Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundestrojaner nach Systemwiderherstellung inkl. Logs

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 27.07.2012, 16:12   #1
AndyG
 
Bundestrojaner nach Systemwiderherstellung inkl. Logs - Standard

Bundestrojaner nach Systemwiderherstellung inkl. Logs



Hallo,

ich habe mir diesen Bundestrojaner-Virus eingefangen.
Ich habe eine Systemwiederherstellung durchgeführt und habe Vollzugriff auf meinen Laptop, d.h. es funktioniert so wie ich das sehe augenscheinlich alles, wobei er jetzt erst mal nicht am WLAN hängt.

Anbei mal die Logs von Malwarebytes und OTL...kann jemand so nett sein und checken, ob ich das Ding wieder los bin oder welche Schritte ich ggf. noch einleiten muss

Zitat:
Zitat von OTL
OTL logfile created on: 27.07.2012 16:59:58 - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Name\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,87 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 54,12% Memory free
7,73 Gb Paging File | 5,89 Gb Available in Paging File | 76,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,99 Gb Total Space | 186,50 Gb Free Space | 65,44% Space Free | Partition Type: NTFS

Computer Name: Name-LAPTOP | User Name: Name | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.27 15:41:18 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Name\Desktop\OTL.exe
PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.03.31 16:48:36 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2011.01.14 16:55:57 | 002,250,616 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.12.07 00:02:12 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010.06.28 15:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.06.28 15:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.06.22 08:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.06.22 08:34:48 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.06.22 08:34:46 | 000,968,272 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.04.13 18:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.10.12 10:45:12 | 000,312,784 | ---- | M] () -- C:\Program Files (x86)\3DataManager\WTGService.exe
PRC - [2008.05.16 05:51:24 | 000,741,376 | ---- | M] (Edimax Technology Co., Ltd.) -- C:\Program Files (x86)\MFP Server\App\Common\MFPAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012.06.13 05:56:35 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.13 05:55:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.13 05:35:37 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.11 11:38:40 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\701baa4d78031ac5130eadea085bbebf\IAStorUtil.ni.dll
MOD - [2012.05.10 17:25:03 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 17:24:11 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.10 17:24:04 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.10 17:24:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.10 17:23:58 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.10 17:23:50 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.06.28 15:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012.05.29 13:09:50 | 000,035,680 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010.05.27 06:59:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.07.18 18:32:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.29 13:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.21 13:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.01.14 16:55:57 | 002,250,616 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.07.13 13:59:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.06.28 15:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.06.22 08:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.06.02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.10.12 10:45:12 | 000,312,784 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\3DataManager\WTGService.exe -- (WTGService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.12.17 06:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007.01.11 06:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.06.26 20:19:01 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011.06.26 20:19:01 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.02 15:14:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010.12.02 15:14:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010.12.02 15:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010.12.02 15:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.07.21 17:58:50 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010.07.09 05:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010.06.17 11:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.05.27 07:39:14 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.05.27 06:25:38 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.05.15 14:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010.05.11 12:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.04.20 04:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.04.13 12:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.01.27 05:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.09.17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.05.16 05:51:24 | 000,039,552 | ---- | M] (None) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mfpec.sys -- (ALIWEHCD)
DRV:64bit: - [2008.05.16 05:51:24 | 000,012,416 | ---- | M] (None) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfpvbus.sys -- (WUSBVBus)
DRV - [2012.02.09 11:48:24 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.06.26 20:19:01 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.09.10 15:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273601118155l0414z1j5v47222556
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273601118155l0414z1j5v47222556
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273601118155l0414z1j5v47222556
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273601118155l0414z1j5v47222556
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273601118155l0414z1j5v47222556
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273601118155l0414z1j5v47222556
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE413
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.greuther-fuerth.de/v3/aktuelles/newsflash.php"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.02.17 17:02:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.05.26 18:00:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.07.08 19:10:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 18:32:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.27 06:20:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.05.26 18:00:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 18:32:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.27 06:20:21 | 000,000,000 | ---D | M]

