Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Malewarebytes hat mehrere Trojaner gefunden

Malewarebytes hat mehrere Trojaner gefunden


Log-Analyse und Auswertung: Malewarebytes hat mehrere Trojaner gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 16.12.2010, 19:15   #1
robert3000
 
Malewarebytes hat mehrere Trojaner gefunden - Standard

Malewarebytes hat mehrere Trojaner gefunden


Hallo

Mein System Win7 64bit machte einige "Zicken". Nichts gravierendes aber
doch auffällig genug um mal Malwarebytes laufen zu lassen.

Das Ergebnis war ernüchternd: Mehrere Trojaner.

Ich habe dann in Serie:
Comodo Internet Security Premium (Freeware-Version)
Malwarebytes Anti-Malware (mehrmals)
Trojan Remover (Free Version)
TDss Killer
Hitman Pro (mehrmals)
rKill

laufen lassen und alles entfernt was die besagten Programme gefunden haben.

Jetzt zum Schluss habe ich noch mit OTL ein Logfile gemacht, aber nichts wirklich auffälliges gefunden.

Wäre nett, wenn sich der eine oder andere Profi von euch auch das Logfile
ansehen könnte und mir Bescheid gibt, ob meine Versuche mein System zu bereinigen erfolgreich gewesen sind, oder nicht.
Danke
robert


Zitat:
OTL logfile created on: 16.12.2010 19:00:32 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = D:\Downloads\Trojaner Tools
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 153,38 Gb Total Space | 112,41 Gb Free Space | 73,29% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 317,72 Gb Free Space | 68,21% Space Free | Partition Type: NTFS
Drive E: | 147,55 Gb Total Space | 47,47 Gb Free Space | 32,17% Space Free | Partition Type: NTFS
Drive F: | 335,35 Gb Total Space | 68,55 Gb Free Space | 20,44% Space Free | Partition Type: NTFS
Drive G: | 1397,26 Gb Total Space | 199,50 Gb Free Space | 14,28% Space Free | Partition Type: NTFS

Computer Name: ROBERT-PC | User Name: robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010.12.16 17:34:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Downloads\Trojaner Tools\OTL.exe
PRC - [2010.12.12 19:38:11 | 000,042,500 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
PRC - [2010.11.07 22:47:21 | 003,975,088 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010.10.27 07:13:18 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.09.09 13:49:38 | 005,018,472 | ---- | M] (ASCOMP Software GmbH) -- C:\Program Files (x86)\ASCOMP Software\Synchredible\synchredible.exe
PRC - [2010.08.21 11:55:32 | 000,391,296 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010.08.21 11:54:46 | 005,493,736 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010.08.20 17:00:22 | 002,570,688 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2010.02.26 06:10:20 | 021,979,992 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2009.12.21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
PRC - [2009.09.08 14:34:40 | 000,338,448 | ---- | M] (TechniSat Digital, S.A.) -- C:\Program Files (x86)\TechniSat DVB\bin\Server4PC.exe
PRC - [2007.04.24 19:19:54 | 003,581,680 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe


