Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Stark verseuchter PC--> gleich formatieren?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.09.2010, 20:18   #1
Trojanerdoof
 
Stark verseuchter  PC--> gleich formatieren? - Standard

Stark verseuchter PC--> gleich formatieren?



hallo alle zusammen!
ich sags gleich: bin ziemlich schlampig mit meinem PC umgegangen und dementsprechend ist er stark mit allem möglichen verseucht!
ich habe 2 scanc genutzt einmal "Malwarebytes" und einmal "Loaris TrojanRemover".... wo bei "Malwarebytes" mir nur 15 viren anzeigt und "Loaris TrojanRemover" 114 anzeigt !!!! soll ich gleich formatieren oder ist der pc noch zu retten?

hier ist der Report von Malwarebytes:
07.09.2010 20:58:02
mbam-log-2010-09-07 (20-57-55).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 78387
Laufzeit: 14 minute(s), 31 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 9
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlne (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngqd (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlpe (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngoh (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlpsc (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngosf (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlppf (Password.Stealer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngpta (Password.Stealer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\xxx\AppData\Local\Temp\lsass.exe (Trojan.Agent) -> No action taken.
c:\Users\xxx\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> No action taken.
c:\Users\xxx\AppData\Local\Temp\taskmgr.exe (Trojan.Downloader) -> No action taken.
c:\Users\xxx\AppData\Local\Temp\services.exe (Password.Stealer) -> No action taken.


hier der "Loaris TrojanRemover" scan:
Loaris Trojan Remover v.1.2.1.9
Report file date: 07.09.2010 20:41:46

Scanning for 448846 virus strains and unwanted programs.

Licensed: UNREGISTERED
Windows version: Windows Vista (TM) Home Premium (version 6.0)
Username: Sebastian
Computer name: SEBASTIAN-PC

Starting the file scan:

Hijack.NoFolderOptions - fixed
Startup collected
BHO plugins collected
Service collected
ActiveX collected
Files collected
Scanning process...
----- c:\users\sebast~1\appdata\local\temp\csneowarmx.exe ---- Startup
Threat
csneowarmx.exe
MD5: C82FFDCD8238EB908D2DAFC615224332:48128
EP: 90 8B 0C 24 33 C0 48 66 40 0F 8E 65 F6 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SEC:
.text:A2FC2D99A957938DE3FD3D2CE557A2E0:7168
.DATA21:603DBDAB178793317BA5538812C7F761:3584
.data1:5AD63CFB90B6D2B64ADB998D4C797056:28160
.tls:00000000000000000000000000000000:0
.idata:FA736174610BBF0CCC67266FCF9F6BE7:2560
.e4355:FF1CE2018AA17FE600FCA636B126DBE4:6144
.rsrc:71A1B6C7FA3B177B745FEB54DCA64DD6:3072
.wdata:BF619EAC0CDF3F68D496EA9344137E8B:512


----- c:\users\sebast~1\appdata\local\temp\xdrlac.exe ---- Startup
Threat
LvNZPiejlqX
MD5: 6204938E0003046C711CF0367972C1A8:30001
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:50B46E7BEC256D4DFFE0532AAFB87500:3072


----- c:\users\sebast~1\appdata\local\temp\czev2jlhli.exe ---- Startup
Threat
LvNZPiejlnfa
MD5: 6204938E0003046C711CF0367972C1A8:30001
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:50B46E7BEC256D4DFFE0532AAFB87500:3072


----- c:\users\sebast~1\appdata\local\temp\taskmgr.exe ---- Startup
Threat
LvNZPiejlpsc
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebast~1\appdata\local\temp\smss.exe ---- Startup
Threat
LvNZPiejlrf
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebast~1\appdata\local\temp\system.exe ---- Startup
Threat
LvNZPiejlud
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebast~1\appdata\local\temp\spoolsv.exe ---- Startup
Threat
LvNZPiejlrxc
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebast~1\appdata\local\temp\user.exe ---- Startup
Threat
LvNZPiejlqf
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebast~1\appdata\local\temp\lsass.exe ---- Startup
Threat
LvNZPiejlne
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebast~1\appdata\local\temp\hexdump.exe ---- Startup
Threat
LvNZPiejlotc
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebast~1\appdata\local\temp\jliey.exe ---- Startup
Threat
LvNZPiejlmc
MD5: 6204938E0003046C711CF0367972C1A8:30001
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:50B46E7BEC256D4DFFE0532AAFB87500:3072


----- c:\users\sebast~1\appdata\local\temp\avp.exe ---- Startup
Threat
LvNZPiejloc
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebast~1\appdata\local\temp\gdi32.exe ---- Startup
Threat
LvNZPiejlk+
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebast~1\appdata\local\temp\nvsvc32.exe ---- Startup
Threat
LvNZPiejlsPc
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebast~1\appdata\local\temp\hpgym.exe ---- Startup
Threat
LvNZPiejlme
MD5: 6204938E0003046C711CF0367972C1A8:30001
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:50B46E7BEC256D4DFFE0532AAFB87500:3072


----- c:\users\sebast~1\appdata\local\temp\csrss.exe ---- Startup
Threat
LvNZPiejlpe
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebast~1\appdata\local\temp\sysedit.exe ---- Startup
Threat
LvNZPiejlupc
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebast~1\appdata\local\temp\services.exe ---- Startup
Threat
LvNZPiejlppf
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebast~1\appdata\local\temp\debug.exe ---- Startup
Threat
LvNZPiejlhb
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebast~1\appdata\local\temp\s5hgzklvl0.exe ---- Startup
Threat
LvNZPiejlbuQ
MD5: 6204938E0003046C711CF0367972C1A8:30001
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:50B46E7BEC256D4DFFE0532AAFB87500:3072


----- c:\users\sebast~1\appdata\local\temp\winamp.exe ---- Startup
Threat
LvNZPiejlqb
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebast~1\appdata\local\temp\cmd.exe ---- Startup
Threat
LvNZPiejlkc
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebast~1\appdata\local\temp\eiicrwk4e5.exe ---- Startup
Threat
LvNZPiejlkt_
MD5: 6204938E0003046C711CF0367972C1A8:30001
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:50B46E7BEC256D4DFFE0532AAFB87500:3072


----- c:\users\sebastian\appdata\roaming\88d5daeeeeaea11a9121e6e125c97af8\mediafix70700en02.exe ---- Startup
Threat
mediafix70700en02.exe
MD5: 882F962538B5D8920A04515CC7C113EB:1063424
EP: 90 8B 0C 24 33 C0 48 66 40 0F 8E 2B F6 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SEC:
.text:E35C022AFFB925291C2953F76CFF4A00:7168
.DATA21:174AD8CF66128F94520A87314A8A60A4:3584
.data1:FBAE68DEE04CB5925BFB073A0B86364A:1040896
.tls:00000000000000000000000000000000:0
.idata:C62BFB7522294D3F9F9424D85A963CDF:2560
.e4355:BF619EAC0CDF3F68D496EA9344137E8B:512
.rsrc:B0AF1A0BC0F79CCD267A859A83AFEA5B:11264
.wdata:BF619EAC0CDF3F68D496EA9344137E8B:512


----- c:\users\sebast~1\appdata\local\temp\xf7hkna8hcn5d.exe ---- Startup
Threat
LvNZPiejlcocLST~1\AppData\Local\Temp\xf7hkna8hcn5d.exe
MD5: 52CC7161683B552777033136E60CE5A9:60000
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebastian\appdata\local\temp\taskmgr.exe ---- Startup
Threat
Lvdsbhfngosf
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebastian\appdata\local\temp\user.exe ---- Startup
Threat
Lvdsbhfngta
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebastian\appdata\local\temp\hexdump.exe ---- Startup
Threat
Lvdsbhfngmve
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebastian\appdata\local\temp\system.exe ---- Startup
Threat
Lvdsbhfnguuc
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebastian\appdata\local\temp\spoolsv.exe ---- Startup
Threat
Lvdsbhfngrvg
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebastian\appdata\local\temp\smss.exe ---- Startup
Threat
Lvdsbhfngre
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebastian\appdata\local\temp\avp.exe ---- Startup
Threat
Lvdsbhfngoe
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebastian\appdata\local\temp\gdi32.exe ---- Startup
Threat
Lvdsbhfngl/
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebastian\appdata\local\temp\lsass.exe ---- Startup
Threat
Lvdsbhfngqd
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebastian\appdata\local\temp\nvsvc32.exe ---- Startup
Threat
LvdsbhfngsfP
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebastian\appdata\local\temp\services.exe ---- Startup
Threat
Lvdsbhfngpta
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebastian\appdata\local\temp\sysedit.exe ---- Startup
Threat
Lvdsbhfngupf
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebastian\appdata\local\temp\csrss.exe ---- Startup
Threat
Lvdsbhfngoh
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebastian\appdata\local\temp\s5hgzklvl0.exe ---- Startup
Threat
Lvdsbhfngdtfc
MD5: 6204938E0003046C711CF0367972C1A8:30001
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:50B46E7BEC256D4DFFE0532AAFB87500:3072


----- c:\users\sebastian\appdata\local\temp\winamp.exe ---- Startup
Threat
Lvdsbhfngrrc
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebastian\appdata\local\temp\debug.exe ---- Startup
Threat
Lvdsbhfnglb
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebastian\appdata\local\temp\cmd.exe ---- Startup
Threat
Lvdsbhfngnb
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- c:\users\sebastian\appdata\local\temp\eiicrwk4e5.exe ---- Startup
Threat
LvdsbhfngmtOc
MD5: 6204938E0003046C711CF0367972C1A8:30001
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:50B46E7BEC256D4DFFE0532AAFB87500:3072