[2011.01.06 11:02:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Name\AppData\Roaming\mozilla\Extensions
[2012.07.04 22:30:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\jt9yfrnl.default\extensions
[2012.04.01 10:49:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\jt9yfrnl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.08.18 17:54:59 | 000,000,000 | ---D | M] (CSHelper) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\jt9yfrnl.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473}
[2012.06.15 17:25:54 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\jt9yfrnl.default\extensions\ich@maltegoetz.de
[2012.06.29 20:49:48 | 000,000,853 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\jt9yfrnl.default\searchplugins\11-suche.xml
[2011.01.25 23:29:11 | 000,002,321 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\jt9yfrnl.default\searchplugins\dictcc.xml
[2012.06.29 20:49:48 | 000,002,209 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\jt9yfrnl.default\searchplugins\englische-ergebnisse.xml
[2012.06.29 20:49:48 | 000,010,506 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\jt9yfrnl.default\searchplugins\gmx-suche.xml
[2012.07.27 06:26:27 | 000,001,610 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\jt9yfrnl.default\searchplugins\ixquick-https---deutsch.xml
[2012.06.29 20:49:48 | 000,002,368 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\jt9yfrnl.default\searchplugins\lastminute.xml
[2011.05.17 21:50:07 | 000,001,748 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\jt9yfrnl.default\searchplugins\leo-deu-fra.xml
[2011.02.09 00:08:04 | 000,002,030 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\jt9yfrnl.default\searchplugins\myvideo-suche-.xml
[2012.06.29 20:49:48 | 000,005,489 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\jt9yfrnl.default\searchplugins\webde-suche.xml
[2011.07.12 22:08:57 | 000,001,330 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\jt9yfrnl.default\searchplugins\wikipedia-en.xml
[2011.03.15 23:36:38 | 000,002,440 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\jt9yfrnl.default\searchplugins\wikiquote-de.xml
[2011.05.10 21:05:23 | 000,002,442 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\jt9yfrnl.default\searchplugins\wikiquote-en.xml
[2011.01.06 13:33:45 | 000,002,057 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\jt9yfrnl.default\searchplugins\youtube-videosuche.xml
[2012.06.08 05:10:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.08 19:10:36 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2012.04.17 17:46:16 | 000,008,001 | ---- | M] () (No name found) -- C:\USERS\Name\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JT9YFRNL.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI
[2012.06.29 20:49:39 | 000,575,217 | ---- | M] () (No name found) -- C:\USERS\Name\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JT9YFRNL.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2011.11.25 23:03:22 | 000,015,029 | ---- | M] () (No name found) -- C:\USERS\Name\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JT9YFRNL.DEFAULT\EXTENSIONS\YOUTUBEDOWNLOADER@HUANGHO.NET76.NET.XPI
[2012.07.18 18:32:03 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.26 17:41:20 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.12.07 00:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.05.03 23:22:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.03 23:22:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.05.03 23:22:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.03 23:22:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.03 23:22:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.03 23:22:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: hxxp://www.google.com
CHR - homepage: hxxp://www.google.com