========== Modules (SafeList) ==========

MOD - [2010.12.16 17:34:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Downloads\Trojaner Tools\OTL.exe
MOD - [2010.09.10 23:41:40 | 000,285,480 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010.02.14 02:53:56 | 000,210,432 | ---- | M] (Realtime Soft Ltd) -- C:\Programme\UltraMon\RTSUltraMonHookX32.dll
MOD - [2010.02.14 02:52:06 | 000,325,120 | ---- | M] (Realtime Soft Ltd) -- C:\Programme\UltraMon\UltraMonResButtons.dll
MOD - [2009.07.14 02:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2009.07.14 02:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.09.10 23:41:42 | 002,528,856 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2010.02.11 06:29:30 | 000,952,320 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010.11.08 23:50:29 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.11.07 22:47:21 | 003,975,088 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.08.21 11:55:58 | 001,079,512 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010.11.07 22:47:22 | 000,279,136 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010.11.07 22:47:20 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:64bit: - [2010.11.07 22:47:18 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010.11.07 22:47:11 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010.10.08 15:52:38 | 000,144,784 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.09.10 23:40:42 | 000,020,864 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2010.05.05 16:38:26 | 000,014,592 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2010.02.11 08:42:54 | 005,352,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.12.17 23:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.09.11 06:47:24 | 000,615,440 | ---- | M] (TechniSat Digital, S.A.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SkyNET_AMD64.sys -- (SKYNET)
DRV:64bit: - [2009.08.09 22:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.18 19:45:06 | 003,491,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTKVAC64.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2008.11.14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2008.02.01 17:24:06 | 000,032,240 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 5C 1F 88 E5 96 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.at"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0
FF - prefs.js..extensions.enabledItems: {5514CFC3-D9A8-4f1a-8DF1-930EBFB59901}:3.2.7
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.1.1
FF - prefs.js..extensions.enabledItems: {aa26583b-4c35-4729-913e-156956078824}:1.4.12.20100927
FF - prefs.js..extensions.enabledItems: {d62e0de0-401b-11dd-ae16-0800200c9a66}:5.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.11.07 17:36:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.11.08 23:49:03 | 000,000,000 | ---D | M]

[2010.11.07 16:36:33 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\mozilla\Extensions
[2010.12.16 12:38:00 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\mozilla\Firefox\Profiles\pg3u2i24.default\extensions
[2010.11.09 18:51:36 | 000,000,000 | ---D | M] (Qute) -- C:\Users\robert\AppData\Roaming\mozilla\Firefox\Profiles\pg3u2i24.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2010.11.09 18:46:49 | 000,000,000 | ---D | M] (Qute Classic) -- C:\Users\robert\AppData\Roaming\mozilla\Firefox\Profiles\pg3u2i24.default\extensions\{5514CFC3-D9A8-4f1a-8DF1-930EBFB59901}
[2010.11.09 18:51:41 | 000,000,000 | ---D | M] (Qute 3++ (custom mod)) -- C:\Users\robert\AppData\Roaming\mozilla\Firefox\Profiles\pg3u2i24.default\extensions\{aa26583b-4c35-4729-913e-156956078824}
[2010.12.09 22:14:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\robert\AppData\Roaming\mozilla\Firefox\Profiles\pg3u2i24.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.11 20:41:01 | 000,000,000 | ---D | M] (AvantGarde) -- C:\Users\robert\AppData\Roaming\mozilla\Firefox\Profiles\pg3u2i24.default\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}
[2010.11.09 18:48:58 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\mozilla\Firefox\Profiles\pg3u2i24.default\extensions\personas@christopher.beard
[2010.12.12 08:44:05 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\mozilla\Firefox\Profiles\pg3u2i24.default\extensions\tineye@ideeinc.com
[2010.11.11 20:41:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\robert\AppData\Roaming\mozilla\Firefox\Profiles\pg3u2i24.default\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}\chrome\4.0x\mozapps\extensions
[2010.11.11 20:41:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\robert\AppData\Roaming\mozilla\Firefox\Profiles\pg3u2i24.default\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}\chrome\imageres\mozapps\extensions
[2010.12.12 08:46:17 | 000,001,632 | ---- | M] () -- C:\Users\robert\AppData\Roaming\Mozilla\FireFox\Profiles\pg3u2i24.default\searchplugins\firefox-add-ons.xml
[2010.11.07 16:48:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.11.07 16:48:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.11.07 16:48:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.11.08 18:47:54 | 000,000,924 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe ()
O4 - HKLM..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe ()
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe ()
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe File not found
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Display Driver] C:\Users\robert\AppData\Local\Temp\AtiDisplayDriver.exe File not found
O4 - HKCU..\Run: [NVIDIA] C:\Users\robert\AppData\Roaming\notepad.exe File not found
O4 - Startup: C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 0.0.0.0
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (auto_reactivate C:\bootwiz\asrm.bin) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.12.16 17:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010.12.16 17:24:38 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Roaming\Malwarebytes
[2010.12.16 17:24:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.16 17:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.16 17:24:23 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.16 17:24:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.12.16 17:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.12.16 17:18:37 | 000,000,000 | ---D | C] -- C:\Users\robert\Documents\Simply Super Software
[2010.12.16 17:18:18 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ztvcabinet.dll
[2010.12.16 17:18:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2010.12.16 17:18:15 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Roaming\Simply Super Software
[2010.12.16 17:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010.12.12 10:10:17 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Roaming\vlc
[2010.12.12 10:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010.12.06 21:05:42 | 000,000,000 | ---D | C] -- C:\Users\robert\Application Data
[2010.12.04 19:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010.12.04 19:22:55 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Roaming\CyberLink
[2010.12.04 19:15:45 | 000,000,000 | ---D | C] -- C:\Users\robert\Documents\CyberLink
[2010.12.04 19:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2010.11.30 21:04:29 | 000,000,000 | ---D | C] -- C:\Users\robert\.VirtualBox
[2010.11.30 21:02:35 | 000,000,000 | ---D | C] -- C:\Programme\Oracle
[2010.11.28 16:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Technisat
[2010.11.28 16:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVBViewer TE2
[2010.11.28 16:18:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechniSat DVB
[2010.11.28 16:18:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MainConcept
[2010.11.28 16:13:58 | 000,615,440 | ---- | C] (TechniSat Digital, S.A.) -- C:\Windows\SysNative\drivers\SkyNET_AMD64.sys
[2010.11.28 15:59:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

