Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner: flacor.dat - Anleitung ausgeführt + Logfiles

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 21.07.2010, 10:35   #1
sn4p5hot
 
Trojaner: flacor.dat - Anleitung ausgeführt + Logfiles - Standard

Trojaner: flacor.dat - Anleitung ausgeführt + Logfiles



Hallo, Trojaner-Board Team!

Seit gestern bekomme ich über das Avira Antivir Meldungen über einen Virus mit der Endung "flacor.dat". Des Weiteren habe ich Probleme Programme zu öffnen. Mozilla ist sehr langsam und manchmal öffnen sich willenlos irgendwelche Seiten. Jetzt habe ich schon hier in einigen Threads über das selbe Problem gelesen. DA ich jedoch verdammt wenig Plan von der Materie habe eröffne ich einen weiteren Thread. Ich hoffe das ist ok! Wenn nicht, wäre ich auch voll zufrieden damit, wenn ihr mich auf einen entsprechenden Thread verweisen könntet. Jedenfalls habe ich die Anleitung gelesen und die entsprechenden Programme ausgeführt.

a) CCleaner = OK!

b) Malwarebytes-Anti-Maleware = OK

Hier der LogFile

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
w*w.malwarebytes.org

Datenbank Version: 4334

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

21.07.2010 10:55:49
mbam-log-2010-07-21 (10-55-49).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 131019
Laufzeit: 11 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 9

Infizierte Speicherprozesse:
C:\Users\XXXXX\AppData\Local\Temp\Hcq.exe (Trojan.Downloader) -> Failed to unload process.

Infizierte Speichermodule:
C:\Users\XXXXX\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\JDK5SWFMZY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\halo2 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jdk5swfmzy (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getdo (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\XXXXX\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\Users\XXXXX\AppData\Local\Temp\Hcq.exe (Trojan.Downloader) -> Delete on reboot.
C:\Users\XXXXX\AppData\Local\Temp\Hcr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\XXXXX\AppData\Roaming\Adobe\Update\flacor.dat (Trojan.Agent) -> Delete on reboot.
C:\Users\XXXXX\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sisytj32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\XXXXX\AppData\Local\Temp\0.1192180581153871.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
         
c) RSIT - Randoms System Information Pool bzw. OTL - Systemscan konnte ich weder noch ausführen, da die Verlinkungen bei beiden Programmen nicht funktioniert haben !

Des Weiteren habe ich ein LOGfile von HiJackThis (also von Euch ) bevor ich die oben genannten Programme ausgeführt habe und dannach. Ich denke mal der Scan, welcher nach den Programmen durchgeführt wurde, ist hilfreicher:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:23:06, on 21.07.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18470)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
D:\Programme\Mozilla\firefox.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.msi.com.tw
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.msi.com.tw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\java\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Getdo] rundll32.exe "C:\Users\XXXXX\AppData\Roaming\Adobe\Update\flacor.dat""
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE741919-1B50-4988-A409-FD94D6D53569}: NameServer = 217.237.149.205,217.237.151.51
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 7244 bytes
         
Ich bedanke mich schonmal im vorraus recht herzlich!

Falls noch Informationen benötigt werden, beeil ich mich die zu besorgen.

Mit freundlichen Grüßen

Phil

Alt 22.07.2010, 15:18   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: flacor.dat - Anleitung ausgeführt + Logfiles - Standard

Trojaner: flacor.dat - Anleitung ausgeführt + Logfiles



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 23.07.2010, 11:31   #3
sn4p5hot
 
Trojaner: flacor.dat - Anleitung ausgeführt + Logfiles - Standard

Trojaner: flacor.dat - Anleitung ausgeführt + Logfiles



Hallo,

danke für die schnelle Antwort!