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [GDI Manager] C:\Program Files (x86)\MFP Server\App\Common\MFPAgent.exe (Edimax Technology Co., Ltd.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [Server Application] C:\Windows\system32\ServoApp.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [EPSON Stylus SX400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEGE.EXE /FU "C:\Windows\TEMP\E_SE83E.tmp" /EF "HKCU" File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81AB6FF5-D08E-4E17-8877-669F87E8C0B9}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{53fdb3cd-a020-11e0-adb1-1c659d186c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{53fdb3cd-a020-11e0-adb1-1c659d186c8d}\Shell\AutoRun\command - "" = E:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{a96d0834-a141-11e0-84e1-1c659d186c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{a96d0834-a141-11e0-84e1-1c659d186c8d}\Shell\AutoRun\command - "" = E:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{e39e9f93-a020-11e0-bc4e-1c659d186c8d}\Shell - "" = AutoRun
O33 - MountPoints2\{e39e9f93-a020-11e0-bc4e-1c659d186c8d}\Shell\AutoRun\command - "" = E:\.\Autorun.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.27 16:24:02 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Name\Desktop\OTL.exe
[2012.07.27 15:14:57 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\Malwarebytes
[2012.07.27 15:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.27 15:14:46 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.27 15:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.27 15:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.27 15:14:26 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Name\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.21 10:20:58 | 000,360,448 | ---- | C] (FLV.com) -- C:\Windows\SysWow64\TubeFinder.exe
[2012.07.21 10:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter
[2012.07.21 10:20:56 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomctl.ocx
[2012.07.21 10:20:56 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCFR.DLL
[2012.07.21 10:20:56 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6FR.DLL
[2012.07.21 10:20:56 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6STKIT.DLL
[2012.07.21 10:20:56 | 000,084,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PICCLP32.OCX
[2012.07.21 10:20:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PCCLPFR.DLL
[2012.07.21 10:20:53 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2012.07.21 10:20:53 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CMDLGFR.DLL
[2012.07.21 10:20:53 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\FreeFLVConverter
[2012.07.21 10:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter
[2012.07.11 06:35:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 06:35:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 06:34:50 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 06:34:23 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 06:34:22 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.10 17:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode

========== Files - Modified Within 30 Days ==========

[2012.07.27 16:54:15 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.27 16:26:44 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.27 16:26:44 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.27 16:26:44 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.27 16:26:44 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.27 16:26:44 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.27 15:41:18 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Name\Desktop\OTL.exe
[2012.07.27 15:16:54 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.27 15:16:53 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.27 15:14:47 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.27 15:10:48 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Name\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.27 15:08:13 | 000,001,937 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.07.27 15:08:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.07.27 15:08:03 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.27 15:07:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.27 15:07:22 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.27 14:19:25 | 004,503,728 | ---- | M] () -- C:\ProgramData\zak_lo0i7g.pad
[2012.07.21 10:20:58 | 000,001,125 | ---- | M] () -- C:\Users\Name\Desktop\Free FLV Converter.lnk
[2012.07.20 14:18:55 | 000,004,416 | ---- | M] () -- C:\Users\Name\AppData\Roaming\CamStudio.cfg
[2012.07.20 14:18:55 | 000,000,408 | ---- | M] () -- C:\Users\Name\AppData\Roaming\CamShapes.ini
[2012.07.20 14:18:55 | 000,000,408 | ---- | M] () -- C:\Users\Name\AppData\Roaming\CamLayout.ini
[2012.07.20 14:18:55 | 000,000,120 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Camdata.ini
[2012.07.11 17:51:12 | 000,917,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.10 17:30:03 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.07.03 18:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012.07.27 15:14:47 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.27 15:08:13 | 000,001,937 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.07.27 14:12:19 | 004,503,728 | ---- | C] () -- C:\ProgramData\zak_lo0i7g.pad
[2012.07.21 10:20:58 | 000,001,125 | ---- | C] () -- C:\Users\Name\Desktop\Free FLV Converter.lnk
[2012.07.21 10:20:56 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\PropertyGrid.ocx
[2012.07.21 10:20:56 | 000,208,500 | ---- | C] () -- C:\Windows\SysWow64\ReyXpBasics.tlb
[2012.07.21 10:20:53 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ControlSubX.ocx
[2012.07.10 17:30:03 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2012.02.29 21:35:11 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012.02.29 21:35:11 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012.02.29 21:35:11 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012.02.29 21:35:11 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012.02.29 21:35:11 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012.02.29 21:35:11 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012.02.29 21:35:11 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012.02.29 21:35:11 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012.02.29 21:35:11 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012.02.29 21:35:11 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012.02.29 21:35:11 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012.02.29 21:35:11 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012.02.29 21:35:11 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012.02.29 21:35:11 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012.02.29 21:35:11 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012.02.29 21:35:11 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012.02.29 21:35:11 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012.02.29 21:35:11 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012.02.29 21:35:11 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012.02.29 21:34:08 | 000,008,133 | ---- | C] () -- C:\Windows\SysWow64\MFPScript.ini
[2012.02.29 21:23:25 | 000,000,025 | ---- | C] () -- C:\Windows\CDE SX400DEFGIPSDaFiNoSv.ini
[2011.08.18 17:56:20 | 000,000,408 | ---- | C] () -- C:\Users\Name\AppData\Roaming\CamShapes.ini
[2011.08.18 17:56:20 | 000,000,408 | ---- | C] () -- C:\Users\Name\AppData\Roaming\CamLayout.ini
[2011.08.18 17:56:20 | 000,000,120 | ---- | C] () -- C:\Users\Name\AppData\Roaming\Camdata.ini
[2011.08.18 17:56:19 | 000,004,416 | ---- | C] () -- C:\Users\Name\AppData\Roaming\CamStudio.cfg
[2011.06.27 09:22:00 | 000,000,000 | ---- | C] () -- C:\Users\Name\AppData\Local\{9A9FC435-A62A-4B2C-B68D-6D3B09456F39}
[2011.06.26 20:19:08 | 000,000,000 | ---- | C] () -- C:\Users\Name\AppData\Local\{B4F369B5-E59D-4A6F-BE34-57B95497E888}
[2011.06.17 14:32:30 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.05.31 18:33:15 | 000,003,584 | ---- | C] () -- C:\Users\Name\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.30 23:59:19 | 000,007,605 | ---- | C] () -- C:\Users\Name\AppData\Local\Resmon.ResmonCfg
[2011.05.30 20:06:01 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.05.05 12:49:45 | 000,000,000 | ---- | C] () -- C:\Users\Name\AppData\Local\{D75610C8-4D79-4064-8B8E-C3EAD3688B68}
[2011.05.02 22:50:39 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.02.08 00:00:52 | 000,427,284 | ---- | C] () -- C:\Users\Name\Stöckach.jpg
[2011.01.08 16:43:53 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.06 11:01:58 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.08.21 22:03:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.08.21 21:58:05 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.07.13 13:45:37 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== LOP Check ==========