----- c:\users\sebastian\appdata\local\temp\xf7hkna8hcn5d.exe ---- Startup
Threat
LvdsbhfngqeZNstian\AppData\Local\Temp\xf7hkna8hcn5d.exe
MD5: 52CC7161683B552777033136E60CE5A9:60000
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll ---- BHO
Threat
Dealio Toolbar
MD5: 1C87D50F3792BB26F316FC70F7389157:700416
EP: 8B FF 55 8B EC 83 7D 0C 01 75 05 E8 31 03 00 00 FF 75 08 8B 4D 10 8B 55 0C E8 CC FE FF FF 59 5D C2 0C 00 FF 25 4C 73 04 10 CC CC 51 8D 4C 24 08 2B C8 83 E1 0F 03 C1 1B C9 0B C1 59 E9 9A 03 00 00
SEC:
.text:2058218935C00F8F9A423EABED85C16E:285696
.rdata:603EB6899A59DC45DF92FF41C1BD5548:98816
.data:284F40A0C00317EE1D6933805135C5B2:15360
.rsrc:832AAF769BC1439DFFFE40BE6A4FF7F5:263168
.reloc:640F6F585B11E58601417BBB23F95FE1:36352


----- HKCU\Software\Antimalware Doctor Inc\Antimalware Doctor ---- Registry
Rogue.AntimalwareDoctor
----- HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor ---- Registry
Rogue.AntimalwareDoctor
----- C:\Users\Sebastian\AppData\Roaming\microsoft\internet explorer\quick launch\antimalware doctor.lnk ---- General
Rogue.AntimalwareDoctor
MD5: B0203455B7BB68B6C15C99E8CB877CEF:1106
EP: 00
SEC:


----- C:\Users\Sebastian\AppData\Roaming\88D5DAEEEEAEA11A9121E6E125C97AF8\mediafix70700en02.exe ---- General
Rogue.AntimalwareDoctor
ProdVer: 24.0.0.0
FileVer: 0.1.0.0
Name :
Company: MS
MD5: 882F962538B5D8920A04515CC7C113EB:1063424
EP: 90 8B 0C 24 33 C0 48 66 40 0F 8E 2B F6 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SEC:
.text:E35C022AFFB925291C2953F76CFF4A00:7168
.DATA21:174AD8CF66128F94520A87314A8A60A4:3584
.data1:FBAE68DEE04CB5925BFB073A0B86364A:1040896
.tls:00000000000000000000000000000000:0
.idata:C62BFB7522294D3F9F9424D85A963CDF:2560
.e4355:BF619EAC0CDF3F68D496EA9344137E8B:512
.rsrc:B0AF1A0BC0F79CCD267A859A83AFEA5B:11264
.wdata:BF619EAC0CDF3F68D496EA9344137E8B:512


----- C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\antimalware doctor.lnk ---- General
Rogue.AntimalwareDoctor
MD5: 7A70C13F1BBE67F8E8E4C4A93C3B647F:1118
EP: 00
SEC:


----- C:\Users\Sebastian\AppData\Roaming\88D5DAEEEEAEA11A9121E6E125C97AF8\mediafix70700en02.exe ---- General
Rogue.AntimalwareDoctor
ProdVer: 24.0.0.0
FileVer: 0.1.0.0
Name :
Company: MS
MD5: 882F962538B5D8920A04515CC7C113EB:1063424
EP: 90 8B 0C 24 33 C0 48 66 40 0F 8E 2B F6 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SEC:
.text:E35C022AFFB925291C2953F76CFF4A00:7168
.DATA21:174AD8CF66128F94520A87314A8A60A4:3584
.data1:FBAE68DEE04CB5925BFB073A0B86364A:1040896
.tls:00000000000000000000000000000000:0
.idata:C62BFB7522294D3F9F9424D85A963CDF:2560
.e4355:BF619EAC0CDF3F68D496EA9344137E8B:512
.rsrc:B0AF1A0BC0F79CCD267A859A83AFEA5B:11264
.wdata:BF619EAC0CDF3F68D496EA9344137E8B:512


----- C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\antimalware doctor\antimalware doctor.lnk ---- General
Rogue.AntimalwareDoctor
MD5: 7A70C13F1BBE67F8E8E4C4A93C3B647F:1118
EP: 00
SEC:


----- C:\Users\Sebastian\AppData\Roaming\88D5DAEEEEAEA11A9121E6E125C97AF8\mediafix70700en02.exe ---- General
Rogue.AntimalwareDoctor
ProdVer: 24.0.0.0
FileVer: 0.1.0.0
Name :
Company: MS
MD5: 882F962538B5D8920A04515CC7C113EB:1063424
EP: 90 8B 0C 24 33 C0 48 66 40 0F 8E 2B F6 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SEC:
.text:E35C022AFFB925291C2953F76CFF4A00:7168
.DATA21:174AD8CF66128F94520A87314A8A60A4:3584
.data1:FBAE68DEE04CB5925BFB073A0B86364A:1040896
.tls:00000000000000000000000000000000:0
.idata:C62BFB7522294D3F9F9424D85A963CDF:2560
.e4355:BF619EAC0CDF3F68D496EA9344137E8B:512
.rsrc:B0AF1A0BC0F79CCD267A859A83AFEA5B:11264
.wdata:BF619EAC0CDF3F68D496EA9344137E8B:512


----- C:\Users\Sebastian\Desktop\antimalware doctor.lnk ---- General
Rogue.AntimalwareDoctor
MD5: D34E2553F60C50131BCDCB04ED3EB6FE:1126
EP: 00
SEC:


----- C:\Users\Sebastian\AppData\Roaming\88D5DAEEEEAEA11A9121E6E125C97AF8\mediafix70700en02.exe ---- General
Rogue.AntimalwareDoctor
ProdVer: 24.0.0.0
FileVer: 0.1.0.0
Name :
Company: MS
MD5: 882F962538B5D8920A04515CC7C113EB:1063424
EP: 90 8B 0C 24 33 C0 48 66 40 0F 8E 2B F6 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SEC:
.text:E35C022AFFB925291C2953F76CFF4A00:7168
.DATA21:174AD8CF66128F94520A87314A8A60A4:3584
.data1:FBAE68DEE04CB5925BFB073A0B86364A:1040896
.tls:00000000000000000000000000000000:0
.idata:C62BFB7522294D3F9F9424D85A963CDF:2560
.e4355:BF619EAC0CDF3F68D496EA9344137E8B:512
.rsrc:B0AF1A0BC0F79CCD267A859A83AFEA5B:11264
.wdata:BF619EAC0CDF3F68D496EA9344137E8B:512


----- C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\programs\antimalware doctor\uninstall.lnk ---- General
Rogue.AntimalwareDoctor
MD5: 892BE03CACABD1D325DD4771F27A0B5D:2108
EP: 00
SEC:


----- C:\Users\Sebastian\AppData\Roaming\88D5DAEEEEAEA11A9121E6E125C97AF8\mediafix70700en02.exe ---- General
Rogue.AntimalwareDoctor
ProdVer: 24.0.0.0
FileVer: 0.1.0.0
Name :
Company: MS
MD5: 882F962538B5D8920A04515CC7C113EB:1063424
EP: 90 8B 0C 24 33 C0 48 66 40 0F 8E 2B F6 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SEC:
.text:E35C022AFFB925291C2953F76CFF4A00:7168
.DATA21:174AD8CF66128F94520A87314A8A60A4:3584
.data1:FBAE68DEE04CB5925BFB073A0B86364A:1040896
.tls:00000000000000000000000000000000:0
.idata:C62BFB7522294D3F9F9424D85A963CDF:2560
.e4355:BF619EAC0CDF3F68D496EA9344137E8B:512
.rsrc:B0AF1A0BC0F79CCD267A859A83AFEA5B:11264
.wdata:BF619EAC0CDF3F68D496EA9344137E8B:512


----- HKCU\Software\Antimalware Doctor Inc ---- Registry
Rogue
----- C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.exe ---- General
Worm.Win32.VB.xb
ProdVer: 51.2100.2690
FileVer: 51.2100.2690
Name : Microsoft@ Windows@ Operating System
Company: Microsoft Corporation
MD5: 74DBD545CF6DC5D006325CC3E4658A12:20480
RIC: 15A174CDE9DA79A059C2F2740EBFFBCA:296
EP: 68 BC 13 40 00 E8 EE FF FF FF 00 00 00 00 00 00 30 00 00 00 38 00 00 00 00 00 00 00 1A A8 B2 5A B4 BA AC 49 80 81 C5 5C 75 7A C9 AC 00 00 00 00 00 00 01 00 00 00 B9 A4 B3 CC 31 2E B9 A4 B3 CC 31
SEC:
.text7AE2192CACFD8D7F5DCED4C2AF98BBB:12288
.data:00000000000000000000000000000000:0
.rsrc:CCBC7228083B598F70C50621E6C142D5:4096


----- C:\Users\Sebastian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HK9RLV0C\mediafix70700en02[1].exe ---- General
Mal/Fraud!se579
ProdVer: 24.0.0.0
FileVer: 0.1.0.0
Name :
Company: MS
MD5: 882F962538B5D8920A04515CC7C113EB:1063424
EP: 90 8B 0C 24 33 C0 48 66 40 0F 8E 2B F6 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SEC:
.text:E35C022AFFB925291C2953F76CFF4A00:7168
.DATA21:174AD8CF66128F94520A87314A8A60A4:3584
.data1:FBAE68DEE04CB5925BFB073A0B86364A:1040896
.tls:00000000000000000000000000000000:0
.idata:C62BFB7522294D3F9F9424D85A963CDF:2560
.e4355:BF619EAC0CDF3F68D496EA9344137E8B:512
.rsrc:B0AF1A0BC0F79CCD267A859A83AFEA5B:11264
.wdata:BF619EAC0CDF3F68D496EA9344137E8B:512


