Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/kazy.mekml.1 spätfolgen entfernen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.04.2011, 17:39   #1
cdgJosh
 
TR/kazy.mekml.1 spätfolgen entfernen - Standard

TR/kazy.mekml.1 spätfolgen entfernen



Hallo,
gestern meldete mein Avira AntiVir den Trojaner TR/kazy.mekml.1 . Später zeigte er sich mir mit allen Syntomen (Fake Meldungen in schlechtem, wahrscheinlich maschinell übersetztem Deutsch, usw.). Laut Avira wurde dieser erfolgreich in Quarantäne verschoben. Doch als keine Ruhe einkehrte lud ich mir auf einem sauberen System, die aktuelle Avira Live CD und ließ den Scan laufen. Er entfernte 10 Viren. Beim Starten des Systems war tatsächlich Ruhe. Allerdingst ergab ein Scan mit Malewarebytes' Anti Maleware 7 Treffer. Hier mal die Logs:

OTL
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.04.2011 03:33:01 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Joshua\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 18,00% Memory free
4,00 Gb Paging File | 1,00 Gb Available in Paging File | 34,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254,14 Gb Total Space | 17,66 Gb Free Space | 6,95% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 23,44 Gb Free Space | 80,83% Space Free | Partition Type: NTFS
Drive F: | 223,42 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: JOSHPC | User Name: Joshua | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.22 03:19:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Joshua\Downloads\OTL.exe
PRC - [2011.03.18 19:56:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.03.16 16:00:17 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.03.09 16:25:17 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.01.27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.11.02 15:33:24 | 000,135,336 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.02 15:33:19 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.03.05 00:52:02 | 001,318,912 | ---- | M] (Don HO don.h@free.fr) -- C:\Program Files (x86)\Notepad++\notepad++.exe
PRC - [2009.12.23 19:39:04 | 000,013,336 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.12.23 19:39:02 | 000,284,696 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.12.09 10:48:26 | 002,320,920 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.12.09 10:48:24 | 000,268,824 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.11.25 15:24:14 | 004,009,592 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2009.08.27 18:09:10 | 001,253,376 | -H-- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2008.10.15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
PRC - [2008.01.16 11:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.05.28 18:57:54 | 000,275,968 | -H-- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.22 03:19:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Joshua\Downloads\OTL.exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420f e3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.10.09 13:42:51 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009.09.22 20:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV:64bit: - [2009.08.14 16:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV:64bit: - [2007.11.08 01:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2011.04.17 15:49:25 | 000,403,240 | -H-- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.03.16 16:00:17 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.09 16:25:17 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.03.01 18:29:58 | 000,130,976 | -H-- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011.01.27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.11.02 15:33:24 | 000,135,336 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.09 13:42:45 | 000,655,624 | -H-- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.23 19:39:04 | 000,013,336 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.12.09 10:48:26 | 002,320,920 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.12.09 10:48:24 | 000,268,824 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.08.27 18:09:10 | 001,253,376 | -H-- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.08.11 18:59:38 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.07.14 16:27:26 | 000,038,152 | -H-- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\SysWow64\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
SRV - [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\IgrsSvcs.exe -- (PS_MDP)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2008.08.07 12:10:02 | 003,276,800 | -H-- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.01.16 11:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.05.28 18:57:54 | 000,275,968 | -H-- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.02.18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.02.17 18:21:12 | 000,156,080 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.01.12 11:42:16 | 000,016,376 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TVMonitor.sys -- (MonitorFunction)
DRV:64bit: - [2010.11.30 20:37:58 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.11.22 16:50:57 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.11.12 01:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.10.15 16:23:41 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010.07.09 13:19:02 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010.06.23 04:47:58 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010.03.30 23:35:04 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.02.26 14:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.s ys -- (UsbserFilt)
DRV:64bit: - [2010.02.26 14:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sy s -- (upperdev)
DRV:64bit: - [2010.02.26 14:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010.02.26 14:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2010.02.26 14:21:22 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.12.18 00:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009.12.17 12:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.12.11 10:25:06 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.12.01 15:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009.11.24 08:21:26 | 000,708,608 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.11.05 21:21:56 | 002,838,008 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.10.26 21:27:28 | 000,197,504 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMIksdrv.sys -- (usbsmi)
DRV:64bit: - [2009.10.19 02:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.08.21 02:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.08.20 18:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.07.21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.16 13:55:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror)
DRV:64bit: - [2009.07.16 05:38:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.07.01 06:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.07.01 06:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.01 06:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.01 06:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.06.22 19:38:32 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.06.22 19:26:38 | 000,113,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.07 09:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.08.06 14:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\windows\SysWOW64\speedfan.sys -- (speedfan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsof0.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsof0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={s earchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.67.0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FE F-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.10.26 03:30:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.22 20:29:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.22 20:29:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.22 20:29:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.22 20:29:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB 7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.10.26 03:30:13 | 000,000,000 | ---D | M]
 