MaleWareBytes aktualisiert und hier der Logfile:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
w*w.malwarebytes.org

Datenbank Version: 4340

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

23.07.2010 11:05:14
mbam-log-2010-07-23 (11-05-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 275487
Laufzeit: 1 Stunde(n), 38 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Wenn ich mir das so anschaue siehts ja so aus als hätten die verherigen program

Dannach OTL-SCAN:

Logfile 1

Code:
ATTFilter
OTL logfile created on: 23.07.2010 11:05:41 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\XXXXX\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43.95 Gb Total Space | 6.04 Gb Free Space | 13.75% Space Free | Partition Type: NTFS
Drive D: | 246.33 Gb Total Space | 154.90 Gb Free Space | 62.88% Space Free | Partition Type: NTFS
Drive E: | 5.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: XXXXX-NB
Current User Name: XXXXX
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XXXXX\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - D:\Programme\Mozilla\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)
PRC - C:\Program Files\System Control Manager\MSIService.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Protector Suite QL\upeksvr.exe (UPEK Inc.)
PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\XXXXX\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
MOD - C:\Windows\System32\powrprof.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wtsapi32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (Micro Star SCM) -- C:\Program Files\System Control Manager\MSIService.exe ()
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymIMMP) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (netr28) -- C:\Windows\System32\drivers\netr28.sys (Ralink Technology, Corp.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (RTL8187Se) -- C:\Windows\System32\drivers\RTL8187Se.sys (Realtek Semiconductor Corporation                           )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (PKWCap) -- C:\Windows\System32\drivers\PKWCap.sys (NXP Semiconductors Germany GmbH)
DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech                  )
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (ReallusionVirtualAudio) -- C:\Windows\System32\drivers\RLVrtAuCbl.sys ()
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://w*w.msi.com.tw
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://w*w.msi.com.tw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://w*w.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
 
========== FireFox ==========
 
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: D:\Programme\Mozilla\components [2010.03.22 20:13:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: D:\Programme\Mozilla\plugins [2010.03.22 20:13:42 | 000,000,000 | ---D | M]
 