========== Files - Modified Within 30 Days ==========

[2010.12.16 19:01:11 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2010.12.16 18:46:42 | 000,018,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.16 18:46:42 | 000,018,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.16 18:41:39 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.16 18:41:35 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At31.job
[2010.12.16 18:41:34 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010.12.16 18:41:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.16 18:41:24 | 2012,704,768 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.16 18:32:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At43.job
[2010.12.16 18:30:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.16 17:46:14 | 000,001,664 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2010.12.16 17:32:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At42.job
[2010.12.16 17:32:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At29.job
[2010.12.16 17:24:29 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.16 17:18:24 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010.12.16 16:32:06 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At27.job
[2010.12.16 16:32:05 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At41.job
[2010.12.16 15:32:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At40.job
[2010.12.16 15:32:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At25.job
[2010.12.16 15:21:05 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.12.16 15:21:05 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.12.16 15:21:05 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.12.16 15:21:05 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.12.16 15:21:05 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.12.16 14:32:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At38.job
[2010.12.16 14:32:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010.12.16 13:32:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At36.job
[2010.12.16 13:32:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010.12.16 12:32:05 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010.12.16 12:32:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At32.job
[2010.12.16 11:34:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010.12.16 11:32:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At30.job
[2010.12.16 10:34:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010.12.16 10:32:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At28.job
[2010.12.16 09:34:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010.12.16 09:32:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At26.job
[2010.12.16 08:34:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010.12.16 08:32:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010.12.16 07:34:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010.12.16 07:32:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010.12.16 06:32:11 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010.12.16 06:32:03 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010.12.15 23:55:52 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010.12.15 23:55:52 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At48.job
[2010.12.15 23:55:52 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At47.job
[2010.12.15 23:55:52 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At46.job
[2010.12.15 23:55:52 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At45.job
[2010.12.15 23:55:52 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At44.job
[2010.12.15 23:55:52 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010.12.15 23:55:52 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010.12.15 23:55:52 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010.12.15 23:55:52 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010.12.15 23:55:52 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010.12.15 23:55:52 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010.12.15 23:55:52 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010.12.15 23:55:52 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010.12.15 23:55:52 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At39.job
[2010.12.15 23:55:52 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At37.job
[2010.12.15 23:55:52 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At35.job
[2010.12.15 23:55:52 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At34.job
[2010.12.15 23:55:52 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At33.job
[2010.12.15 23:55:52 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010.12.15 23:55:52 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010.12.15 23:55:52 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010.12.12 19:58:23 | 000,007,620 | ---- | M] () -- C:\Users\robert\AppData\Local\Resmon.ResmonCfg
[2010.12.12 19:40:22 | 000,000,112 | ---- | M] () -- C:\ProgramData\o861N4P.dat
[2010.12.09 20:26:46 | 000,000,236 | ---- | M] () -- C:\Users\robert\SyncDocs.conf
[2010.12.08 15:21:33 | 000,005,632 | ---- | M] () -- C:\Users\robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.02 12:19:32 | 000,014,867 | ---- | M] () -- C:\Users\robert\Documents\Das Ei in der Flasche.docx
[2010.12.01 13:08:53 | 000,000,043 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.11.28 16:19:01 | 000,002,053 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Server4PC.lnk