----- C:\Users\Sebastian\AppData\Local\Temp\202fbh.exe ---- General
Mal/VB-CF
MD5: 489CFD601E2EA73C8E01B66A0C2CF395:34304
EP: 60 BE 00 A0 41 00 8D BE 00 70 FE FF 57 89 E5 8D 9C 24 80 C1 FF FF 31 C0 50 39 DC 75 FB 46 46 53 68 9C F2 01 00 57 83 C3 04 53 68 24 74 00 00 56 83 C3 04 53 50 C7 03 03 00 02 00 90 90 90 90 90 55
SEC:
UPX0:00000000000000000000000000000000:0
UPX1:AA370D90151E9BB8642E260434C940B6:32768
.rsrc:74DB92CB1444E08FAEE35590A56E078A:512


----- C:\Users\Sebastian\AppData\Local\Temp\br8oc.exe ---- General
Mal/Packer!se5
MD5: A539C9A43BD46146DA2376F1D5650B79:30000
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:50B46E7BEC256D4DFFE0532AAFB87500:3072


----- C:\Users\Sebastian\AppData\Local\Temp\csneowarmx.exe ---- General
Mal/Fraud!se579
MD5: C82FFDCD8238EB908D2DAFC615224332:48128
EP: 90 8B 0C 24 33 C0 48 66 40 0F 8E 65 F6 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SEC:
.text:A2FC2D99A957938DE3FD3D2CE557A2E0:7168
.DATA21:603DBDAB178793317BA5538812C7F761:3584
.data1:5AD63CFB90B6D2B64ADB998D4C797056:28160
.tls:00000000000000000000000000000000:0
.idata:FA736174610BBF0CCC67266FCF9F6BE7:2560
.e4355:FF1CE2018AA17FE600FCA636B126DBE4:6144
.rsrc:71A1B6C7FA3B177B745FEB54DCA64DD6:3072
.wdata:BF619EAC0CDF3F68D496EA9344137E8B:512


----- C:\Users\Sebastian\AppData\Local\Temp\czev2jlhli.exe ---- General
Mal/Packer!se5
MD5: 6204938E0003046C711CF0367972C1A8:30001
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:50B46E7BEC256D4DFFE0532AAFB87500:3072


----- C:\Users\Sebastian\AppData\Local\Temp\dl3b5ixpg5.exe ---- General
Mal/Packer!se5
ProdVer:
FileVer: 1.0
Name :
Company: Microsoft Corporation
MD5: 52CC7161683B552777033136E60CE5A9:60000
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- C:\Users\Sebastian\AppData\Local\Temp\fwj3e05io.exe ---- General
Packer.Upack!se
ProdVer: 5.2.3790.3990
FileVer: 5.2.3790.3990
Name :
Company:
MD5: 2946145873AFB0DDCA822E9F1C239590:212347
RIC: BB953344F1C28A2CA9948B2B30033984:744
EP: 60 E8 09 00 00 00 05 F7 0C 00 E9 06 02 00 00 33 C9 5E 87 0E E3 F4 2B F1 8B DE AD 2B D8 AD 03 C3 50 97 AD 91 F3 A5 5E AD 56 91 01 1E AD E2 FB AD 8D 6E 10 01 5D 00 8D 7D 1C B5 1C F3 AB 5E AD 53 50
SEC:
.Upack:00000000000000000000000000000000:0
.rsrc:8B08113CE94EF2A170DEC2721B576128:211835


----- C:\Users\Sebastian\AppData\Local\Temp\g1xwc.dll ---- General
Trojan-Downloader.Win32.Frethog
MD5: A8DA7AE99BF483F4A2AF8B4C14F67A8B:30000
EP: 80 7C 24 08 01 0F 85 B9 01 00 00 60 BE 00 90 00 10 8D BE 00 80 FF FF 57 83 CD FF EB 0D 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC
SEC:
UPX0:00000000000000000000000000000000:0
UPX1:F72EF2EB49A3B1ECB29FC187B41FD8AF:3584
UPX2:6E6366F8501500F0AA91D8BDD1ABA644:512


----- C:\Users\Sebastian\AppData\Local\Temp\hpgym.exe ---- General
Mal/Packer!se5
MD5: 6204938E0003046C711CF0367972C1A8:30001
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:50B46E7BEC256D4DFFE0532AAFB87500:3072


----- C:\Users\Sebastian\AppData\Local\Temp\i8btkjerp.exe ---- General
Packer.Upack!se
ProdVer: 5.2.3790.3990
FileVer: 5.2.3790.3990
Name :
Company:
MD5: B4AFA1DF1DEBB6C5A8ECE7D0A4793BED:212347
RIC: BB953344F1C28A2CA9948B2B30033984:744
EP: 60 E8 09 00 00 00 05 F7 0C 00 E9 06 02 00 00 33 C9 5E 87 0E E3 F4 2B F1 8B DE AD 2B D8 AD 03 C3 50 97 AD 91 F3 A5 5E AD 56 91 01 1E AD E2 FB AD 8D 6E 10 01 5D 00 8D 7D 1C B5 1C F3 AB 5E AD 53 50
SEC:
.Upack:00000000000000000000000000000000:0
.rsrc:9953741DD43AE119B9506E44DF5CAAD7:211835


----- C:\Users\Sebastian\AppData\Local\Temp\iexplorer.exe ---- General
Mal/Packer!se5
MD5: 2EC72C79D802600B9EE9BC658F41E5E9:2368
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:1706E375A7BB25F2C8265C3C78A9A3D9:1856


----- C:\Users\Sebastian\AppData\Local\Temp\ik2el.dll ---- General
Trojan-Downloader.Win32.Frethog
MD5: A8DA7AE99BF483F4A2AF8B4C14F67A8B:30000
EP: 80 7C 24 08 01 0F 85 B9 01 00 00 60 BE 00 90 00 10 8D BE 00 80 FF FF 57 83 CD FF EB 0D 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC
SEC:
UPX0:00000000000000000000000000000000:0
UPX1:F72EF2EB49A3B1ECB29FC187B41FD8AF:3584
UPX2:6E6366F8501500F0AA91D8BDD1ABA644:512


----- C:\Users\Sebastian\AppData\Local\Temp\jd0sz.dll ---- General
Trojan-Downloader.Win32.Frethog
MD5: A8DA7AE99BF483F4A2AF8B4C14F67A8B:30000
EP: 80 7C 24 08 01 0F 85 B9 01 00 00 60 BE 00 90 00 10 8D BE 00 80 FF FF 57 83 CD FF EB 0D 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC
SEC:
UPX0:00000000000000000000000000000000:0
UPX1:F72EF2EB49A3B1ECB29FC187B41FD8AF:3584
UPX2:6E6366F8501500F0AA91D8BDD1ABA644:512


----- C:\Users\Sebastian\AppData\Local\Temp\jliey.exe ---- General
Mal/Packer!se5
MD5: 6204938E0003046C711CF0367972C1A8:30001
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:50B46E7BEC256D4DFFE0532AAFB87500:3072


----- C:\Users\Sebastian\AppData\Local\Temp\jov87t0nk9uuh8.exe ---- General
Mal/Packer!se5
ProdVer:
FileVer: 1.0
Name :
Company: Microsoft Corporation
MD5: 52CC7161683B552777033136E60CE5A9:60000
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- C:\Users\Sebastian\AppData\Local\Temp\l1ympa95jwo.exe ---- General
Mal/Packer!se5
ProdVer:
FileVer: 1.0
Name :
Company: Microsoft Corporation
MD5: 52CC7161683B552777033136E60CE5A9:60000
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- C:\Users\Sebastian\AppData\Local\Temp\lvo98uy1.exe ---- General
Mal/Packer!se5
MD5: A539C9A43BD46146DA2376F1D5650B79:30000
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:50B46E7BEC256D4DFFE0532AAFB87500:3072


----- C:\Users\Sebastian\AppData\Local\Temp\mdm.exe ---- General
Mal/Packer!se5
ProdVer:
FileVer: 1.0
Name :
Company: Microsoft Corporation
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- C:\Users\Sebastian\AppData\Local\Temp\q4jon5.dll ---- General
Trojan-Downloader.Win32.Frethog
MD5: A8DA7AE99BF483F4A2AF8B4C14F67A8B:30000
EP: 80 7C 24 08 01 0F 85 B9 01 00 00 60 BE 00 90 00 10 8D BE 00 80 FF FF 57 83 CD FF EB 0D 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC
SEC:
UPX0:00000000000000000000000000000000:0
UPX1:F72EF2EB49A3B1ECB29FC187B41FD8AF:3584
UPX2:6E6366F8501500F0AA91D8BDD1ABA644:512


----- C:\Users\Sebastian\AppData\Local\Temp\rdybyqnt9e5k4.exe ---- General
Mal/Packer!se5
ProdVer:
FileVer: 1.0
Name :
Company: Microsoft Corporation
MD5: 52CC7161683B552777033136E60CE5A9:60000
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- C:\Users\Sebastian\AppData\Local\Temp\sxarecomnw.exe ---- General
Mal/Fraud!se590
ProdVer: 2,9,211,1190
FileVer:
Name : C9 H13 N
Company:
MD5: 12CCEEB6694573A7090E61BAB67502B7:83456
EP: 55 8B EC 51 56 57 33 FF 57 8B 04 E5 20 20 40 00 FF D0 BE C8 00 00 00 8B C6 90 48 0F 85 F8 FF FF FF 6A 0A 57 8D 45 FC 50 50 8B 04 65 14 20 40 00 FF D0 90 FF CE 0F 85 F7 FF FF FF 8B 45 0C 33 C9 68
SEC:
.text:38AEF7B6328012093984FAED8FEF9A8F:3584
.rdata:7592129ECE0B0D7E7A7908AD63BEAB51:3584
.data:9619A2D1AB4E764F4520CF87637D7387:5120
.xpi:0F343B0931126A20F133D67C2B018A3B:1024
.ixp:BF619EAC0CDF3F68D496EA9344137E8B:512
.pixi:0F343B0931126A20F133D67C2B018A3B:1024
.rsrc:A6E3A41E603D097D5C08BF28F17F25B5:67072
.reloc:13DB68D8388D2982E0869EDFAB3D94D6:512