[2009.05.14 14:36:32 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\mozilla\Extensions
[2010.07.23 09:30:02 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\mozilla\Firefox\Profiles\ye90x9av.default\extensions
[2009.09.04 08:08:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\XXXXX
\AppData\Roaming\mozilla\Firefox\Profiles\ye90x9av.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.28
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.09.09 01:50:45 | 000,410,888 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2008.09.09 01:49:35 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ]
O32 - AutoRun File - [2008.09.09 01:50:43 | 009,193,984 | R--- | M] () - E:\autorun.dat -- [ UDF ]
O32 - AutoRun File - [2008.09.09 01:35:58 | 000,000,136 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{566e3374-e1be-11de-aa7d-00218553d580}\Shell - "" = AutoRun
O33 - MountPoints2\{566e3374-e1be-11de-aa7d-00218553d580}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{566e33a6-e1be-11de-aa7d-00218553d580}\Shell - "" = AutoRun
O33 - MountPoints2\{566e33a6-e1be-11de-aa7d-00218553d580}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{566e33ba-e1be-11de-aa7d-00218553d580}\Shell - "" = AutoRun
O33 - MountPoints2\{566e33ba-e1be-11de-aa7d-00218553d580}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{6c0918ef-43d5-11de-97e0-00218553d580}\Shell - "" = AutoRun
O33 - MountPoints2\{6c0918ef-43d5-11de-97e0-00218553d580}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{711d6121-1270-11df-a80d-00218553d580}\Shell - "" = AutoRun
O33 - MountPoints2\{711d6121-1270-11df-a80d-00218553d580}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{87c7b730-f704-11de-b102-00218553d580}\Shell - "" = AutoRun
O33 - MountPoints2\{87c7b730-f704-11de-b102-00218553d580}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{a1021f51-1d9c-11de-8ba5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a1021f51-1d9c-11de-8ba5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008.09.09 01:50:45 | 000,410,888 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{a6c6eb0d-0424-11df-abe1-00218553d580}\Shell - "" = AutoRun
O33 - MountPoints2\{a6c6eb0d-0424-11df-abe1-00218553d580}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{bc3089e5-3a36-11de-b5a6-00218553d580}\Shell\AutoRun\command - "" = F:\windows\usbv.exe -- File not found
O33 - MountPoints2\{bc3089e5-3a36-11de-b5a6-00218553d580}\Shell\open\command - "" = F:\windows\usbv.exe -- File not found
O33 - MountPoints2\{d58c65a5-fbc3-11de-8447-00218553d580}\Shell - "" = AutoRun
O33 - MountPoints2\{d58c65a5-fbc3-11de-8447-00218553d580}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{d58c65a7-fbc3-11de-8447-00218553d580}\Shell - "" = AutoRun
O33 - MountPoints2\{d58c65a7-fbc3-11de-8447-00218553d580}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{d58c65b3-fbc3-11de-8447-00218553d580}\Shell - "" = AutoRun
O33 - MountPoints2\{d58c65b3-fbc3-11de-8447-00218553d580}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{ee451bed-446d-11de-a5b2-00218553d580}\Shell - "" = AutoRun
O33 - MountPoints2\{ee451bed-446d-11de-a5b2-00218553d580}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.23 11:02:02 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\Desktop\2010_07_23
[2010.07.23 09:36:46 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\Documents\FIFA 09
[2010.07.23 09:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010.07.23 09:16:36 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\XXXXX\Desktop\OTL.exe
[2010.07.22 17:47:07 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Roaming\Leadertech
[2010.07.22 17:19:19 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010.07.22 17:19:18 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010.07.22 17:19:18 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010.07.22 17:19:17 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2010.07.22 17:19:16 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010.07.21 10:39:26 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Roaming\Malwarebytes
[2010.07.21 10:39:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.21 10:39:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.21 10:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.07.21 10:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.21 10:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.07.21 09:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2010.07.19 09:52:53 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\Desktop\2010_07_19
[2010.07.16 09:45:11 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Roaming\gtk-2.0
[2010.07.15 14:51:55 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Roaming\geany
[2010.07.15 12:11:32 | 000,000,000 | ---D | C] -- C:\Program Files\td
[2010.07.15 10:03:29 | 000,306,688 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2010.07.15 10:03:11 | 000,283,648 | ---- | C] (Stirling Technologies, Inc.) -- C:\Windows\uninst.exe
[2010.06.24 03:01:17 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.06.24 03:01:16 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.06.24 03:00:34 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.06.24 03:00:34 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.06.24 03:00:31 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.06.24 03:00:30 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010.06.24 03:00:30 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010.06.24 03:00:13 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.06.24 03:00:13 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.06.24 03:00:13 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.23 11:10:13 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6C517023-773E-470F-A00D-7D1E04776E09}.job