[2010.11.28 16:04:32 | 365,977,159 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2010.12.16 17:46:14 | 000,001,664 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2010.12.16 17:42:15 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010.12.16 17:24:28 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.16 17:18:24 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010.12.16 17:18:18 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2010.12.16 17:18:18 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2010.12.16 17:18:18 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2010.12.16 17:18:18 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2010.12.12 19:58:23 | 000,007,620 | ---- | C] () -- C:\Users\robert\AppData\Local\Resmon.ResmonCfg
[2010.12.12 19:40:22 | 000,000,112 | ---- | C] () -- C:\ProgramData\o861N4P.dat
[2010.12.12 19:38:43 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At48.job
[2010.12.12 19:38:42 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At47.job
[2010.12.12 19:38:42 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At46.job
[2010.12.12 19:38:41 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At45.job
[2010.12.12 19:38:41 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At44.job
[2010.12.12 19:38:40 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At43.job
[2010.12.12 19:38:40 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At42.job
[2010.12.12 19:38:38 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At41.job
[2010.12.12 19:38:37 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At40.job
[2010.12.12 19:38:37 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At39.job
[2010.12.12 19:38:36 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At38.job
[2010.12.12 19:38:36 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At36.job
[2010.12.12 19:38:36 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At37.job
[2010.12.12 19:38:35 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At35.job
[2010.12.12 19:38:35 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At34.job
[2010.12.12 19:38:34 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At33.job
[2010.12.12 19:38:33 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At32.job
[2010.12.12 19:38:33 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At31.job
[2010.12.12 19:38:32 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At30.job
[2010.12.12 19:38:32 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At28.job
[2010.12.12 19:38:32 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At29.job
[2010.12.12 19:38:31 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At26.job
[2010.12.12 19:38:31 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At27.job
[2010.12.12 19:38:30 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At24.job
[2010.12.12 19:38:30 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At25.job
[2010.12.12 19:38:29 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At22.job
[2010.12.12 19:38:29 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At23.job
[2010.12.12 19:38:28 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At21.job
[2010.12.12 19:38:27 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At20.job
[2010.12.12 19:38:27 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At18.job
[2010.12.12 19:38:27 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At19.job
[2010.12.12 19:38:26 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At17.job
[2010.12.12 19:38:25 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At16.job
[2010.12.12 19:38:25 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At15.job
[2010.12.12 19:38:24 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At14.job
[2010.12.12 19:38:24 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At13.job
[2010.12.12 19:38:23 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At12.job
[2010.12.12 19:38:22 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At11.job
[2010.12.12 19:38:22 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At10.job
[2010.12.12 19:38:21 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At9.job
[2010.12.12 19:38:20 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At8.job
[2010.12.12 19:38:20 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At7.job
[2010.12.12 19:38:19 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At6.job
[2010.12.12 19:38:19 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At5.job
[2010.12.12 19:38:18 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010.12.12 19:38:18 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010.12.12 19:38:17 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010.12.12 19:38:16 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010.12.02 12:19:30 | 000,014,867 | ---- | C] () -- C:\Users\robert\Documents\Das Ei in der Flasche.docx
[2010.11.28 16:19:01 | 000,002,053 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Server4PC.lnk
[2010.11.28 15:59:39 | 365,977,159 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.11.13 19:41:33 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.11.13 16:17:05 | 000,000,600 | ---- | C] () -- C:\Users\robert\AppData\Roaming\winscp.rnd
[2010.11.11 17:45:29 | 000,005,632 | ---- | C] () -- C:\Users\robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.08 21:12:18 | 000,014,025 | ---- | C] () -- C:\Windows\TWAINCAP.INI
[2010.11.08 21:11:13 | 000,196,096 | ---- | C] () -- C:\Windows\SysWow64\MACD32.DLL
[2010.11.08 21:11:13 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\MASE32.DLL