[2011.03.18 23:26:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joshua\AppData\Roaming\mozilla\Extensions
[2011.03.18 23:26:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joshua\AppData\Roaming\mozilla\Extensions \contact@callgraph.in
[2011.04.16 16:08:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joshua\AppData\Roaming\mozilla\Firefox\Pr ofiles\hri0ghik.default\extensions
[2011.03.22 20:32:26 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Joshua\AppData\Roaming\mozilla\Firefox\Pr ofiles\hri0ghik.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2010.10.23 01:21:22 | 000,000,000 | ---D | M] (CSS Validator) -- C:\Users\Joshua\AppData\Roaming\mozilla\Firefox\Pr ofiles\hri0ghik.default\extensions\{AB7308B2-C13C-4eba-AC78-2AD55B96EE09}
[2011.03.09 16:08:53 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Joshua\AppData\Roaming\mozilla\Firefox\Pr ofiles\hri0ghik.default\extensions\battlefieldhero espatcher@ea.com
[2010.06.08 11:29:10 | 000,000,927 | ---- | M] () -- C:\Users\Joshua\AppData\Roaming\Mozilla\Firefox\Pr ofiles\hri0ghik.default\searchplugins\conduit.xml
[2011.03.22 20:29:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.05.21 16:52:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.09 13:57:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.19 13:41:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.26 13:35:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.05 13:47:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\JOSHUA\APPDATA\ROAMING\MOZILLA\FIREFOX\PR OFILES\HRI0GHIK.DEFAULT\EXTENSIONS\PERSONAS@CHRIST OPHER.BEARD.XPI
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.09 14:05:33 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsof0.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsof0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_17_Download-Version\TrayServer.exe (MAGIX AG)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableTaskMgr = 1
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Joshua\AppData\Roaming\DVDVideoSoftIEHelp ers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Joshua\AppData\Roaming\DVDVideoSoftIEHelp ers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Joshua\AppData\Roaming\DVDVideoSoftIEHelp ers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Joshua\AppData\Roaming\DVDVideoSoftIEHelp ers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{262b5ff9-2c74-11e0-9af1-080027009895}\Shell - "" = AutoRun
O33 - MountPoints2\{262b5ff9-2c74-11e0-9af1-080027009895}\Shell\AutoRun\command - "" = E:\alliance.exe
O33 - MountPoints2\{262b6000-2c74-11e0-9af1-080027009895}\Shell - "" = AutoRun
O33 - MountPoints2\{262b6000-2c74-11e0-9af1-080027009895}\Shell\AutoRun\command - "" = H:\alliance.exe
O33 - MountPoints2\{413344f3-966e-11df-9abd-cd88bd6c2888}\Shell - "" = AutoRun
O33 - MountPoints2\{413344f3-966e-11df-9abd-cd88bd6c2888}\Shell\AutoRun\command - "" = H:\CitiesXL2011.exe
O33 - MountPoints2\{a3a514b2-fcb1-11df-9a87-080027009895}\Shell - "" = AutoRun
O33 - MountPoints2\{a3a514b2-fcb1-11df-9a87-080027009895}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{a3a514b2-fcb1-11df-9a87-080027009895}\Shell\dinstall\command - "" = G:\Setup\Directx\dxsetup.exe
O33 - MountPoints2\{c813570f-65a5-11df-9697-002682598403}\Shell - "" = AutoRun
O33 - MountPoints2\{c813570f-65a5-11df-9697-002682598403}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c813571e-65a5-11df-9697-002682598403}\Shell - "" = AutoRun
O33 - MountPoints2\{c813571e-65a5-11df-9697-002682598403}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{dad6fc97-901a-11df-be17-cb5399f42f8b}\Shell - "" = AutoRun
O33 - MountPoints2\{dad6fc97-901a-11df-be17-cb5399f42f8b}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f8085165-77a5-11df-9b9b-d4b7268c3986}\Shell - "" = AutoRun
O33 - MountPoints2\{f8085165-77a5-11df-9b9b-d4b7268c3986}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk /K *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.22 03:24:15 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\Malwarebytes
[2011.04.22 03:24:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2011.04.22 03:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.22 03:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.22 03:24:00 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011.04.22 03:23:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.04.22 03:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.04.22 03:17:31 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.04.22 03:17:30 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.04.22 03:14:36 | 000,000,000 | ---D | C] -- C:\windows\LastGood
[2011.04.22 03:13:49 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.04.22 03:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011.04.22 03:13:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.04.21 19:55:23 | 000,569,344 | ---- | C] (WinTrust) -- C:\ProgramData\uvEWQXCeAJwf.exe
[2011.04.21 04:05:15 | 000,000,000 | ---D | C] -- C:\Users\Joshua\Documents\MCEdit-schematics
[2011.04.21 04:05:05 | 000,000,000 | -H-D | C] -- C:\Users\Joshua\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\MCEdit-64bit
[2011.04.21 04:05:05 | 000,000,000 | ---D | C] -- C:\Programme\schematics
[2011.04.21 04:05:05 | 000,000,000 | ---D | C] -- C:\Programme\doc