----- C:\Users\Sebastian\AppData\Local\Temp\tbcwy2r.exe ---- General
Mal/Packer!se5
MD5: A539C9A43BD46146DA2376F1D5650B79:30000
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:50B46E7BEC256D4DFFE0532AAFB87500:3072


----- C:\Users\Sebastian\AppData\Local\Temp\tbe1rp.exe ---- General
Mal/Packer!se5
MD5: A539C9A43BD46146DA2376F1D5650B79:30000
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:50B46E7BEC256D4DFFE0532AAFB87500:3072


----- C:\Users\Sebastian\AppData\Local\Temp\tjhgnt.exe ---- General
Mal/Packer!se5
MD5: 584998016369CACAA34795D73555F842:31696
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:C16A867CEB110C0A97B151CDB63257EA:31184


----- C:\Users\Sebastian\AppData\Local\Temp\tpcuqc.exe ---- General
Mal/Packer!se5
MD5: 584998016369CACAA34795D73555F842:31696
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:C16A867CEB110C0A97B151CDB63257EA:31184


----- C:\Users\Sebastian\AppData\Local\Temp\w4269.dll ---- General
Trojan-Downloader.Win32.Frethog
MD5: A8DA7AE99BF483F4A2AF8B4C14F67A8B:30000
EP: 80 7C 24 08 01 0F 85 B9 01 00 00 60 BE 00 90 00 10 8D BE 00 80 FF FF 57 83 CD FF EB 0D 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC
SEC:
UPX0:00000000000000000000000000000000:0
UPX1:F72EF2EB49A3B1ECB29FC187B41FD8AF:3584
UPX2:6E6366F8501500F0AA91D8BDD1ABA644:512


----- C:\Users\Sebastian\AppData\Local\Temp\wb0q1w28.exe ---- General
Mal/Packer!se5
MD5: A539C9A43BD46146DA2376F1D5650B79:30000
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:50B46E7BEC256D4DFFE0532AAFB87500:3072


----- C:\Users\Sebastian\AppData\Local\Temp\wemnocxars.exe ---- General
Mal/Fraud!se590
ProdVer: 2,9,211,1190
FileVer:
Name : C9 H13 N
Company:
MD5: 12CCEEB6694573A7090E61BAB67502B7:83456
EP: 55 8B EC 51 56 57 33 FF 57 8B 04 E5 20 20 40 00 FF D0 BE C8 00 00 00 8B C6 90 48 0F 85 F8 FF FF FF 6A 0A 57 8D 45 FC 50 50 8B 04 65 14 20 40 00 FF D0 90 FF CE 0F 85 F7 FF FF FF 8B 45 0C 33 C9 68
SEC:
.text:38AEF7B6328012093984FAED8FEF9A8F:3584
.rdata:7592129ECE0B0D7E7A7908AD63BEAB51:3584
.data:9619A2D1AB4E764F4520CF87637D7387:5120
.xpi:0F343B0931126A20F133D67C2B018A3B:1024
.ixp:BF619EAC0CDF3F68D496EA9344137E8B:512
.pixi:0F343B0931126A20F133D67C2B018A3B:1024
.rsrc:A6E3A41E603D097D5C08BF28F17F25B5:67072
.reloc:13DB68D8388D2982E0869EDFAB3D94D6:512


----- C:\Users\Sebastian\AppData\Local\Temp\wsb019.dll ---- General
Trojan-Downloader.Win32.Frethog
MD5: A8DA7AE99BF483F4A2AF8B4C14F67A8B:30000
EP: 80 7C 24 08 01 0F 85 B9 01 00 00 60 BE 00 90 00 10 8D BE 00 80 FF FF 57 83 CD FF EB 0D 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC
SEC:
UPX0:00000000000000000000000000000000:0
UPX1:F72EF2EB49A3B1ECB29FC187B41FD8AF:3584
UPX2:6E6366F8501500F0AA91D8BDD1ABA644:512


----- C:\Users\Sebastian\AppData\Local\Temp\ww6kxsa7n8i.exe ---- General
Mal/Packer!se5
ProdVer:
FileVer: 1.0
Name :
Company: Microsoft Corporation
MD5: 52CC7161683B552777033136E60CE5A9:60000
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- C:\Users\Sebastian\AppData\Local\Temp\xdrlac.exe ---- General
Mal/Packer!se5
MD5: 6204938E0003046C711CF0367972C1A8:30001
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:50B46E7BEC256D4DFFE0532AAFB87500:3072


----- C:\Users\Sebastian\AppData\Local\Temp\xgduscdu.exe ---- General
TrojanDownloader
ProdVer: 2, 4, 0, 1
FileVer: 2, 1, 0, 5
Name : NDIS VPN
Company: SecureNet
MD5: FE422471EEAC8B490DF54E6FC97EC326:19968
RIC: 22A095A2C8FA19BEE7F33040DBFD8F02:744
EP: 55 8B EC 81 EC C8 01 00 00 57 56 83 65 D8 00 53 6A 00 6A 00 6A 00 6A 00 6A 00 FF 15 7C C1 40 00 2D 00 00 07 80 BA C5 61 40 00 01 C2 8B 12 83 E8 57 21 45 FC 83 E1 00 81 F1 00 70 40 00 89 4D F4 8D
SEC:
.textbs:00000000000000000000000000000000:0
.text:82F375DBD0169C5423567C8A8B84C613:1024
.data:6F03B502C1618F3917FB3878D9D02999:1024
.rsrcB195679DDDBBFAA89D515632F816E35:9728
.debug:EFFDE7E9659C7D99EADBAACD39169CA7:1024
.idata:38593EAB52968CBC986DE4FD88FB3659:6144


----- C:\Users\Sebastian\AppData\Local\Temp\zwzdtr1o.exe ---- General
Mal/Packer!se5
MD5: A539C9A43BD46146DA2376F1D5650B79:30000
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:50B46E7BEC256D4DFFE0532AAFB87500:3072


----- C:\Users\Sebastian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HK9RLV0C\mediafix70700en02[1].exe ---- General
Mal/Fraud!se579
ProdVer: 24.0.0.0
FileVer: 0.1.0.0
Name :
Company: MS
MD5: 882F962538B5D8920A04515CC7C113EB:1063424
EP: 90 8B 0C 24 33 C0 48 66 40 0F 8E 2B F6 FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SEC:
.text:E35C022AFFB925291C2953F76CFF4A00:7168
.DATA21:174AD8CF66128F94520A87314A8A60A4:3584
.data1:FBAE68DEE04CB5925BFB073A0B86364A:1040896
.tls:00000000000000000000000000000000:0
.idata:C62BFB7522294D3F9F9424D85A963CDF:2560
.e4355:BF619EAC0CDF3F68D496EA9344137E8B:512
.rsrc:B0AF1A0BC0F79CCD267A859A83AFEA5B:11264
.wdata:BF619EAC0CDF3F68D496EA9344137E8B:512


----- C:\Users\SEBAST~1\AppData\Local\Temp\202fbh.exe ---- General
Mal/VB-CF
MD5: 489CFD601E2EA73C8E01B66A0C2CF395:34304
EP: 60 BE 00 A0 41 00 8D BE 00 70 FE FF 57 89 E5 8D 9C 24 80 C1 FF FF 31 C0 50 39 DC 75 FB 46 46 53 68 9C F2 01 00 57 83 C3 04 53 68 24 74 00 00 56 83 C3 04 53 50 C7 03 03 00 02 00 90 90 90 90 90 55
SEC:
UPX0:00000000000000000000000000000000:0
UPX1:AA370D90151E9BB8642E260434C940B6:32768
.rsrc:74DB92CB1444E08FAEE35590A56E078A:512


----- C:\Users\SEBAST~1\AppData\Local\Temp\br8oc.exe ---- General
Mal/Packer!se5
MD5: A539C9A43BD46146DA2376F1D5650B79:30000
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:50B46E7BEC256D4DFFE0532AAFB87500:3072


----- C:\Users\SEBAST~1\AppData\Local\Temp\dl3b5ixpg5.exe ---- General
Mal/Packer!se5
ProdVer:
FileVer: 1.0
Name :
Company: Microsoft Corporation
MD5: 52CC7161683B552777033136E60CE5A9:60000
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- C:\Users\SEBAST~1\AppData\Local\Temp\fwj3e05io.exe ---- General
Packer.Upack!se
ProdVer: 5.2.3790.3990
FileVer: 5.2.3790.3990
Name :
Company:
MD5: 2946145873AFB0DDCA822E9F1C239590:212347
RIC: BB953344F1C28A2CA9948B2B30033984:744
EP: 60 E8 09 00 00 00 05 F7 0C 00 E9 06 02 00 00 33 C9 5E 87 0E E3 F4 2B F1 8B DE AD 2B D8 AD 03 C3 50 97 AD 91 F3 A5 5E AD 56 91 01 1E AD E2 FB AD 8D 6E 10 01 5D 00 8D 7D 1C B5 1C F3 AB 5E AD 53 50
SEC:
.Upack:00000000000000000000000000000000:0
.rsrc:8B08113CE94EF2A170DEC2721B576128:211835