[2011.07.01 08:31:01 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\3DataManager
[2011.10.13 18:07:59 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\elsterformular
[2012.03.29 21:50:40 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\FileZilla
[2012.07.21 10:21:12 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\FreeFLVConverter
[2011.01.25 23:12:33 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\GrabPro
[2012.07.06 18:54:52 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\ICQ
[2011.01.08 16:17:24 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\ImgBurn
[2011.01.11 12:32:04 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Lehoh
[2011.09.20 21:38:27 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Liteon
[2011.07.19 18:03:51 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Nokia
[2011.07.19 18:03:52 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Nokia Ovi Suite
[2011.01.19 21:15:10 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Notepad++
[2011.11.06 19:24:42 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Orbit
[2011.02.17 17:05:20 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\PC Suite
[2011.06.26 20:19:02 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Program Files (x86)
[2011.01.08 17:02:00 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\ProgSense
[2011.01.20 14:00:30 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\SMSout
[2012.07.24 22:07:11 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\SoftGrid Client
[2011.01.23 22:51:32 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\SuperMailer
[2012.01.02 00:00:35 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\TeamViewer
[2011.01.08 16:44:50 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\TP
[2012.04.15 13:49:48 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\TuneUp Software
[2011.06.13 21:30:41 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\XMedia Recode
[2012.07.22 18:55:18 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\XnView
[2012.06.17 07:54:27 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685

< End of report >
Danke schon mal im Voraus...
Grüße
Andy
Angehängte Dateien
Dateityp: txt mbam-log-2012-07-27 (16-43-49).txt (2,7 KB, 154x aufgerufen)