[2010.07.23 11:09:32 | 000,103,966 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.07.23 11:09:32 | 000,103,966 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.07.23 11:09:31 | 004,456,448 | -HS- | M] () -- C:\Users\XXXXX\NTUSER.DAT
[2010.07.23 11:04:08 | 001,445,298 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.23 11:04:08 | 000,628,730 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.23 11:04:08 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.23 11:04:08 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.23 11:04:08 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.23 11:00:02 | 000,000,502 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.07.23 10:38:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.23 10:38:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.23 10:26:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.23 09:17:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\XXXXX\Desktop\OTL.exe
[2010.07.23 08:37:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.22 16:54:29 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.22 16:54:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.22 16:54:13 | 3052,527,616 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.22 16:53:03 | 000,524,288 | -HS- | M] () -- C:\Users\XXXXX\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.07.22 16:53:03 | 000,065,536 | -HS- | M] () -- C:\Users\XXXXX\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.07.22 15:48:24 | 000,002,655 | ---- | M] () -- C:\Users\XXXXX\Desktop\HiJackThis.lnk
[2010.07.22 10:31:52 | 000,055,808 | ---- | M] () -- C:\Users\XXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.21 10:39:16 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.21 10:31:04 | 000,000,206 | ---- | M] () -- C:\Users\XXXXX\Documents\cc_20100721_103101.reg
[2010.07.21 10:30:43 | 000,000,206 | ---- | M] () -- C:\Users\XXXXX\Documents\cc_20100721_103038.reg
[2010.07.21 10:30:15 | 000,000,206 | ---- | M] () -- C:\Users\XXXXX\Documents\cc_20100721_103010.reg
[2010.07.21 10:29:34 | 000,000,206 | ---- | M] () -- C:\Users\XXXXX\Documents\cc_20100721_102928.reg
[2010.07.21 10:29:06 | 000,011,326 | ---- | M] () -- C:\Users\XXXXX\Documents\cc_20100721_102833.reg
[2010.07.21 10:19:16 | 000,000,814 | ---- | M] () -- C:\Users\XXXXX\Desktop\CCleaner.lnk
[2010.07.16 12:55:43 | 000,001,685 | ---- | M] () -- C:\Users\XXXXX\.recently-used.xbel
[2010.07.15 14:51:49 | 000,000,733 | ---- | M] () -- C:\Users\Public\Desktop\Geany.lnk
[2010.07.15 09:01:48 | 000,000,094 | ---- | M] () -- C:\Windows\wininit.ini
[2010.07.13 16:34:05 | 000,000,680 | ---- | M] () -- C:\Users\XXXXX\AppData\Local\d3d9caps.dat
[2010.06.30 15:53:54 | 000,000,389 | ---- | M] () -- C:\Users\XXXXX\Desktop\Airline Tycoon.LNK
[2010.06.23 16:42:03 | 000,073,403 | ---- | M] () -- C:\Users\XXXXX\Desktop\Introduce Yourself.docx
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.22 16:54:13 | 3052,527,616 | -HS- | C] () -- C:\hiberfil.sys
[2010.07.21 10:39:16 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.21 10:31:03 | 000,000,206 | ---- | C] () -- C:\Users\XXXXX\Documents\cc_20100721_103101.reg
[2010.07.21 10:30:41 | 000,000,206 | ---- | C] () -- C:\Users\XXXXX\Documents\cc_20100721_103038.reg
[2010.07.21 10:30:13 | 000,000,206 | ---- | C] () -- C:\Users\XXXXX\Documents\cc_20100721_103010.reg
[2010.07.21 10:29:32 | 000,000,206 | ---- | C] () -- C:\Users\XXXXX\Documents\cc_20100721_102928.reg
[2010.07.21 10:28:51 | 000,011,326 | ---- | C] () -- C:\Users\XXXXX\Documents\cc_20100721_102833.reg
[2010.07.21 10:19:16 | 000,000,814 | ---- | C] () -- C:\Users\XXXXX\Desktop\CCleaner.lnk
[2010.07.21 09:48:57 | 000,002,655 | ---- | C] () -- C:\Users\XXXXX\Desktop\HiJackThis.lnk
[2010.07.16 12:55:43 | 000,001,685 | ---- | C] () -- C:\Users\XXXXX\.recently-used.xbel
[2010.07.15 14:51:49 | 000,000,733 | ---- | C] () -- C:\Users\Public\Desktop\Geany.lnk
[2010.06.30 16:28:48 | 000,000,094 | ---- | C] () -- C:\Windows\wininit.ini
[2010.06.30 15:53:54 | 000,000,389 | ---- | C] () -- C:\Users\XXXXX\Desktop\Airline Tycoon.LNK
[2010.06.23 16:42:02 | 000,073,403 | ---- | C] () -- C:\Users\XXXXX\Desktop\Introduce Yourself.docx
[2010.06.20 14:01:21 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2009.07.28 11:07:02 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.03.30 16:32:05 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009.03.30 16:32:04 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.03.30 15:09:26 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\RLVrtAuCbl.sys
[2008.10.21 03:14:02 | 001,748,352 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.10.21 03:14:02 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008.10.21 00:54:11 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008.10.20 22:18:53 | 000,001,438 | ---- | C] () -- C:\Windows\TVAfaDrv.ini
[2008.10.20 22:14:02 | 000,001,477 | ---- | C] () -- C:\Windows\TVNXPDrv.ini
[2008.10.20 22:13:47 | 000,003,072 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2007.12.22 01:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.07.23 06:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
< End of report >
         
