Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Habe ein Trojaner und weis nicht mehr weiter... (https://www.trojaner-board.de/90772-habe-trojaner-weis-mehr.html)

Shoker 14.09.2010 15:59
Habe ein Trojaner und weis nicht mehr weiter...
 
Hallo zusammen ihr könnt mir hoffentlich helfen.. ich habe irgendwie ein Virus oder Trojner eingefangen.. und dieses Teil verhindert das ich ins Internet gehen kann.. Ich habe den Kaspersky installiert erfindet zwar die Trojaner aber kan sie nicht löschen.. Ich habe mal die namen aufgeschriben von diesen Trojaner:
Trojan.Win32.Scar.crkt; Datei: C:/Users/****/.COMMgr/complgr.exe

Trojan-Dropper.Win32.FrauDrop.bdi; Datei/Users/****/AppData/Roaming/5EEF.../mediafix70700en02.exe

und einen konnte das Antivirusprogramm löschen das war der:

Trojan-Dropper.Win32.Agent.cyil

Ich hoffe ihr könnt mir helfen..
Vielen Dand im Voraus.
MFG Simon

markusg 14.09.2010 16:05
1.
download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.


2.
ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
poste beide

Shoker 14.09.2010 16:12
das problem ist ich kann keine internetseite öffnen.. die einzige internetseite die geht ist irgendeine von amerika für zum downloaden eines Antivirusprogramm... aber ich möchte das nicht herunterladen..

MFG

markusg 14.09.2010 16:15
ne blos nicht.
versuch mal ob du in den abgesicherten modus mit netzwerk kommst, ist bei pc start die f8-taste. und dann mal malwarebytes versuchen

Shoker 14.09.2010 16:16
ok vielen dank werde es gleich mal ausprobieren...

Shoker 14.09.2010 16:35
ich bin nicht gerade der Computer-Spezialist aber wen ich den PC start passiert nix mit F8, also ich habe einen Windows 7.. Tut mir leid...
MFG

markusg 14.09.2010 16:38
versuch mal obs eine der anderen f-tasten ist, ist halt net bei jedem pc die selbe taste.
wenn nicht, hast du nen usb stick?

Shoker 14.09.2010 16:40
jaa habe ich... ach soo dann lade ich das programm runter und lade ihn über den USB auf den anderen PC.. meinst du soo??

markusg 14.09.2010 16:47
ja genau. versuch erst malwarebytes und dann otl :-)

Shoker 14.09.2010 17:13
Malwarebytes:
Infizierte Dateien:
C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\****\.COMMgr\complmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.


und der OTL kann ich dir in di Inbox schreibe ok??

Shoker 14.09.2010 17:18
...............

markusg 14.09.2010 17:20
nein, die logs hier posten.
warum ist das malwarebytes log nicht vollständig?

Shoker 14.09.2010 17:25
ok also

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.09.2010 17:50:51
mbam-log-2010-09-14 (17-50-51).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 118665
Laufzeit: 3 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
C:\Users\Simon Pfister\.COMMgr\complmgr.exe (Trojan.Agent) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\com+ manager (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Simon Pfister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Simon Pfister\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Simon Pfister\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Simon Pfister\.COMMgr\complmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.


und der OTL:OTL Logfile:
Code:
OTL logfile created on: 14.09.2010 18:04:08 - Run 1
OTL by OldTimer - Version 3.2.12.0    Folder = C:\Users\Simon Pfister\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,64 Gb Total Space | 376,50 Gb Free Space | 83,00% Space Free | Partition Type: NTFS
Drive D: | 12,03 Gb Total Space | 1,70 Gb Free Space | 14,12% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
Drive H: | 1,90 Gb Total Space | 1,33 Gb Free Space | 69,89% Space Free | Partition Type: FAT
I: Drive not present or media not loaded
 
Computer Name: SIMONPFISTER-PC
Current User Name: Simon Pfister
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Simon Pfister\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Simon Pfister\AppData\Roaming\5EEFDC88783796B53924F04D3F4D2CB5\mediafix70700en02.exe ()
PRC - C:\Program Files (x86)\Babylon\Babylon-Pro\Agent\BabylonAgent.exe ()
PRC - C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Simon Pfister\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll (Kaspersky Lab)
MOD - C:\PROGRA~2\KASPER~1\KASPER~1.0\r3hook.dll (Kaspersky Lab)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\ezsvc7.dll File not found
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (VX1000) -- C:\Windows\SysNative\drivers\VX1000.sys (Microsoft Corporation)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symtdiv.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.sys (Symantec Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100719.001\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100809.001\IDSviA64.sys (Symantec Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Compaq | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Compaq | MSN
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN
IE - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010.06.15 18:14:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010.06.14 04:01:45 | 000,000,000 | ---D | M]
 