Alt 27.07.2012, 17:56   #2
t'john
/// Helfer-Team
 
Bundestrojaner nach Systemwiderherstellung inkl. Logs - Standard

Bundestrojaner nach Systemwiderherstellung inkl. Logs





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:Processes
killallprocesses

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7ACAW 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7ACAW_deDE413 
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "http://www.greuther-fuerth.de/v3/aktuelles/newsflash.php" 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736 
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51 
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
[2011.01.06 11:02:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Name\AppData\Roaming\mozilla\Extensions 
[2012.07.04 22:30:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\jt9yfrnl.default\extensions 
[2012.04.17 17:46:16 | 000,008,001 | ---- | M] () (No name found) -- C:\USERS\Name\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JT9YFRNL.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.CO M.XPI 
[2012.06.29 20:49:39 | 000,575,217 | ---- | M] () (No name found) -- C:\USERS\Name\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JT9YFRNL.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.X PI 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) 
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () 
O4 - HKLM..\Run: [Server Application] C:\Windows\system32\ServoApp.exe File not found 
O4 - HKCU..\Run: [] File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{53fdb3cd-a020-11e0-adb1-1c659d186c8d}\Shell - "" = AutoRun 
O33 - MountPoints2\{53fdb3cd-a020-11e0-adb1-1c659d186c8d}\Shell\AutoRun\command - "" = E:\.\Autorun.exe AUTORUN=1 
O33 - MountPoints2\{a96d0834-a141-11e0-84e1-1c659d186c8d}\Shell - "" = AutoRun 
O33 - MountPoints2\{a96d0834-a141-11e0-84e1-1c659d186c8d}\Shell\AutoRun\command - "" = E:\.\Autorun.exe AUTORUN=1 
O33 - MountPoints2\{e39e9f93-a020-11e0-bc4e-1c659d186c8d}\Shell - "" = AutoRun 
O33 - MountPoints2\{e39e9f93-a020-11e0-bc4e-1c659d186c8d}\Shell\AutoRun\command - "" = E:\.\Autorun.exe AUTORUN=1 



[2012.07.27 14:19:25 | 004,503,728 | ---- | M] () -- C:\ProgramData\zak_lo0i7g.pad 

@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685 


[2012.07.27 16:54:15 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 

[2012.07.27 15:08:03 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 27.07.2012, 20:34   #3
AndyG
 
Bundestrojaner nach Systemwiderherstellung inkl. Logs - Standard

Bundestrojaner nach Systemwiderherstellung inkl. Logs



Das wäre dann das Ergebnis:
Zitat:
All processes killed
========== PROCESSES ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.greuther-fuerth.de/v3/aktuelles/newsflash.php" removed from browser.startup.homepage
Prefs.js: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 removed from extensions.enabledItems
Prefs.js: bkmrksync@nokia.com:1.0.0.736 removed from extensions.enabledItems
Prefs.js: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51 removed from extensions.enabledItems
Prefs.js: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 removed from extensions.enabledItems
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
Folder C:\Users\Name\AppData\Roaming\mozilla\Extensions\ not found.
Folder C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\jt9yfrnl.default\extensions\ not found.
File C:\USERS\Name\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JT9YFRNL.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.CO M.XPI not found.
File C:\USERS\Name\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JT9YFRNL.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.X PI not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ deleted successfully.
C:\Program Files (x86)\Orbitdownloader\GrabPro.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Server Application deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53fdb3cd-a020-11e0-adb1-1c659d186c8d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53fdb3cd-a020-11e0-adb1-1c659d186c8d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53fdb3cd-a020-11e0-adb1-1c659d186c8d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53fdb3cd-a020-11e0-adb1-1c659d186c8d}\ not found.
File E:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a96d0834-a141-11e0-84e1-1c659d186c8d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a96d0834-a141-11e0-84e1-1c659d186c8d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a96d0834-a141-11e0-84e1-1c659d186c8d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a96d0834-a141-11e0-84e1-1c659d186c8d}\ not found.
File E:\.\Autorun.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e39e9f93-a020-11e0-bc4e-1c659d186c8d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e39e9f93-a020-11e0-bc4e-1c659d186c8d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e39e9f93-a020-11e0-bc4e-1c659d186c8d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e39e9f93-a020-11e0-bc4e-1c659d186c8d}\ not found.
File E:\.\Autorun.exe AUTORUN=1 not found.
C:\ProgramData\zak_lo0i7g.pad moved successfully.
ADS C:\ProgramData\Temp:93EB7685 deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Andreas\Desktop\cmd.bat deleted successfully.
C:\Users\Andreas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Andreas
->Temp folder emptied: 512056106 bytes
->Temporary Internet Files folder emptied: 73625878 bytes
->Java cache emptied: 2778096 bytes
->FireFox cache emptied: 55555718 bytes
->Google Chrome cache emptied: 6340711 bytes
->Flash cache emptied: 6124 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mareike
->Temp folder emptied: 59331070 bytes
->Temporary Internet Files folder emptied: 333948174 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 877090232 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 13115388 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 118882062 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102427 bytes
RecycleBin emptied: 180420 bytes