----- C:\Users\SEBAST~1\AppData\Local\Temp\g1xwc.dll ---- General
Trojan-Downloader.Win32.Frethog
MD5: A8DA7AE99BF483F4A2AF8B4C14F67A8B:30000
EP: 80 7C 24 08 01 0F 85 B9 01 00 00 60 BE 00 90 00 10 8D BE 00 80 FF FF 57 83 CD FF EB 0D 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC
SEC:
UPX0:00000000000000000000000000000000:0
UPX1:F72EF2EB49A3B1ECB29FC187B41FD8AF:3584
UPX2:6E6366F8501500F0AA91D8BDD1ABA644:512


----- C:\Users\SEBAST~1\AppData\Local\Temp\i8btkjerp.exe ---- General
Packer.Upack!se
ProdVer: 5.2.3790.3990
FileVer: 5.2.3790.3990
Name :
Company:
MD5: B4AFA1DF1DEBB6C5A8ECE7D0A4793BED:212347
RIC: BB953344F1C28A2CA9948B2B30033984:744
EP: 60 E8 09 00 00 00 05 F7 0C 00 E9 06 02 00 00 33 C9 5E 87 0E E3 F4 2B F1 8B DE AD 2B D8 AD 03 C3 50 97 AD 91 F3 A5 5E AD 56 91 01 1E AD E2 FB AD 8D 6E 10 01 5D 00 8D 7D 1C B5 1C F3 AB 5E AD 53 50
SEC:
.Upack:00000000000000000000000000000000:0
.rsrc:9953741DD43AE119B9506E44DF5CAAD7:211835


----- C:\Users\SEBAST~1\AppData\Local\Temp\iexplorer.exe ---- General
Mal/Packer!se5
MD5: 2EC72C79D802600B9EE9BC658F41E5E9:2368
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:1706E375A7BB25F2C8265C3C78A9A3D9:1856


----- C:\Users\SEBAST~1\AppData\Local\Temp\ik2el.dll ---- General
Trojan-Downloader.Win32.Frethog
MD5: A8DA7AE99BF483F4A2AF8B4C14F67A8B:30000
EP: 80 7C 24 08 01 0F 85 B9 01 00 00 60 BE 00 90 00 10 8D BE 00 80 FF FF 57 83 CD FF EB 0D 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC
SEC:
UPX0:00000000000000000000000000000000:0
UPX1:F72EF2EB49A3B1ECB29FC187B41FD8AF:3584
UPX2:6E6366F8501500F0AA91D8BDD1ABA644:512


----- C:\Users\SEBAST~1\AppData\Local\Temp\jd0sz.dll ---- General
Trojan-Downloader.Win32.Frethog
MD5: A8DA7AE99BF483F4A2AF8B4C14F67A8B:30000
EP: 80 7C 24 08 01 0F 85 B9 01 00 00 60 BE 00 90 00 10 8D BE 00 80 FF FF 57 83 CD FF EB 0D 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC
SEC:
UPX0:00000000000000000000000000000000:0
UPX1:F72EF2EB49A3B1ECB29FC187B41FD8AF:3584
UPX2:6E6366F8501500F0AA91D8BDD1ABA644:512


----- C:\Users\SEBAST~1\AppData\Local\Temp\jov87t0nk9uuh8.exe ---- General
Mal/Packer!se5
ProdVer:
FileVer: 1.0
Name :
Company: Microsoft Corporation
MD5: 52CC7161683B552777033136E60CE5A9:60000
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- C:\Users\SEBAST~1\AppData\Local\Temp\l1ympa95jwo.exe ---- General
Mal/Packer!se5
ProdVer:
FileVer: 1.0
Name :
Company: Microsoft Corporation
MD5: 52CC7161683B552777033136E60CE5A9:60000
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- C:\Users\SEBAST~1\AppData\Local\Temp\lvo98uy1.exe ---- General
Mal/Packer!se5
MD5: A539C9A43BD46146DA2376F1D5650B79:30000
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:50B46E7BEC256D4DFFE0532AAFB87500:3072


----- C:\Users\SEBAST~1\AppData\Local\Temp\mdm.exe ---- General
Mal/Packer!se5
ProdVer:
FileVer: 1.0
Name :
Company: Microsoft Corporation
MD5: 101C553D501BF206CE3B84E6B3EDF952:60004
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- C:\Users\SEBAST~1\AppData\Local\Temp\q4jon5.dll ---- General
Trojan-Downloader.Win32.Frethog
MD5: A8DA7AE99BF483F4A2AF8B4C14F67A8B:30000
EP: 80 7C 24 08 01 0F 85 B9 01 00 00 60 BE 00 90 00 10 8D BE 00 80 FF FF 57 83 CD FF EB 0D 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC
SEC:
UPX0:00000000000000000000000000000000:0
UPX1:F72EF2EB49A3B1ECB29FC187B41FD8AF:3584
UPX2:6E6366F8501500F0AA91D8BDD1ABA644:512


----- C:\Users\SEBAST~1\AppData\Local\Temp\rdybyqnt9e5k4.exe ---- General
Mal/Packer!se5
ProdVer:
FileVer: 1.0
Name :
Company: Microsoft Corporation
MD5: 52CC7161683B552777033136E60CE5A9:60000
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- C:\Users\SEBAST~1\AppData\Local\Temp\sxarecomnw.exe ---- General
Mal/Fraud!se590
ProdVer: 2,9,211,1190
FileVer:
Name : C9 H13 N
Company:
MD5: 12CCEEB6694573A7090E61BAB67502B7:83456
EP: 55 8B EC 51 56 57 33 FF 57 8B 04 E5 20 20 40 00 FF D0 BE C8 00 00 00 8B C6 90 48 0F 85 F8 FF FF FF 6A 0A 57 8D 45 FC 50 50 8B 04 65 14 20 40 00 FF D0 90 FF CE 0F 85 F7 FF FF FF 8B 45 0C 33 C9 68
SEC:
.text:38AEF7B6328012093984FAED8FEF9A8F:3584
.rdata:7592129ECE0B0D7E7A7908AD63BEAB51:3584
.data:9619A2D1AB4E764F4520CF87637D7387:5120
.xpi:0F343B0931126A20F133D67C2B018A3B:1024
.ixp:BF619EAC0CDF3F68D496EA9344137E8B:512
.pixi:0F343B0931126A20F133D67C2B018A3B:1024
.rsrc:A6E3A41E603D097D5C08BF28F17F25B5:67072
.reloc:13DB68D8388D2982E0869EDFAB3D94D6:512


----- C:\Users\SEBAST~1\AppData\Local\Temp\tbcwy2r.exe ---- General
Mal/Packer!se5
MD5: A539C9A43BD46146DA2376F1D5650B79:30000
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:50B46E7BEC256D4DFFE0532AAFB87500:3072


----- C:\Users\SEBAST~1\AppData\Local\Temp\tbe1rp.exe ---- General
Mal/Packer!se5
MD5: A539C9A43BD46146DA2376F1D5650B79:30000
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:50B46E7BEC256D4DFFE0532AAFB87500:3072


----- C:\Users\SEBAST~1\AppData\Local\Temp\tjhgnt.exe ---- General
Mal/Packer!se5
MD5: 584998016369CACAA34795D73555F842:31696
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:C16A867CEB110C0A97B151CDB63257EA:31184


----- C:\Users\SEBAST~1\AppData\Local\Temp\tpcuqc.exe ---- General
Mal/Packer!se5
MD5: 584998016369CACAA34795D73555F842:31696
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:C16A867CEB110C0A97B151CDB63257EA:31184


----- C:\Users\SEBAST~1\AppData\Local\Temp\w4269.dll ---- General
Trojan-Downloader.Win32.Frethog
MD5: A8DA7AE99BF483F4A2AF8B4C14F67A8B:30000
EP: 80 7C 24 08 01 0F 85 B9 01 00 00 60 BE 00 90 00 10 8D BE 00 80 FF FF 57 83 CD FF EB 0D 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC
SEC:
UPX0:00000000000000000000000000000000:0
UPX1:F72EF2EB49A3B1ECB29FC187B41FD8AF:3584
UPX2:6E6366F8501500F0AA91D8BDD1ABA644:512


----- C:\Users\SEBAST~1\AppData\Local\Temp\wb0q1w28.exe ---- General
Mal/Packer!se5
MD5: A539C9A43BD46146DA2376F1D5650B79:30000
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:50B46E7BEC256D4DFFE0532AAFB87500:3072


----- C:\Users\SEBAST~1\AppData\Local\Temp\wemnocxars.exe ---- General
Mal/Fraud!se590
ProdVer: 2,9,211,1190
FileVer:
Name : C9 H13 N
Company:
MD5: 12CCEEB6694573A7090E61BAB67502B7:83456
EP: 55 8B EC 51 56 57 33 FF 57 8B 04 E5 20 20 40 00 FF D0 BE C8 00 00 00 8B C6 90 48 0F 85 F8 FF FF FF 6A 0A 57 8D 45 FC 50 50 8B 04 65 14 20 40 00 FF D0 90 FF CE 0F 85 F7 FF FF FF 8B 45 0C 33 C9 68
SEC:
.text:38AEF7B6328012093984FAED8FEF9A8F:3584
.rdata:7592129ECE0B0D7E7A7908AD63BEAB51:3584
.data:9619A2D1AB4E764F4520CF87637D7387:5120
.xpi:0F343B0931126A20F133D67C2B018A3B:1024
.ixp:BF619EAC0CDF3F68D496EA9344137E8B:512
.pixi:0F343B0931126A20F133D67C2B018A3B:1024
.rsrc:A6E3A41E603D097D5C08BF28F17F25B5:67072
.reloc:13DB68D8388D2982E0869EDFAB3D94D6:512