[2010.11.08 21:11:13 | 000,136,192 | ---- | C] () -- C:\Windows\SysWow64\MAMC32.DLL
[2010.11.08 21:11:13 | 000,057,856 | ---- | C] () -- C:\Windows\SysWow64\MASD32.DLL
[2010.11.08 21:11:13 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\MA32.DLL
[2010.11.08 17:39:19 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.04.14 07:45:20 | 000,154,144 | ---- | C] () -- C:\Windows\SysWow64\RTLCPAPI.dll
[2000.03.29 23:17:42 | 000,005,824 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2010.11.07 23:12:26 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Acronis
[2010.11.07 18:43:50 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\ASCOMP Software
[2010.11.07 18:15:42 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Ashampoo
[2010.11.07 23:29:55 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Avanquest
[2010.11.07 17:53:46 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\bitolithic
[2010.11.07 22:41:19 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Burlov
[2010.12.10 21:02:42 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\CoreFTP
[2010.11.08 00:11:39 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\DAEMON Tools Lite
[2010.12.05 22:16:35 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\DC++
[2010.12.16 18:43:48 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Dropbox
[2010.11.08 18:14:16 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\HandBrake
[2010.11.08 18:36:58 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\ImgBurn
[2010.12.12 18:42:25 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\KeePass
[2010.11.28 20:25:10 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\NewsLeecher
[2010.11.08 23:04:33 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Proxima Software
[2010.12.16 17:18:15 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Simply Super Software
[2010.11.08 19:59:10 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Thinstall
[2010.11.09 21:59:26 | 000,000,000 | ---D | M] -- C:\Users\robert\AppData\Roaming\Windows Live Writer
[2010.12.15 23:55:52 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010.12.16 08:34:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2010.12.15 23:55:52 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2010.12.16 09:34:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2010.12.15 23:55:52 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2010.12.15 23:55:52 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2010.12.16 10:34:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2010.12.15 23:55:52 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2010.12.16 11:34:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2010.12.15 23:55:52 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2010.12.16 12:32:05 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2010.12.15 23:55:52 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010.12.16 06:32:03 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2010.12.16 13:32:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2010.12.16 07:32:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2010.12.16 14:32:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2010.12.16 08:32:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2010.12.16 15:32:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2010.12.16 09:32:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2010.12.16 16:32:06 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2010.12.16 10:32:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2010.12.16 17:32:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2010.12.15 23:55:52 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010.12.16 11:32:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2010.12.16 18:41:35 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2010.12.16 12:32:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2010.12.15 23:55:52 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2010.12.15 23:55:52 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2010.12.15 23:55:52 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2010.12.16 13:32:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2010.12.15 23:55:52 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2010.12.16 14:32:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2010.12.15 23:55:52 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2010.12.15 23:55:52 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2010.12.16 15:32:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2010.12.16 16:32:05 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2010.12.16 17:32:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2010.12.16 18:32:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2010.12.15 23:55:52 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2010.12.15 23:55:52 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2010.12.15 23:55:52 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2010.12.15 23:55:52 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2010.12.15 23:55:52 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2010.12.15 23:55:52 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2010.12.15 23:55:52 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2010.12.16 06:32:11 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2010.12.16 07:34:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2010.12.15 23:55:52 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2009.07.14 06:08:49 | 000,015,750 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