Total Files Cleaned = 1.959,00 mb


[EMPTYFLASH]

User: All Users

User: Andreas
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Mareike
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 07272012_212527

Files\Folders moved on Reboot...
C:\Users\Andreas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Andreas\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012.07.27 21:30:24 | 000,000,000 | ---- | M] () C:\Windows\temp\dsiwmis.log : Unable to obtain MD5

Registry entries deleted on Reboot...
__________________

Alt 28.07.2012, 14:09   #4
t'john
/// Helfer-Team
 
Bundestrojaner nach Systemwiderherstellung inkl. Logs - Standard

Bundestrojaner nach Systemwiderherstellung inkl. Logs



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 28.07.2012, 15:13   #5
AndyG
 
Bundestrojaner nach Systemwiderherstellung inkl. Logs - Standard

Bundestrojaner nach Systemwiderherstellung inkl. Logs



Der Rechner läuft offline gut...kann ich ihn online gehen lassen ohne Angst haben zu müssen?
Scans kann ich erst heute Abend machen...poste die Protokolle dann


Alt 28.07.2012, 15:16   #6
t'john
/// Helfer-Team
 
Bundestrojaner nach Systemwiderherstellung inkl. Logs - Standard

Bundestrojaner nach Systemwiderherstellung inkl. Logs



Online ja, aber nicht surfen damit, sonst geht es erneut los.
Dazu muss der Rechner sauber und abgesichert sein.
__________________
--> Bundestrojaner nach Systemwiderherstellung inkl. Logs

Alt 28.07.2012, 20:53   #7
AndyG
 
Bundestrojaner nach Systemwiderherstellung inkl. Logs - Standard

Bundestrojaner nach Systemwiderherstellung inkl. Logs



ADWCleaner
Zitat:
# AdwCleaner v1.703 - Logfile created 07/28/2012 at 21:47:40
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Andreas - ANDREAS-LAPTOP
# Running from : C:\Users\Andreas\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\boost_interprocess

***** [Registry] *****

Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Orbit\OpenCandy
Key Found : HKLM\SOFTWARE\Software
[x64] Key Found : HKCU\Software\Softonic

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\jt9yfrnl.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\0kc00xyh.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Mareike\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2636 octets] - [28/07/2012 21:47:40]

########## EOF - C:\AdwCleaner[R1].txt - [2764 octets] ##########
Habe außerdem noch festgestellt, dass meine externe Foto-Festplatte an war - also aktiv. Den USB-Hub habe ich unmittelbar nach der Infektion abgestöpselt...ist das ein Problem? Muss ich die Platte auch noch einmal irgendwie checken?
Angehängte Dateien
Dateityp: txt mbam-log-2012-07-28 (21-42-23).txt (2,9 KB, 138x aufgerufen)

Alt 28.07.2012, 20:57   #8
t'john
/// Helfer-Team
 
Bundestrojaner nach Systemwiderherstellung inkl. Logs - Standard

Bundestrojaner nach Systemwiderherstellung inkl. Logs



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 28.07.2012, 21:22   #9
AndyG
 
