application Data\pmt_0piot.pad not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Neven\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Neven\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temporary Internet Files folder emptied: 204550 bytes
->Flash cache emptied: 2870 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Neven
->Temp folder emptied: 370474211 bytes
->Temporary Internet Files folder emptied: 489609783 bytes
->Java cache emptied: 165262485 bytes
->FireFox cache emptied: 351848014 bytes
->Google Chrome cache emptied: 557424 bytes
->Flash cache emptied: 1345241 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 13165201 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37537961 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 364318532 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 168022556 bytes
 
Total Files Cleaned = 1.874,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
User: Neven
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07192012_221403

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Malwarebytes Scan läuft...


Alt 19.07.2012, 21:23   #6
t'john
/// Helfer-Team
 
Bundespolizei-Trojan - Standard

Bundespolizei-Trojan



Sehr gut!

Wie laeuft der Rechner?

Bitte mit MBAM Log wieder melden.
__________________
--> Bundespolizei-Trojan

Alt 19.07.2012, 21:34   #7
Neven
 
Bundespolizei-Trojan - Standard

Bundespolizei-Trojan



Der Rechner läuft gut, nur nach den Reboot waren alle Extensions weg, .doc, .jpg usw (entschuldige, ich weiss nicht wie man das auf Deutsch sagt). Habe ich wieder bei Folder Options eingestellt. Sonst schaut alles normal aus.

Auf jedem Fall: Internet Explorer verwende ich ab heute nicht mehr. So was wie diese Bundespolizei-Trojan habe ich noch nie erlebt. Ich dachte fast das es wirklich wahr war, und der Polizeistaat angefangen hatte.

Ich melde mich wieder wenn Malwarebytes fertig ist. Mache danach auch noch ein Scan mit Avast.

-----
----
---
--
-

Malware Scan:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.19.13

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Neven :: ACROPOLIS [administrator]

19.07.2012 22:22:34
mbam-log-2012-07-19 (22-22-34).txt

Scan type: Full scan (C:\|D:\|F:\|M:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 333934
Time elapsed: 50 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Und AdwCleaner:

Code:
ATTFilter
# AdwCleaner v1.702 - Logfile created 07/19/2012 at 23:16:11
# Updated 13/07/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Neven - ACROPOLIS
# Running from : C:\Documents and Settings\Neven\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\Conduit

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default 
File : C:\Documents and Settings\Neven\Application Data\Mozilla\Firefox\Profiles\qikr6udx.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Neven\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found :          "path": "C:\\Documents and Settings\\Neven\\Local Settings\\Application Data\\Unity\\WebPla[...]

*************************

AdwCleaner[R1].txt - [1253 octets] - [19/07/2012 23:16:11]

########## EOF - C:\AdwCleaner[R1].txt - [1381 octets] ##########
         
Jetzt Avast...

Geändert von Neven (19.07.2012 um 22:15 Uhr)

Alt 19.07.2012, 22:43   #8
t'john
/// Helfer-Team
 
Bundespolizei-Trojan - Standard

Bundespolizei-Trojan



Sehr gut!

  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



nach AVAST:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 19.07.2012, 23:29   #9
Neven
 
Bundespolizei-Trojan - Standard

Bundespolizei-Trojan



Avast hatte nichts gefunden.

AdwCleaner nach delete:

Code:
ATTFilter
# AdwCleaner v1.702 - Logfile created 07/20/2012 at 00:18:07
# Updated 13/07/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Neven - ACROPOLIS
# Running from : C:\Documents and Settings\Neven\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default 
File : C:\Documents and Settings\Neven\Application Data\Mozilla\Firefox\Profiles\qikr6udx.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Neven\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted :          "path": "C:\\Documents and Settings\\Neven\\Local Settings\\Application Data\\Unity\\WebPla[...]

*************************

AdwCleaner[R1].txt - [1382 octets] - [19/07/2012 23:16:11]
AdwCleaner[S1].txt - [1323 octets] - [20/07/2012 00:18:07]

########## EOF - C:\AdwCleaner[S1].txt - [1451 octets] ##########
         
Jetzt Emsisoft (melde mich wieder wenn fertig)...

-----
----
---
--
-

Meine Frau sagt ich muss ins Bett.

Melde mich morgen in der Früh wieder. Good night.

Geändert von Neven (19.07.2012 um 23:40 Uhr)

Alt 20.07.2012, 09:48   #10
t'john
/// Helfer-Team
 
Bundespolizei-Trojan - Standard

Bundespolizei-Trojan



Alles klar
__________________
Mfg, t'john
Das TB unterstützen

Alt 20.07.2012, 12:20   #11
Neven
 
Bundespolizei-Trojan - Standard

Bundespolizei-Trojan



Emsisoft Scan:

Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Last update: 20.07.2012 11:24:04

Scan settings:

Scan type: Deep Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, F:\, M:\
Scan archives: On
ADS Scan: On

Scan start:	20.07.2012 11:35:08


Scanned	632248
Found	0

Scan end:	20.07.2012 13:19:24
Scan time:	1:44:16
         

Alt 20.07.2012, 20:42   #12
t'john
/// Helfer-Team
 
Bundespolizei-Trojan - Standard

Bundespolizei-Trojan



Sehr gut!