[2010.07.16 19:57:20 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\mozilla\Extensions
[2010.07.16 19:57:20 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files (x86)\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\..\Toolbar\WebBrowser: (no name) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - No CLSID value found.
O3 - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files (x86)\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Programme\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [WindowsLivePhone] C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2821837280-3185932139-283334984-1000..\Run: [mediafix70700en02.exe] C:\Users\Simon Pfister\AppData\Roaming\5EEFDC88783796B53924F04D3F4D2CB5\mediafix70700en02.exe ()
O4 - HKU\S-1-5-21-2821837280-3185932139-283334984-1000..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2821837280-3185932139-283334984-1000..\Run: [WindowsLivePhone] C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\Simon Pfister\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-2821837280-3185932139-283334984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9:64bit: - Extra Button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 7.0\x64\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1.0\x64\adialhk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1.0\x64\adialhk.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1.0\x64\r3hook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1.0\x64\r3hook.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1.0\r3hook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1.0\r3hook.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1.0\adialhk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1.0\adialhk.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.06 14:26:23 | 000,000,309 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{088ebd82-1db3-11df-8381-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{088ebd82-1db3-11df-8381-806e6f6e6963}\Shell\AutoRun\command - "" = E:\KIS73PLATZ.EXE -- File not found
O33 - MountPoints2\{debc97c9-9e9c-11df-b386-18a9052ed2de}\Shell - "" = AutoRun
O33 - MountPoints2\{debc97c9-9e9c-11df-b386-18a9052ed2de}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007.10.23 09:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.14 18:03:45 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Simon Pfister\Desktop\OTL.exe
[2010.09.14 17:47:17 | 000,000,000 | ---D | C] -- C:\Users\Simon Pfister\AppData\Roaming\Malwarebytes
[2010.09.14 17:47:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.09.14 17:46:58 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.09.14 17:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.14 17:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.09.14 17:45:32 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Simon Pfister\Desktop\mbam-setup.exe
[2010.09.14 15:47:33 | 000,000,000 | ---D | C] -- C:\Users\Simon Pfister\AppData\Local\ElevatedDiagnostics
[2010.09.13 09:23:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2010.09.13 09:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.09.13 09:23:00 | 000,173,336 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010.09.05 16:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010.09.05 15:37:01 | 000,000,000 | ---D | C] -- C:\Users\Simon Pfister\AppData\Local\fdyjecuxg
[2010.09.05 15:36:52 | 000,000,000 | -HSD | C] -- C:\Users\Simon Pfister\.COMMgr
[2010.09.05 15:36:47 | 000,000,000 | ---D | C] -- C:\Users\Simon Pfister\AppData\Local\Windows Server
[2010.09.05 15:36:41 | 000,000,000 | ---D | C] -- C:\Users\Simon Pfister\AppData\Roaming\5EEFDC88783796B53924F04D3F4D2CB5
[2010.09.05 15:24:48 | 000,000,000 | ---D | C] -- C:\Users\Simon Pfister\AppData\Local\Babylon
[2010.09.05 15:24:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\myBabylon_English
[2010.09.05 15:24:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Babylon
[2010.09.05 15:24:21 | 000,000,000 | ---D | C] -- C:\Users\Simon Pfister\AppData\Roaming\Babylon
[2010.09.05 15:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2010.09.05 15:23:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RadioBar
[2010.08.27 10:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nemesys Team Studio
[2010.08.25 11:40:10 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010.08.24 20:02:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam
[2010.08.24 20:02:51 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft LifeCam
[2010.08.24 20:02:46 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010.08.24 20:02:46 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010.08.24 19:57:15 | 000,000,000 | ---D | C] -- C:\Users\Simon Pfister\AppData\Local\WLDM
[2010.08.19 21:49:20 | 000,000,000 | ---D | C] -- C:\Users\Simon Pfister\Documents\Anno 1404
[2010.08.19 20:58:42 | 000,000,000 | ---D | C] -- C:\Users\Simon Pfister\AppData\Roaming\Ubisoft
[2010.08.19 20:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages
[2010.08.19 20:56:43 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2010.08.19 20:56:43 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2010.08.19 20:56:43 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2010.08.19 20:56:43 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2010.08.19 20:56:42 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2010.08.19 20:56:42 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2010.08.19 20:56:42 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2010.08.19 20:56:42 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2010.08.19 20:56:42 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2010.08.19 20:56:42 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2010.08.19 20:56:42 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010.08.19 20:56:42 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010.08.19 20:56:41 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2010.08.19 20:56:41 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2010.08.19 20:56:40 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010.08.19 20:56:40 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010.08.19 20:56:40 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2010.08.19 20:56:40 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010.08.19 20:56:39 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2010.08.19 20:56:39 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010.08.19 18:20:56 | 000,000,000 | ---D | C] -- C:\Users\Simon Pfister\AppData\Roaming\skypePM