Bundestrojaner nach Systemwiderherstellung inkl. Logs - Standard

Bundestrojaner nach Systemwiderherstellung inkl. Logs



Zitat:
# AdwCleaner v1.703 - Logfile created 07/28/2012 at 22:05:40
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Andreas - ANDREAS-LAPTOP
# Running from : C:\Users\Andreas\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Orbit\OpenCandy
Key Deleted : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\jt9yfrnl.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Mareike\AppData\Roaming\Mozilla\Firefox\Profiles\0kc00xyh.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Mareike\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2751 octets] - [28/07/2012 21:47:40]
AdwCleaner[S1].txt - [2355 octets] - [28/07/2012 22:05:40]

########## EOF - C:\AdwCleaner[S1].txt - [2483 octets] ##########
Der Emisoft-Scan läuft gerade durch

Muss ich meine Foto-Festplatte auch noch scannen?

Zitat:
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 28.07.2012 22:11:54

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, Q:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 28.07.2012 22:12:08


Gescannt 670537
Gefunden 0

Scan Ende: 28.07.2012 23:04:33
Scan Zeit: 0:52:25
Für den Laien sieht es gut aus

Kleine Ergänzung...meine Foto-Platte habe ich mit Malewarebytes und Emsisoft gescannt...ohne Befund...

Alt 29.07.2012, 14:02   #10
t'john
/// Helfer-Team
 
Bundestrojaner nach Systemwiderherstellung inkl. Logs - Standard

Bundestrojaner nach Systemwiderherstellung inkl. Logs



Sehr gut!


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 29.07.2012, 20:44   #11
AndyG
 
Bundestrojaner nach Systemwiderherstellung inkl. Logs - Standard

Bundestrojaner nach Systemwiderherstellung inkl. Logs



Das ist das Log...
Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bdfc7aaddd7dbf42919453233d7c08a2
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-29 07:41:57
# local_time=2012-07-29 09:41:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=768 16777215 100 0 49283057 49283057 0 0
# compatibility_mode=5893 16776573 100 94 73824 95213496 0 0
# compatibility_mode=8192 67108863 100 0 88 88 0 0
# scanned=304804
# found=1
# cleaned=1
# scan_time=7291
C:\Users\Andreas\Downloads\SoftonicDownloader_fuer_freez-flv-to-mp3-converter.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Alt 29.07.2012, 20:57   #12
t'john
/// Helfer-Team
 
Bundestrojaner nach Systemwiderherstellung inkl. Logs - Standard

Bundestrojaner nach Systemwiderherstellung inkl. Logs



Java aktualisieren

Deine Javaversion ist veraltet. Da einige Schaedlinge ueber Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen muessen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von SingularLabs herunter und entpacke es auf den Desktop. Nimm die Windows Binary. JavaRA ist geeignet fuer Windows Windows 9x, 2k, XP, Vista, 7. Vista und Windows 7-User muessen die Benuterkontensteuerung deaktivieren, Anleitung siehe unten.


  • Schliesse alle Browserfenster.
  • Doppelklicke die JavaRa.exe, um das Programm zu starten.
  • Die Sprache Deutsch auswaehlen und klicke "Select".
  • Klicke auf Weitere Funktionen, mache Haken bei Unnoetige JRE Dateien loeschen und Sun Download Manager loeschen.
  • Klicke auf Start und jeweils auf Ok/Ja und schliesse das Fenster "Additional Tasks" wieder.
  • Klicke auf aeltere Versionen loeschen, um alte Java-Versionen, die auf dem Rechner installiert sind, zu entfernen.
  • Klicke auf Ja wenn es verlangt wird. Wenn JavaRa fertig, erscheint eine Notiz, dass ein Logfile erstellt wurde, klicke OK.
  • Das Logfile wird im Editor geoeffnet, bitte speichern und spaeter hier posten.
  • Rechner neu starten.[/B]

Downloade nun die aktuelle Offline-Version von Java von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also waehrend der Installation den Haken bei der Toolbar entfernen.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 29.07.2012, 21:05   #13
AndyG
 
Bundestrojaner nach Systemwiderherstellung inkl. Logs - Standard

Bundestrojaner nach Systemwiderherstellung inkl. Logs



JavaRa liefert keine log-Datei..."kann nicht gefunden werden"