Logfile 2

Code:
ATTFilter
OTL Extras logfile created on: 23.07.2010 11:05:41 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\XXXXX\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43.95 Gb Total Space | 6.04 Gb Free Space | 13.75% Space Free | Partition Type: NTFS
Drive D: | 246.33 Gb Total Space | 154.90 Gb Free Space | 62.88% Space Free | Partition Type: NTFS
Drive E: | 5.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: XXXXX-NB
Current User Name: XXXXX
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- "D:\Programme\Dreamweaver 8\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\vlc\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "D:\Programme\vlc\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01070D7E-0C80-454D-83DA-5CBF1CE28077}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{07558A22-253E-40A2-A7FD-0D9E98C6DC5B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{0E87EA9A-F006-4DC9-853F-E77BDF8C42D4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{28399E39-C739-40A8-ABF3-86055A4B5007}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{37AEB345-A0F5-43CB-A205-56D78BA11A7D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{43C5E419-51CD-495E-BDB7-C03FC20AA78E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{48759827-220B-4FFC-AF71-7C2049C0D90C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{63DB24AA-909B-4D89-A18E-B13C8654F506}" = lport=139 | protocol=6 | dir=in | app=system | 
"{774C73BB-FC68-41EE-B194-164BE52F9B4E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{80009471-AC1F-4A8F-A665-D51196FEF450}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{86C6E683-7147-49D1-80D1-B680D109223E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8A8E75F6-C9C2-4436-ABF4-6BC8F8266D88}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{94993005-3A88-4157-A773-5E4F37C652A4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{95501C38-237E-42DF-8FB1-700E2DC35DD1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9C4D05A7-5A04-4D01-9DF4-F7AC7CFF9C44}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9E72B24F-DF27-4A90-BA8B-E6A1F08E55AF}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CD30A910-DA09-4323-A56A-078310D0A774}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D4C9063C-2853-480E-977F-E3A74390F041}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FAED2814-4BEA-4BB0-8192-424A70F5B9A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BF34810-9AC2-44D9-9E9A-AA0219B314F7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1450F4E6-EF5E-418F-85CF-18187CDA51C5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{191D3A57-E2DE-4691-9E6E-B9A573AFF35C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{34232EDC-FA39-45C7-8E9A-59FAE296A154}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9FFF68F5-FED7-4797-88D7-EDC517C062DA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AD3CAE7D-CE58-4F74-BB63-EDC4DEDC6F9C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B46C77F7-A1DE-425D-A761-4809DDCDB3C4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{C6D7382B-FBEA-4B51-90CD-EE18CD296055}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{C9038BD8-E469-407C-A33F-257F4147E931}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DD44B038-0E04-4CDA-AD5A-B44C0689CCEB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB 2.0 Camera
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44025BD7-AD10-4769-99AE-6378FD0303D6}" = Macromedia Dreamweaver 8
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91175441-4E5D-4e13-B116-828FD352CDB2}" = Canon MP170
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F68A7F48-9F26-4FB1-A7C2-DF3C0F2D849C}" = Crazy Taxi
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass  (04/29/2008 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Airline Tycoon" = Airline Tycoon
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 1928] [2008-04-10]
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FreePDF_XP" = FreePDF XP (Remove only)
"Geany" = Geany 0.19
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"InterActual Player" = InterActual Player
"JOA_is1" = Jewels of Atlantis
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MP Navigator 2.0" = Canon MP Navigator 2.0
"NVIDIA Drivers" = NVIDIA Drivers
"PDFTK Builder_is1" = PDFTK Builder 3.5.3
"Picasa 3" = Picasa 3
"PKR" = PKR
"RealPlayer 12.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SMSERIAL" = Motorola SM56 Data Fax Modem
"ST6UNST #1" = GEPath 1.4.4a
"TVAfaDrv" = MSI DVB-T USB BDA Driver
"TVNXPDrv" = MSI TV Tuner Card BDA Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.9
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.07.2010 10:51:06 | Computer Name = XXXXX-NB | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.07.2010 10:51:09 | Computer Name = XXXXX-NB | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 20.07.2010 10:51:21 | Computer Name = XXXXX-NB | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 20.07.2010 10:51:21 | Computer Name = XXXXX-NB | Source = Windows Search Service | ID = 3026
Description = 
 