----- C:\Users\SEBAST~1\AppData\Local\Temp\wsb019.dll ---- General
Trojan-Downloader.Win32.Frethog
MD5: A8DA7AE99BF483F4A2AF8B4C14F67A8B:30000
EP: 80 7C 24 08 01 0F 85 B9 01 00 00 60 BE 00 90 00 10 8D BE 00 80 FF FF 57 83 CD FF EB 0D 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC
SEC:
UPX0:00000000000000000000000000000000:0
UPX1:F72EF2EB49A3B1ECB29FC187B41FD8AF:3584
UPX2:6E6366F8501500F0AA91D8BDD1ABA644:512


----- C:\Users\SEBAST~1\AppData\Local\Temp\ww6kxsa7n8i.exe ---- General
Mal/Packer!se5
ProdVer:
FileVer: 1.0
Name :
Company: Microsoft Corporation
MD5: 52CC7161683B552777033136E60CE5A9:60000
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:ADE75ACFAD8616FA2CDC8080A986844C:20992


----- C:\Users\SEBAST~1\AppData\Local\Temp\xgduscdu.exe ---- General
TrojanDownloader
ProdVer: 2, 4, 0, 1
FileVer: 2, 1, 0, 5
Name : NDIS VPN
Company: SecureNet
MD5: FE422471EEAC8B490DF54E6FC97EC326:19968
RIC: 22A095A2C8FA19BEE7F33040DBFD8F02:744
EP: 55 8B EC 81 EC C8 01 00 00 57 56 83 65 D8 00 53 6A 00 6A 00 6A 00 6A 00 6A 00 FF 15 7C C1 40 00 2D 00 00 07 80 BA C5 61 40 00 01 C2 8B 12 83 E8 57 21 45 FC 83 E1 00 81 F1 00 70 40 00 89 4D F4 8D
SEC:
.textbs:00000000000000000000000000000000:0
.text:82F375DBD0169C5423567C8A8B84C613:1024
.data:6F03B502C1618F3917FB3878D9D02999:1024
.rsrcB195679DDDBBFAA89D515632F816E35:9728
.debug:EFFDE7E9659C7D99EADBAACD39169CA7:1024
.idata:38593EAB52968CBC986DE4FD88FB3659:6144


----- C:\Users\SEBAST~1\AppData\Local\Temp\zwzdtr1o.exe ---- General
Mal/Packer!se5
MD5: A539C9A43BD46146DA2376F1D5650B79:30000
EP: BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC
SEC:
:00000000000000000000000000000000:0
:50B46E7BEC256D4DFFE0532AAFB87500:3072


Scan completed!

Scan result: 114 detected items
Scan completed in: Scan completed in 21 minute(s) 22 sec.
Files were scanned: 12243

danke sehr im voraus!

Alt 08.09.2010, 14:12   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Stark verseuchter  PC--> gleich formatieren? - Standard

Stark verseuchter PC--> gleich formatieren?



Hallo und

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.



Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 08.09.2010, 17:48   #3
Trojanerdoof
 
Stark verseuchter  PC--> gleich formatieren? - Standard

Stark verseuchter PC--> gleich formatieren?



danke für deine schnelle Antwort!
aber ich denke,dass ich den PC lieber gleich formatieren werde. um alles einfach wieder ganz neu und clean zu haben.

wenn ich denn formatiere und daten wie musik und fotoalben und filme rette möchte. darf ich eine externe festplatte an den verseuchten pc anschließen um die daten dort rüberzuziehn? oder ist das risiko zu groß, dass die externe festplatte verseucht wird? und später wieder der eigentliche pc...

außerdem würde ich mich freuen wenn du mir helfen könntest den pc erfolgreich zu formatieren. hab das noch nie gemacht.
__________________

Alt 08.09.2010, 19:53   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Stark verseuchter  PC--> gleich formatieren? - Standard

Stark verseuchter PC--> gleich formatieren?



Zitat:
darf ich eine externe festplatte an den verseuchten pc anschließen um die daten dort rüberzuziehn? oder ist das risiko zu groß, dass die externe festplatte verseucht wird? und später wieder der eigentliche pc...
Am saubersten ist das Sichern über eine Live-CD wie Knoppix => http://www.trojaner-board.de/75619-a...x-live-cd.html

Zitat:
außerdem würde ich mich freuen wenn du mir helfen könntest den pc erfolgreich zu formatieren. hab das noch nie gemacht.
Folge nach der Datensicherung dem Artikel zur Neuinstallation von Windows
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.09.2010, 21:22   #5
Trojanerdoof
 
Stark verseuchter  PC--> gleich formatieren? - Standard

Stark verseuchter PC--> gleich formatieren?



okay. danke für die verweise. hier hab ich trotzdfem nochmal die scans! also würde einfach nur gerne eine einschätzung bekommen, ob ne formatierung am meißten sinn macht:

OTL: logfile 1


OTL logfile created on: 08.09.2010 19:53:34 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Sebastian\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 63,60 Gb Free Space | 21,33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SEBASTIAN-PC
Current User Name: Sebastian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Sebastian\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Sebastian\AppData\Local\Temp\svchost.exe (Microsoft Corporation)
PRC - C:\Users\Sebastian\AppData\Local\Temp\win16.exe (Microsoft Corporation)
PRC - C:\Users\Sebastian\AppData\Local\Temp\iexplarer.exe (Microsoft Corporation)
PRC - C:\Users\Sebastian\AppData\Local\Temp\login.exe (Microsoft Corporation)
PRC - C:\Users\Sebastian\AppData\Local\Temp\win.exe (Microsoft Corporation)
PRC - C:\Users\Sebastian\AppData\Local\Temp\mdm.exe (Microsoft Corporation)
PRC - C:\Users\Sebastian\AppData\Local\Temp\winlogon.exe (Microsoft Corporation)
PRC - C:\Users\Sebastian\AppData\Local\Temp\wininst.exe (Microsoft Corporation)
PRC - C:\Users\Sebastian\guoajuc.exe ()
PRC - C:\Users\Sebastian\AppData\Local\Temp\xf7hkna8hcn5d.exe (Microsoft Corporation)
PRC - C:\Users\Sebastian\AppData\Local\Temp\eiicrwk4e5.exe ()
PRC - C:\Users\Sebastian\AppData\Local\Temp\cmd.exe (Microsoft Corporation)
PRC - C:\Users\Sebastian\AppData\Local\Temp\winamp.exe (Microsoft Corporation)
PRC - C:\Users\Sebastian\AppData\Local\Temp\s5hgzklvl0.exe ()
PRC - C:\Users\Sebastian\AppData\Local\Temp\services.exe (Microsoft Corporation)
PRC - C:\Users\Sebastian\AppData\Local\Temp\debug.exe (Microsoft Corporation)
PRC - C:\Users\Sebastian\AppData\Local\Temp\sysedit.exe (Microsoft Corporation)
PRC - C:\Users\Sebastian\AppData\Local\Temp\csrss.exe (Microsoft Corporation)
PRC - C:\Users\Sebastian\AppData\Local\Temp\nvsvc32.exe (Microsoft Corporation)
PRC - C:\Users\Sebastian\AppData\Local\Temp\gdi32.exe (Microsoft Corporation)
PRC - C:\Users\Sebastian\AppData\Local\Temp\avp.exe (Microsoft Corporation)
PRC - C:\Users\Sebastian\AppData\Local\Temp\spoolsv.exe (Microsoft Corporation)
PRC - C:\Users\Sebastian\AppData\Local\Temp\lsass.exe (Microsoft Corporation)
PRC - C:\Users\Sebastian\AppData\Local\Temp\hexdump.exe (Microsoft Corporation)
PRC - C:\Users\Sebastian\AppData\Local\Temp\user.exe (Microsoft Corporation)
PRC - C:\Users\Sebastian\AppData\Local\Temp\taskmgr.exe (Microsoft Corporation)
PRC - C:\Users\Sebastian\AppData\Local\Temp\system.exe (Microsoft Corporation)
PRC - C:\Users\Sebastian\AppData\Local\Temp\smss.exe (Microsoft Corporation)
PRC - C:\Users\Sebastian\AppData\Local\Temp\hpgym.exe ()
PRC - C:\Users\Sebastian\AppData\Local\Temp\czev2jlhli.exe ()
PRC - C:\Users\Sebastian\AppData\Local\Temp\xdrlac.exe ()
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Program Files\Alice\Signup\AliceCnn.exe (Hansenet)
PRC - C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Sebastian\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