Ansonsten ist Java jetzt aktuell

Alt 29.07.2012, 21:18   #14
t'john
/// Helfer-Team
 
Bundestrojaner nach Systemwiderherstellung inkl. Logs - Standard

Bundestrojaner nach Systemwiderherstellung inkl. Logs



Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 29.07.2012, 21:27   #15
AndyG
 
Bundestrojaner nach Systemwiderherstellung inkl. Logs - Standard

Bundestrojaner nach Systemwiderherstellung inkl. Logs



Ich habe dann jetzt Java(TM) 7 Update 5 und JavaFX 2.1.1 drauf und starte jetzt neu...

Erledigt...Java installiert und eingestellt

Antwort

Themen zu Bundestrojaner nach Systemwiderherstellung inkl. Logs
antivirus, autorun, avast, bho, bonjour, explorer, firefox, format, home, icq, launch, locker, log, logfile, malwarebytes, microsoft, mozilla, mywinlocker, programme, realtek, registry, scan, searchscopes, software, symantec, temp, windows, winlogon, wlan



Ähnliche Themen: Bundestrojaner nach Systemwiderherstellung inkl. Logs


  1. Windows 7: Weißer Bildschirm nach Start inkl. Aktivierung der Webcam
    Log-Analyse und Auswertung - 06.02.2015 (14)
  2. Logs nach Pishing Mail
    Log-Analyse und Auswertung - 25.01.2014 (9)
  3. Logs nach Beheben des QVO6
    Log-Analyse und Auswertung - 19.08.2013 (3)
  4. Systemwiderherstellung - Trojaner weg?
    Plagegeister aller Art und deren Bekämpfung - 22.11.2012 (2)
  5. GVU-Trojaner nach Systemwiderherstellung noch aktiv ?
    Plagegeister aller Art und deren Bekämpfung - 18.11.2012 (18)
  6. BKA-Trojaner (inkl. Logs)
    Log-Analyse und Auswertung - 27.10.2012 (2)
  7. Durchsicht Logs nach Widerherstellung
    Log-Analyse und Auswertung - 03.10.2012 (7)
  8. Virenbefall: Exploits und "Java-Virus" inkl Logs
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (4)
  9. BKA Virus nach Systemwiderherstellung weg, wie komplett löschen? Windows 7
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (6)
  10. Entfernen von Live Security Platinum erfolgreich? (inkl. Logs)
    Log-Analyse und Auswertung - 22.07.2012 (4)
  11. GVU-Trojaner beseitigt nach einer Systemwiderherstellung?
    Log-Analyse und Auswertung - 09.07.2012 (2)
  12. Bundestrojaner inkl OTL Scan (White Screen) Fix
    Plagegeister aller Art und deren Bekämpfung - 21.03.2012 (6)
  13. Nach Systemwiderherstellung, geht so gut wie nichts mehr!
    Alles rund um Windows - 27.06.2010 (2)
  14. logs nach trojanerbefall
    Log-Analyse und Auswertung - 29.04.2010 (1)
  15. Systemwiderherstellung
    Plagegeister aller Art und deren Bekämpfung - 06.01.2010 (2)
  16. Systemwiderherstellung deaktiviert !!!
    Alles rund um Windows - 18.01.2006 (13)
  17. Logs nach entfernen von Smitfraud.c und se.dll
    Log-Analyse und Auswertung - 01.09.2005 (10)

Zum Thema Bundestrojaner nach Systemwiderherstellung inkl. Logs - Hallo, ich habe mir diesen Bundestrojaner-Virus eingefangen. Ich habe eine Systemwiederherstellung durchgeführt und habe Vollzugriff auf meinen Laptop, d.h. es funktioniert so wie ich das sehe augenscheinlich alles, wobei er - Bundestrojaner nach Systemwiderherstellung inkl. Logs...
Archiv
Du betrachtest: Bundestrojaner nach Systemwiderherstellung inkl. Logs auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.