Error - 20.07.2010 10:52:17 | Computer Name = XXXXX-NB | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 20.07.2010 10:53:02 | Computer Name = XXXXX-NB | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 20.07.2010 10:53:34 | Computer Name = XXXXX-NB | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 20.07.2010 10:53:36 | Computer Name = XXXXX-NB | Source = VSS | ID = 8194
Description = 
 
Error - 20.07.2010 10:53:38 | Computer Name = XXXXX-NB | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 20.07.2010 10:53:39 | Computer Name = XXXXX-NB | Source = SPP | ID = 16387
Description = 
 
[ OSession Events ]
Error - 15.03.2010 09:18:47 | Computer Name = XXXXX-NB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14751
 seconds with 7020 seconds of active time.  This session ended with a crash.
 
Error - 22.04.2010 10:50:11 | Computer Name = XXXXX-NB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 1400 seconds with 300 seconds of active time.  This session ended with a 
crash.
 
Error - 21.07.2010 04:02:59 | Computer Name = XXXXX-NB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 23.07.2010 03:19:43 | Computer Name = XXXXX-NB | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 23.07.2010 03:19:43 | Computer Name = XXXXX-NB | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 23.07.2010 03:35:38 | Computer Name = XXXXX-NB | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 23.07.2010 03:35:38 | Computer Name = XXXXX-NB | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 23.07.2010 03:37:00 | Computer Name = XXXXX-NB | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 23.07.2010 03:37:00 | Computer Name = XXXXX-NB | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 23.07.2010 04:32:50 | Computer Name = XXXXX-NB | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 23.07.2010 04:32:50 | Computer Name = XXXXX-NB | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 23.07.2010 05:03:52 | Computer Name = XXXXX-NB | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 23.07.2010 05:03:52 | Computer Name = XXXXX-NB | Source = Service Control Manager | ID = 7034
Description = 
 
[ TuneUp Events ]
Error - 21.07.2010 04:39:24 | Computer Name = XXXXX-NB | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-21 10:39:24', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','5608',0)
 
Error - 21.07.2010 04:42:46 | Computer Name = XXXXX-NB | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-21 10:42:46', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','2144',0)
 
Error - 21.07.2010 05:04:47 | Computer Name = XXXXX-NB | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-21 11:04:47', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','4024',0)
 
Error - 22.07.2010 09:48:10 | Computer Name = XXXXX-NB | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-22 15:48:10', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','124',0)
 
 
< End of report >
         
Grüße Phil
__________________

Alt 23.07.2010, 17:04   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: flacor.dat - Anleitung ausgeführt + Logfiles - Standard

Trojaner: flacor.dat - Anleitung ausgeführt + Logfiles



Sieht unauffällig aus, von flacor ist auch nichts zu sehen.
Noch Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.07.2010, 07:57   #5
sn4p5hot
 
Trojaner: flacor.dat - Anleitung ausgeführt + Logfiles - Standard

Trojaner: flacor.dat - Anleitung ausgeführt + Logfiles



Guten Morgen,

also bis jetzt geht alles ohne Probleme! Scheint so als hätten die Cleaner Programme ihre Arbeit mehr als getan!