 

Themen zu Malewarebytes hat mehrere Trojaner gefunden
adblock, adobe, autorun, bho, bonjour, dropbox, error, explorer, firefox, format, helper, hängen, internet, jusched.exe, langs, location, logfile, mozilla, notepad.exe, nvidia, oldtimer, plug-in, programdata, realtek, registry, rojaner gefunden, scan, searchplugins, security, senden, server, software, start menu, super, system, syswow64, temp, trojaner, trojaner gefunden, webcheck, win7 64bit, windows


« Internet Explorer startet ungefragt mit Werbung | Vermutlich Trojaner - Account geklaut »


Ähnliche Themen: Malewarebytes hat mehrere Trojaner gefunden


  1. Windows 7: Mehrere Trojaner gefunden
    Log-Analyse und Auswertung - 27.01.2015 (5)
  2. Mehrere Trojaner von Avira gefunden
    Log-Analyse und Auswertung - 10.04.2013 (7)
  3. Mehrere Trojaner gefunden was nun? + wgsdgsdgdsgsd.exe
    Log-Analyse und Auswertung - 29.01.2013 (2)
  4. Mehrere Trojaner durch Malwarebytes Anti Malware gefunden und ein Virus durch Avira gefunden (TR/Gendal.81920.6)
    Log-Analyse und Auswertung - 10.11.2012 (1)
  5. Mehrere Trojaner gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.08.2012 (12)
  6. Bundespolizei Trojaner, Eset und Malewarebytes nicht gefunden
    Log-Analyse und Auswertung - 03.04.2012 (3)
  7. Mehrere Trojaner gefunden von AntiVir
    Log-Analyse und Auswertung - 12.03.2012 (9)
  8. Mehrere Trojaner gefunden
    Log-Analyse und Auswertung - 29.12.2010 (14)
  9. Mehrere Trojaner +koobface gefunden
    Plagegeister aller Art und deren Bekämpfung - 18.11.2010 (38)
  10. Malewarebytes hat mehrere Trojaner und HKeys gefunden
    Plagegeister aller Art und deren Bekämpfung - 26.10.2010 (10)
  11. Trojaner mit Malewarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 12.08.2010 (5)
  12. Firewall deaktiviert. Mehrere Trojaner gefunden.
    Log-Analyse und Auswertung - 11.05.2010 (2)
  13. Mehrere Trojaner gefunden! DWX.exe
    Log-Analyse und Auswertung - 26.04.2010 (12)
  14. Mehrere Trojaner gefunden
    Log-Analyse und Auswertung - 07.04.2010 (18)
  15. Mehrere Trojaner gefunden - Auswertung von hijackthis-log
    Log-Analyse und Auswertung - 22.02.2010 (11)
  16. Malewarebytes hat 4 Trojaner gefunden! Einfach entfernen?
    Plagegeister aller Art und deren Bekämpfung - 12.11.2008 (1)
  17. Mehrere Trojaner gefunden
    Log-Analyse und Auswertung - 14.01.2008 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Malewarebytes hat mehrere Trojaner gefunden - Hallo Mein System Win7 64bit machte einige "Zicken". Nichts gravierendes aber doch auffällig genug um mal Malwarebytes laufen zu lassen. Das Ergebnis war ernüchternd: Mehrere Trojaner. Ich habe dann in - Malewarebytes hat mehrere Trojaner gefunden...
Archiv
Du betrachtest: Malewarebytes hat mehrere Trojaner gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131