[2010.08.19 18:20:16 | 000,000,000 | ---D | C] -- C:\Users\Simon Pfister\AppData\Roaming\Skype
[2010.08.19 18:19:59 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010.08.19 18:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.08.19 18:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[1 C:\Users\Simon Pfister\*.tmp files -> C:\Users\Simon Pfister\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.14 18:06:03 | 001,835,008 | -HS- | M] () -- C:\Users\Simon Pfister\ntuser.dat
[2010.09.14 18:00:40 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.14 18:00:40 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.14 18:00:30 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Simon Pfister\Desktop\OTL.exe
[2010.09.14 17:52:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.14 17:52:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.14 17:51:57 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.14 17:51:22 | 001,140,361 | -H-- | M] () -- C:\Users\Simon Pfister\AppData\Local\IconCache.db
[2010.09.14 17:47:08 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.14 17:38:50 | 000,001,445 | ---- | M] () -- C:\Users\Simon Pfister\Desktop\Internet Explorer (2).lnk
[2010.09.14 17:34:24 | 000,149,773 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010.09.14 17:34:24 | 000,106,765 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010.09.14 17:34:13 | 000,524,288 | -HS- | M] () -- C:\Users\Simon Pfister\ntuser.dat{4249ef51-c015-11df-b40f-001b11bcf1e3}.TMContainer00000000000000000002.regtrans-ms
[2010.09.14 17:34:13 | 000,524,288 | -HS- | M] () -- C:\Users\Simon Pfister\ntuser.dat{4249ef51-c015-11df-b40f-001b11bcf1e3}.TMContainer00000000000000000001.regtrans-ms
[2010.09.14 17:34:13 | 000,065,536 | -HS- | M] () -- C:\Users\Simon Pfister\ntuser.dat{4249ef51-c015-11df-b40f-001b11bcf1e3}.TM.blf
[2010.09.14 17:28:38 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Simon Pfister\Desktop\mbam-setup.exe
[2010.09.13 09:24:37 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.09.13 09:24:37 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.09.13 09:24:37 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.09.13 09:24:37 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.09.13 09:24:37 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.09.13 09:23:00 | 000,173,336 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010.09.05 16:31:42 | 000,000,355 | ---- | M] () -- C:\Users\Simon Pfister\Desktop\Computer.lnk
[2010.09.03 10:57:30 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010.08.27 10:21:02 | 000,001,267 | ---- | M] () -- C:\Users\Public\Desktop\Air Traffic Control.lnk
[2010.08.24 20:03:26 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2010.08.19 20:56:46 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010.08.19 20:56:45 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010.08.19 18:21:52 | 000,000,126 | ---- | M] () -- C:\Users\Simon Pfister\AppData\Roaming\wklnhst.dat
[2010.08.19 18:19:59 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Users\Simon Pfister\*.tmp files -> C:\Users\Simon Pfister\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.14 17:47:08 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.14 17:38:50 | 000,001,445 | ---- | C] () -- C:\Users\Simon Pfister\Desktop\Internet Explorer (2).lnk
[2010.09.14 17:32:44 | 000,524,288 | -HS- | C] () -- C:\Users\Simon Pfister\ntuser.dat{4249ef51-c015-11df-b40f-001b11bcf1e3}.TMContainer00000000000000000002.regtrans-ms
[2010.09.14 17:32:44 | 000,524,288 | -HS- | C] () -- C:\Users\Simon Pfister\ntuser.dat{4249ef51-c015-11df-b40f-001b11bcf1e3}.TMContainer00000000000000000001.regtrans-ms
[2010.09.14 17:32:44 | 000,065,536 | -HS- | C] () -- C:\Users\Simon Pfister\ntuser.dat{4249ef51-c015-11df-b40f-001b11bcf1e3}.TM.blf
[2010.09.13 09:23:38 | 000,149,773 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2010.09.13 09:23:38 | 000,106,765 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2010.09.05 16:31:42 | 000,000,355 | ---- | C] () -- C:\Users\Simon Pfister\Desktop\Computer.lnk
[2010.08.27 10:21:02 | 000,001,267 | ---- | C] () -- C:\Users\Public\Desktop\Air Traffic Control.lnk
[2010.08.24 20:03:26 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2010.08.19 20:56:46 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010.08.19 20:56:45 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010.08.19 18:19:59 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.08.09 18:03:04 | 000,000,126 | ---- | C] () -- C:\Users\Simon Pfister\AppData\Roaming\wklnhst.dat
[2009.09.29 16:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.26 17:24:18 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2009.06.10 21:12:24 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
 
========== LOP Check ==========
 
[2010.09.15 03:26:04 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\5EEFDC88783796B53924F04D3F4D2CB5
[2010.09.05 16:27:58 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\Babylon
[2010.08.15 14:19:05 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\Flight One Software
[2010.06.12 19:57:00 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\GOL_byHasbro
[2010.09.14 17:55:27 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\LimeWire
[2010.08.08 16:18:49 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\Spesoft Audio Converter
[2010.08.09 18:03:06 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\Template
[2010.08.19 20:58:42 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\Ubisoft
[2010.06.12 19:07:55 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\WildTangent
[2010.07.05 21:12:31 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\WinBatch
[2010.06.12 17:15:07 | 000,000,000 | ---D | M] -- C:\Users\Simon Pfister\AppData\Roaming\_MDLogs
[2010.09.03 10:57:30 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2009.07.14 07:08:49 | 000,005,418 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---

markusg 14.09.2010 17:30
na gut dass ichs noch mal sehen wollte, bitte malwarebytes öffnen, registerkarte aktualisierung, programm updaten.
registerkarte scanner, komplett scan, funde entfernen, log posten.


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:36 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131