Danke nochmal für die Programme, Anleitung sowie auch persönliche Betreuung... echt cool das ihr so eine selbsterklärende und wirklich hilfreiche Plattform geschaffen habt! Auch für so IT-nubs wie mich wahrschienlich! Respekt und Vielen Dank! Werd euch weiterempfehlen!!

freundliche Grüße

phil


Antwort

Themen zu Trojaner: flacor.dat - Anleitung ausgeführt + Logfiles
.dll, adobe, antivir, antivir guard, avg, avira, bho, browser, defender, desktop, explorer, failed, hijack, hijackthis, langsam, local\temp, logfile, mozilla, plug-in, rundll, sehr langsam, senden, skype.exe, software, start menu, system, temp, trojaner, trojaner-board, verlinkungen, verweise, virus, vista



Ähnliche Themen: Trojaner: flacor.dat - Anleitung ausgeführt + Logfiles


  1. Windows 7, Advanced System Protector hat sich selbst installiert, LogFiles nach Anleitung erstellt
    Log-Analyse und Auswertung - 29.11.2013 (13)
  2. babylon, tarma, snapdo, iminent, lyricscontainer alles auf einmal; habe mehrere tools ausgeführt; bitte logfiles auswerten
    Log-Analyse und Auswertung - 11.08.2013 (11)
  3. Anleitung: Posten eines Logfiles in Code-Tags
    Anleitungen, FAQs & Links - 26.06.2013 (0)
  4. wssetup.exe ausgeführt trojaner?
    Plagegeister aller Art und deren Bekämpfung - 09.06.2013 (11)
  5. GVU Trojaner via Kaspersky Resuce Disk und Windowsunlocker entfernt/ LOGFILES nach eurer Anleitung
    Log-Analyse und Auswertung - 07.06.2013 (16)
  6. GVU-Trojaner - OTL ausgeführt
    Log-Analyse und Auswertung - 07.11.2012 (10)
  7. Bundestrojaner evtl . noch vorhanden, ComboFix + Malwarebytes ausgeführt, Logfiles vorhanden
    Log-Analyse und Auswertung - 27.07.2012 (5)
  8. Fragen zur Anleitung für die logfiles
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (1)
  9. Bundespolizei Trojaner; OTL ausgeführt.
    Log-Analyse und Auswertung - 22.11.2011 (11)
  10. Trojaner flacor.dat in Adobe updater, ist er neutralisiert?
    Plagegeister aller Art und deren Bekämpfung - 19.12.2010 (14)
  11. flacor.dat (Backdoor- Trojaner) Log- Dateien
    Plagegeister aller Art und deren Bekämpfung - 10.10.2010 (0)
  12. Trojaner/Adware - flacor.dat/eBayShortcuts.exe (Adware.ADON)
    Plagegeister aller Art und deren Bekämpfung - 05.10.2010 (5)
  13. Check der logfiles nach flacor.dat
    Plagegeister aller Art und deren Bekämpfung - 07.09.2010 (5)
  14. flacor.dat Problem Trojaner?
    Log-Analyse und Auswertung - 05.08.2010 (8)
  15. Datenrettung bei flacor
    Log-Analyse und Auswertung - 05.08.2010 (3)
  16. flacor.dat - bin ich ihn los?
    Plagegeister aller Art und deren Bekämpfung - 23.07.2010 (4)
  17. BKA-Trojaner unter Mac OS X ausgeführt - was tun?
    Plagegeister aller Art und deren Bekämpfung - 11.02.2007 (1)

Zum Thema Trojaner: flacor.dat - Anleitung ausgeführt + Logfiles - Hallo, Trojaner-Board Team! Seit gestern bekomme ich über das Avira Antivir Meldungen über einen Virus mit der Endung "flacor.dat". Des Weiteren habe ich Probleme Programme zu öffnen. Mozilla ist sehr - Trojaner: flacor.dat - Anleitung ausgeführt + Logfiles...
Archiv
Du betrachtest: Trojaner: flacor.dat - Anleitung ausgeführt + Logfiles auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.