logfile 2

OTL Extras logfile created on: 08.09.2010 19:53:35 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Sebastian\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 63,60 Gb Free Space | 21,33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SEBASTIAN-PC
Current User Name: Sebastian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06CE4A5D-61FE-41DE-8558-1F2745272E34}" = lport=6989 | protocol=6 | dir=in | name=league of legends launcher |
"{0B303A5F-C391-4E41-A2C8-E54FEF428B4F}" = lport=6908 | protocol=6 | dir=in | name=league of legends launcher |
"{3EAFF393-06F1-48A9-A7E6-6CDF93676BB1}" = lport=6950 | protocol=17 | dir=in | name=league of legends launcher |
"{5821AF85-29B7-4519-8574-4B9FC9D2CA65}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{587BCFF0-3837-453A-A2A9-E93F8195E956}" = lport=6908 | protocol=17 | dir=in | name=league of legends launcher |
"{5F44CA6F-D8B9-4AD2-8D38-F9B34C4A51B5}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{7FDE9877-066A-4D66-ADF2-B5F1B9F7139E}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{84F70036-D79F-495E-BC0E-50DDBD49B659}" = lport=6893 | protocol=17 | dir=in | name=league of legends launcher |
"{8AEDBA9C-42B7-4144-98B4-0E379308A002}" = lport=6933 | protocol=17 | dir=in | name=league of legends launcher |
"{997F8213-31E0-44B5-ADC5-FB657E751CC6}" = lport=6980 | protocol=6 | dir=in | name=league of legends launcher |
"{9A2FED11-6B41-4775-A516-C8ADBC83A6EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A290EAF7-D301-48D5-8DB2-53CCFAFD6119}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{AB0AD656-EA4F-4405-883E-2232C2385565}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{C5345FA6-EA38-4C12-A3A9-9D016BF571F0}" = lport=6897 | protocol=17 | dir=in | name=league of legends launcher |
"{D01E00A0-45ED-4318-BB0B-2D50F16ECE16}" = lport=6933 | protocol=6 | dir=in | name=league of legends launcher |
"{D11BE343-A59E-4394-86DA-D122EE58B3D7}" = lport=6950 | protocol=6 | dir=in | name=league of legends launcher |
"{D62FC7BB-321D-4073-9451-D0FD6CD3D5F3}" = lport=6996 | protocol=17 | dir=in | name=league of legends launcher |
"{D8653DD8-F94B-4573-AD33-14E9AD97D696}" = lport=6996 | protocol=6 | dir=in | name=league of legends launcher |
"{DA3609C7-099B-432F-B727-26F6E33A17F3}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{E9C2FC7E-DFF2-460B-97BF-863EDFD6D5F4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EEDEC0C0-C86F-4414-9B9B-A980427428CA}" = lport=6893 | protocol=6 | dir=in | name=league of legends launcher |
"{F540C138-6DAE-4405-A3D0-939D8EB4E988}" = lport=6897 | protocol=6 | dir=in | name=league of legends launcher |
"{F890AF6A-E272-4538-93DE-762689E64E4B}" = lport=6980 | protocol=17 | dir=in | name=league of legends launcher |
"{FBE47367-30E5-45A5-B3A6-DBE2BBBAD312}" = lport=6989 | protocol=17 | dir=in | name=league of legends launcher |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F5BF215-0E01-4679-A671-FA4358E73362}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{213BB3B0-9E3E-478A-9352-F0961942FE17}" = protocol=6 | dir=in | app=c:\games\mass effect 2\binaries\masseffect2.exe |
"{37EB0FE8-496D-4A15-BDB7-C87492613180}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe |
"{3F360522-D45E-4F48-AEF6-8A3B398614B0}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4244B9C8-CC6D-463B-B88D-EB76F758BC54}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe |
"{4DEFAA3F-9713-47F1-9450-F471FCB1959B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{545EAB47-87B1-4EBC-A267-E74C34C3047F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5906BC5E-2BBD-4449-B1CC-C362C15E62DB}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{5C2A55D4-00A9-458D-B01E-C9A3083D4D54}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61DB3D1E-5D2D-4780-88BA-23A6434F31DE}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{697E87B7-6F7B-4A32-A08B-6D5182998F7E}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{78BE2C28-1C99-4EE7-9315-CB54E9FAA5DB}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe |
"{793653B8-3A1A-421F-B72B-8E4A52703124}" = protocol=6 | dir=in | app=c:\program files\league of legends\lol.launcher.exe |
"{7C27E199-A756-4180-8A96-DE9446D5046D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{89CDBA2B-0CFF-4E18-B2F2-F9D53EFBBBD9}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8EB3102F-2E76-4E77-B7ED-13063D0EFC0F}" = protocol=17 | dir=in | app=c:\program files\league of legends\lol.launcher.exe |
"{A02C8CE3-8F5E-4C15-ADFF-6821CD0D7F6E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A107FF26-1124-4551-8AA6-D94D00DAC22F}" = protocol=17 | dir=in | app=c:\games\mass effect 2\binaries\masseffect2.exe |
"{A1A7C7F0-6E83-4215-A9AA-8F1226080708}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A5C57CC0-DE5B-4A46-BD94-430CBC46D1EA}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{ABC2E80D-6505-4F1C-B4D4-FC674E949E65}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C3E166AA-4DCF-46AA-B3E1-C511E4D7525C}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe |
"{C58D3841-990F-49ED-AC37-584BC54DEF82}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{C8407C36-841E-465A-8EF6-20615DD3411F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CA738AF0-1683-46B2-A40B-4834C09F60B2}" = protocol=17 | dir=in | app=c:\games\mass effect 2\masseffect2launcher.exe |
"{E0756DEC-3142-47D2-8609-F0635A1D1C7D}" = protocol=6 | dir=in | app=c:\games\mass effect 2\masseffect2launcher.exe |
"{EF6C6CCF-D744-4177-AB95-994D358B18DE}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"TCP Query User{078507A1-69EB-4ABC-857C-B09B5962F987}C:\users\sebastian\downloads\anarchyonline_18.1.1-large.exe" = protocol=6 | dir=in | app=c:\users\sebastian\downloads\anarchyonline_18.1.1-large.exe |
"TCP Query User{1682A672-0320-40EB-89A4-8C0A6ECC4034}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{3B042130-F92C-4096-B1B4-E2AB48C724CA}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{65088954-D75D-4DB2-B39F-2B406FC74B95}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{B62B3D96-5CF2-4B01-9788-A5B74EF082F5}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{E14B9A3C-24A5-4E13-B45D-670076430DB8}C:\users\sebastian\downloads\anarchyonline_17.9.1-small.exe" = protocol=6 | dir=in | app=c:\users\sebastian\downloads\anarchyonline_17.9.1-small.exe |
"TCP Query User{E445B9BA-249F-4002-BEF6-1E5B632FAE0C}C:\users\sebastian\downloads\anarchyonline_18.1.1-large(2).exe" = protocol=6 | dir=in | app=c:\users\sebastian\downloads\anarchyonline_18.1.1-large(2).exe |
"UDP Query User{228CDB5C-6B8F-40B3-8EDB-FBA37F6CF914}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{45398455-E33F-4DA6-A6B1-22AB83DADB83}C:\users\sebastian\downloads\anarchyonline_18.1.1-large.exe" = protocol=17 | dir=in | app=c:\users\sebastian\downloads\anarchyonline_18.1.1-large.exe |
"UDP Query User{8FC09D25-C2E0-4279-9790-A8FECF66F55B}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{94EEBB59-E1AD-445D-A2DF-A8B6D482389B}C:\users\sebastian\downloads\anarchyonline_17.9.1-small.exe" = protocol=17 | dir=in | app=c:\users\sebastian\downloads\anarchyonline_17.9.1-small.exe |
"UDP Query User{95205790-ACA2-41E4-9F8F-805F42565169}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{C365A5EF-29E4-4E2F-B573-3D87E38B3EDE}C:\users\sebastian\downloads\anarchyonline_18.1.1-large(2).exe" = protocol=17 | dir=in | app=c:\users\sebastian\downloads\anarchyonline_18.1.1-large(2).exe |
"UDP Query User{F14C7604-1B7B-4552-9825-79C62D39DE61}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""Sarah - Die Hüterin des Einhorns"" = "Sarah - Die Hüterin des Einhorns"
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14CB43A6-27F8-4F6A-A755-782ABD04B0EA}" = Winx Club
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 17
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-145C
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E298B0A-558C-4138-0096-740677B382CD}" = HdR Die Rückkehr des Königs tm
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C878CD69-85DB-426B-81A3-E71175AAEB91}" = Dealio Toolbar v4.0.2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6782F44-58DB-4DE5-A65C-890320CF3F99}" = Prince of Persia The Two Thrones
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}" = The Matrix - Path of Neo
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4933D9F-89CC-4CA9-B5B0-CF32968890C7}" = BookScan&Whiteboard Suite
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"7-Zip" = 7-Zip 4.64
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alice" = Alice-Installationsdateien entfernen
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CCleaner" = CCleaner (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Foxit Reader" = Foxit Reader
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube Download_is1" = Free YouTube Download 2.6
"GameSpy Arcade" = GameSpy Arcade
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.2
"NVIDIA Drivers" = NVIDIA Drivers
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RunMe" = RunMe 0.9
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Antimalware Doctor" = Antimalware Doctor
"BitTorrent" = BitTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08.09.2010 12:44:49 | Computer Name = Sebastian-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6002.18005, Zeitstempel
0x49e01e78, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x000003e3, Prozess-ID 0x1744, Anwendungsstartzeit
01cb4f7511139a1b.

Error - 08.09.2010 12:59:53 | Computer Name = Sebastian-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6002.18005, Zeitstempel
0x49e01e78, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x000003e3, Prozess-ID 0x10e4, Anwendungsstartzeit
01cb4f751e644b1b.

Error - 08.09.2010 12:59:57 | Computer Name = Sebastian-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6002.18005, Zeitstempel
0x49e01e78, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x000003e3, Prozess-ID 0x10e4, Anwendungsstartzeit
01cb4f751e644b1b.

Error - 08.09.2010 13:00:52 | Computer Name = Sebastian-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung OfficeLiveSignIn.exe, Version 2.0.2313.0, Zeitstempel
0x491c0a79, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x000003e3, Prozess-ID 0x1708, Anwendungsstartzeit
01cb4f775c1df35b.

Error - 08.09.2010 13:26:16 | Computer Name = Sebastian-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung fgmbifsuqiw.exe, Version 5.1.2600.0, Zeitstempel
0x4c849dad, fehlerhaftes Modul fgmbifsuqiw.exe, Version 5.1.2600.0, Zeitstempel
0x4c849dad, Ausnahmecode 0xc0000005, Fehleroffset 0x00015c4e, Prozess-ID 0x8e4,
Anwendungsstartzeit 01cb4f7ad32ed0f0.