Deinstalliere:
Emsisoft Anti-Malware


danach:



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
Mfg, t'john
Das TB unterstützen

Alt 21.07.2012, 14:47   #13
Neven
 
Bundespolizei-Trojan - Standard

Bundespolizei-Trojan



ESET log:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=89302a1a7bc858439a14dbf5e5c6540e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-21 01:28:29
# local_time=2012-08-21 03:28:29 (+0100, W. Europe Daylight Time)
# country="Austria"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=770 16774141 100 100 57510405 122258678 0 0
# compatibility_mode=8192 67108863 100 0 187 187 0 0
# scanned=158633
# found=2
# cleaned=0
# scan_time=6905
M:\Software\FFSetup210.exe	Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
M:\Software\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
         
Ich glaube die beide Sachen sind nicht gefährlich (erste hat mit eBay oder so was zum tun).

Alt 21.07.2012, 21:21   #14
t'john
/// Helfer-Team
 
Bundespolizei-Trojan - Standard

Bundespolizei-Trojan



Sehr gut!

damit bist Du sauber und entlassen!


Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 21.07.2012, 21:32   #15
Neven
 
Bundespolizei-Trojan - Standard

Bundespolizei-Trojan



Super, danke! Spende ist unterwegs.

Antwort

Themen zu Bundespolizei-Trojan
7-zip, ad-aware, administrator, adobe, adobe flash player, antivirus, audacity, avast, cpu-z, desktop.ini, explorer, file, firefox, flash player, format, google earth, helper, infiziert, installation, mozilla, ntdll.dll, poweriso, realtek, registry, remote control, searchscopes, sketchup, software, starten, system, temp, win32:sirefef-btt, windows internet



Ähnliche Themen: Bundespolizei-Trojan


  1. [Win XP] botnet: ntp-muliplier; desinfect: Trojan.Script.Iframer, Trojan.Heur.TP, Win.Trojan.Iniduoh, Win.Trojan.Ramnit
    Log-Analyse und Auswertung - 08.02.2014 (16)
  2. Bundespolizei, cache.dat (Trojan.Gen), Advertising Center?
    Log-Analyse und Auswertung - 25.10.2013 (5)
  3. Mehrere Trojaner im Temp Ordner (Trojan.Citadel.IE, Trojan.Ransom.CT, Trojan.Zlob)
    Log-Analyse und Auswertung - 14.04.2013 (7)
  4. Trojan.Ransom.ED, Trojan.Agent.ED, Trojan.FakeMS.PRGen und Bublik b. durch Email erhalten?
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (29)
  5. BKA-Trojaner u.a. (Trojan.Bublik, Trojan-Ransom.Foreign, Worm.Cridex, Trojan.Yakes)
    Log-Analyse und Auswertung - 17.03.2013 (4)
  6. Bundespolizei-Trojaner, Trojan.Ransom.SUGen und Exploit.Drop.GS
    Log-Analyse und Auswertung - 07.01.2013 (10)
  7. Trojan.Ramson / Bundespolizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.10.2012 (15)
  8. Verschlüsselungstrojaner "Bundespolizei" Trojan.Vundo
    Log-Analyse und Auswertung - 08.10.2012 (17)
  9. Wohl mehrere Viren: Rootkit.0Access Trojan.Zaccess Trojan.RansomP.Gen Trojan.Agent bzw. TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (13)
  10. Trojan.Apppatch,Trojan.Agent.BVXGen und Trojan.Midhos in C:\Users\inet-kid\AppData,TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (35)
  11. Gesperrt durch Bundespolizei (Trojan.Phex.THAGen7 gefunden)
    Log-Analyse und Auswertung - 06.08.2012 (11)
  12. Viren (EXP/CVE-2012-0507.BR; Trojan.Agent.Gen; HEUR/SystemFile.modified) nach Bundespolizei-Trojaner
    Log-Analyse und Auswertung - 30.07.2012 (9)
  13. Hilfe! Trojan.Small; Trojan.Sirefef; Rootkit.0Access; Trojan.Atraps.Gen2 auf meinem Rechner.
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (11)
  14. Trojan.Ransom.Gen (Bundespolizei-Virus)
    Plagegeister aller Art und deren Bekämpfung - 09.01.2012 (19)
  15. Trojan.Agent, Trojan.FakeAltert, Trojan.Hiloti.Gen gefunden und gelöscht,aber wirklich weg?
    Log-Analyse und Auswertung - 27.04.2011 (11)
  16. Trojan.BHO, Spyware.Passwords.XGen, Trojan.Dropper und Trojan.Agent mit Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.12.2010 (9)
  17. Diverse Trojaner vom Typ Trojan.Rodecap, Trojan.Dropper und Trojan.Agent! Brauche dringend Hilfe!
    Log-Analyse und Auswertung - 09.08.2010 (16)

Zum Thema Bundespolizei-Trojan - Ich bin heute von dem Mist infiziert worden (Win XP sp3). Habe System Restore im Safe Mode gemacht. Konnte dann wieder im Normal Mode starten und habe dann mit Malwarebytes - Bundespolizei-Trojan...
Archiv
Du betrachtest: Bundespolizei-Trojan auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.