Mawarebyte:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4572

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

08.09.2010 22:17:21
mbam-log-2010-09-08 (22-17-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 291972
Laufzeit: 2 Stunde(n), 7 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 36
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 65
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 89

Infizierte Speicherprozesse:
C:\Users\Sebastian\AppData\Local\Temp\xdrlac.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\czev2jlhli.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\hpgym.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\s5hgzklvl0.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\eiicrwk4e5.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\s5hgzklvl0.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\eiicrwk4e5.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\hpgym.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\xdrlac.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\czev2jlhli.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\taskmgr.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\smss.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\system.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\spoolsv.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\user.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\lsass.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\hexdump.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\mdm.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\avp.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\gdi32.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\nvsvc32.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\csrss.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\sysedit.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\services.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\debug.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\winamp.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\cmd.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\xf7hkna8hcn5d.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\win.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\winlogon.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\svchost.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\wininst.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\win16.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\login.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\iexplarer.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.exe (Worm.AutoRun) -> No action taken.

Infizierte Speichermodule:
C:\Users\Sebastian\AppData\Local\Temp\msllhsjn.dll (Trojan.Onlinegames) -> No action taken.
C:\Program Files\Dealio Toolbar\FF\components\dealioToolbarFF.dll (Adware.WidgiToolbar) -> No action taken.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} (Adware.WidgiToolbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} (Adware.WidgiToolbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} (Adware.WidgiToolbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} (Adware.WidgiToolbar) -> No action taken.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlqx (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngqoc (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlnfa (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngqdqc (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlme (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngpe (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlbuq (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngdtfc (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlkt_ (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngmtoc (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Dealio Toolbar\FF\components\dealioToolbarFF.dll (Adware.WidgiToolbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlpsc (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngosf (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlrf (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlud (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfnguuc (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlrxc (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngrvg (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlqf (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngta (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlne (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngqd (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlotc (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngmve (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlmc (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngne (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejloc (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngoe (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlk+ (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngl/ (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlspc (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngsfp (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlpe (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngoh (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlupc (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngupf (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlppf (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngpta (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlhb (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfnglb (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlqb (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngrrc (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlkc (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngnb (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mediafix70700en02.exe (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlcoclst~1\appdata\local\temp\xf7hkna8hcn5d.exe (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngqeznstian\appdata\local\temp\xf7hkna8hcn5d.exe (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\laelrfjo (Rogue.SecuritySuite) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gofebquu (Rogue.SecuritySuite) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngre (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlqc (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlqse (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngrsc (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlqvc (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngtrf (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngruf (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlq+ (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngra (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlna (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngpb (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvnzpiejlora (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvdsbhfngmtd (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} (Adware.WidgiToolbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Sebastian\AppData\Local\Temp\msllhsjn.dll (Trojan.Onlinegames) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\xdrlac.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\czev2jlhli.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\hpgym.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\s5hgzklvl0.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\eiicrwk4e5.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\Dealio Toolbar\FF\components\dealioToolbarFF.dll (Adware.WidgiToolbar) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\taskmgr.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\smss.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\system.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\spoolsv.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\user.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\lsass.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\hexdump.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\mdm.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\avp.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\gdi32.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\nvsvc32.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\csrss.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\sysedit.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\services.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\debug.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\winamp.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\cmd.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Roaming\88D5DAEEEEAEA11A9121E6E125C97AF8\mediafix70700en02.exe (Trojan.Agent) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\xf7hkna8hcn5d.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\ufqqtkxxt\fgmbifsuqiw.exe (Rogue.SecuritySuite) -> No action taken.
C:\Users\Sebastian\AppData\Local\srlqtckph\foauqivuqiw.exe (Rogue.SecuritySuite) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\win.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\winlogon.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\svchost.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\wininst.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\win16.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\login.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\iexplarer.exe (Trojan.Downloader) -> No action taken.
C:\Mass Effect 2\keygen.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\Dealio Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> No action taken.
C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Adware.WidgiToolbar) -> No action taken.
C:\Recycled\Recycled\ctfmon.exe (Worm.AutoRun) -> No action taken.
C:\Users\Sebastian\taobuv.exe (P2P.Worm) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\setup.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\sowmik.exe (P2P.Worm) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\sxarecomnw.exe (Rootkit.Dropper) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\tbcwy2r.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\tbe1rp.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\tjhgnt.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\tpcuqc.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\fwj3e05io.exe (Trojan.Sisproc.Gen) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\g1xwc.dll (Trojan.Ertfor) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\i8btkjerp.exe (Trojan.Sisproc.Gen) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\iexplorer.exe (Trojan.Agent) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\ik2el.dll (Trojan.Ertfor) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\install.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\br8oc.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\cyac.exe (P2P.Worm) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\dcvkbgj.exe (Rogue.SecuritySuite) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\202fbh.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\2694.tmp (Rootkit.TDSS.Gen) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\2oda2g93.exe (Trojan.Dropper) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\q4jon5.dll (Trojan.Ertfor) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\rcweosxanm.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\rdybyqnt9e5k4.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\ahnob.exe (P2P.Worm) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\mkcxhunr.exe (Rogue.SecuritySuite) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\ubwdklcx.exe (P2P.Worm) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\wsb019.dll (Trojan.Ertfor) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\ww6kxsa7n8i.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\xgduscdu.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\zwzdtr1o.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\jd0sz.dll (Trojan.Ertfor) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\jliey.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\jov87t0nk9uuh8.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\l1ympa95jwo.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\lvo98uy1.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\dl3b5ixpg5.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\w4269.dll (Trojan.Ertfor) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\wb0q1w28.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\wemnocxars.exe (Rootkit.Dropper) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\win32.exe (Trojan.Downloader) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\465.tmp (Rootkit.TDSS.Gen) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\9vssrukf.exe (Trojan.LVBP) -> No action taken.
C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.exe (Worm.AutoRun) -> No action taken.
C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp (Trojan.Bamital.Gen) -> No action taken.
C:\Windows\System32\drivers\nyzar.sys (Rootkit.Agent) -> No action taken.
C:\Windows\Temp\4F0.tmp (Rootkit.TDSS.Gen) -> No action taken.
C:\Users\Sebastian\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> No action taken.
C:\Users\Sebastian\AppData\Local\Temp\skaioejiesfjoee.tmp (Malware.Trace) -> No action taken.


Alt 08.09.2010, 22:02   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Stark verseuchter  PC--> gleich formatieren? - Standard

Stark verseuchter PC--> gleich formatieren?



Wenn Du formatierst eine eine Analyse reine Zeitverschwendung
__________________
--> Stark verseuchter PC--> gleich formatieren?

Antwort

Themen zu Stark verseuchter PC--> gleich formatieren?
avp.exe, dateien, desktop, detected, explorer, file, formatieren, hijack.folderoptions, home, home premium, iexplorer.exe, internet, internet explorer, launch, local\temp, lsass.exe, malwarebytes, mdm.exe, microsoft, opera, password.stealer, secure, services.exe, software, start menu, system, temp, trojan.agent, viren, virus, vista, windows



Ähnliche Themen: Stark verseuchter PC--> gleich formatieren?


  1. Verseuchter Laptop
    Log-Analyse und Auswertung - 28.02.2015 (9)
  2. Stark verseuchter PC
    Plagegeister aller Art und deren Bekämpfung - 25.04.2014 (25)
  3. Verseuchter PC
    Log-Analyse und Auswertung - 03.04.2014 (11)
  4. Verseuchter PC (diverse Trojaner?)
    Log-Analyse und Auswertung - 20.01.2011 (22)
  5. Verseuchter Laptop?
    Plagegeister aller Art und deren Bekämpfung - 06.10.2010 (2)
  6. Viren verseuchter PC
    Plagegeister aller Art und deren Bekämpfung - 27.02.2010 (8)
  7. Verseuchter Rechner
    Log-Analyse und Auswertung - 16.06.2009 (1)
  8. Verseuchter Rechner ?!
    Mülltonne - 07.10.2007 (0)
  9. Total verseuchter rechner
    Plagegeister aller Art und deren Bekämpfung - 04.10.2007 (3)
  10. Systembereinigung oder gleich formatieren? - Eine Grundsatzdiskussion...
    Diskussionsforum - 24.07.2007 (190)
  11. Verseuchter Computer
    Log-Analyse und Auswertung - 14.05.2006 (10)
  12. Verseuchter PC??
    Plagegeister aller Art und deren Bekämpfung - 22.12.2005 (8)
  13. Geplänkel zum Thread: Systembereinigung oder gleich formatieren? - Eine Grundsatzdiskussion...
    Mülltonne - 10.10.2005 (7)
  14. Geplänkel zu Systembereinigung oder gleich formatieren?
    Mülltonne - 22.08.2005 (8)
  15. Verseuchter Webspace
    Plagegeister aller Art und deren Bekämpfung - 12.08.2005 (2)
  16. Verseuchter PC
    Plagegeister aller Art und deren Bekämpfung - 03.02.2005 (2)
  17. Und wieder ein verseuchter PC... *g*
    Plagegeister aller Art und deren Bekämpfung - 23.12.2004 (74)

Zum Thema Stark verseuchter PC--> gleich formatieren? - hallo alle zusammen! ich sags gleich: bin ziemlich schlampig mit meinem PC umgegangen und dementsprechend ist er stark mit allem möglichen verseucht! ich habe 2 scanc genutzt einmal "Malwarebytes" und - Stark verseuchter PC--> gleich formatieren?...
Archiv
Du betrachtest: Stark verseuchter PC--> gleich formatieren? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.