[2011.04.21 04:05:04 | 000,000,000 | ---D | C] -- C:\Programme\MCEditData
[2011.04.20 18:14:21 | 000,000,000 | -H-D | C] -- C:\Users\Joshua\AppData\Local\Eclipse
[2011.04.20 18:13:57 | 000,000,000 | ---D | C] -- C:\Users\Joshua\workspace
[2011.04.20 17:36:16 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\yWorks
[2011.04.20 15:13:02 | 000,000,000 | ---D | C] -- C:\Users\Joshua\bluej
[2011.04.20 15:00:06 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2011.04.20 14:55:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueJ
[2011.04.20 14:55:36 | 000,000,000 | ---D | C] -- C:\BlueJ
[2011.04.19 19:57:55 | 000,000,000 | ---D | C] -- C:\Users\Joshua\Documents\Vegas Movie Studio PE 9.0 Projekte
[2011.04.19 19:43:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2011.04.19 19:43:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vstplugins
[2011.04.19 19:43:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2011.04.19 19:41:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Setup
[2011.04.19 19:27:30 | 000,000,000 | -H-D | C] -- C:\Users\Joshua\AppData\Local\{FF965D7D-5032-4E99-A507-20B4087B20BF}
[2011.04.19 02:31:51 | 000,000,000 | ---D | C] -- C:\Users\Joshua\Documents\Pinnacle VideoSpin
[2011.04.19 02:29:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle VideoSpin
[2011.04.19 02:29:13 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\Yahoo!
[2011.04.19 02:29:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle
[2011.04.19 02:29:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pinnacle
[2011.04.19 02:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle VideoSpin
[2011.04.19 02:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2011.04.19 02:26:51 | 000,000,000 | -H-D | C] -- C:\Users\Joshua\AppData\Local\Downloaded Installations
[2011.04.19 02:24:03 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\avidemux
[2011.04.19 02:23:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avidemux 2.5
[2011.04.19 02:15:56 | 000,000,000 | ---D | C] -- C:\Users\Joshua\Documents\MAGIX
[2011.04.19 02:11:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2011.04.19 01:45:04 | 000,000,000 | -H-D | C] -- C:\Users\Joshua\AppData\Local\{42E3F665-46E9-4AEF-8A63-65DBAB9CABAE}
[2011.04.19 01:33:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks
[2011.04.19 01:33:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Lightworks
[2011.04.19 01:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lightworks
[2011.04.19 01:31:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Matrox VFW Software Codecs
[2011.04.19 01:31:36 | 000,000,000 | ---D | C] -- C:\Programme\Matrox VFW Software Codecs
[2011.04.17 01:22:48 | 000,000,000 | ---D | C] -- C:\Users\Joshua\Documents\CDGVIDS
[2011.04.17 01:10:30 | 000,000,000 | -H-D | C] -- C:\Users\Joshua\AppData\Local\{9972F22D-39B6-4106-ACA2-EA400CAC0174}
[2011.04.11 18:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Futuremark
[2011.04.11 18:06:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
[2011.04.11 18:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2011.04.07 17:12:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
[2011.04.07 17:12:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\audiograbber
[2011.04.07 17:12:25 | 000,000,000 | ---D | C] -- C:\windows\uninstall
[2011.04.06 10:41:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC
[2011.04.06 10:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealVNC
[2011.03.26 16:42:54 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\DVDVideoSoft
[2011.03.24 16:04:04 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\.minecraft
[2011.03.24 16:03:39 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Joshua\Desktop\minecraft.exe
[2011.03.23 08:09:04 | 000,000,000 | ---D | C] -- C:\Users\Joshua\AppData\Roaming\PapDesigner
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.22 03:34:04 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.22 03:24:07 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.22 03:18:34 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.22 03:10:58 | 001,933,572 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011.04.22 03:10:58 | 000,810,544 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2011.04.22 03:10:58 | 000,765,822 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011.04.22 03:10:58 | 000,191,712 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2011.04.22 03:10:58 | 000,164,658 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011.04.22 01:57:04 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 01:57:04 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 01:49:37 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.22 01:48:38 | 003,163,280 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011.04.22 01:48:08 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011.04.22 01:47:24 | 1553,084,416 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.21 19:55:23 | 000,569,344 | ---- | M] (WinTrust) -- C:\ProgramData\uvEWQXCeAJwf.exe
[2011.04.21 04:12:20 | 000,001,593 | ---- | M] () -- C:\Users\Joshua\Documents\mcedit.ini
[2011.04.21 04:05:05 | 000,060,447 | ---- | M] () -- C:\Program Files\mcedit-uninstall.exe
[2011.04.21 04:05:05 | 000,001,604 | ---- | M] () -- C:\Program Files\MCEdit-64bit.lnk
[2011.04.19 23:14:52 | 139,189,543 | ---- | M] () -- C:\Users\Joshua\Desktop\Portalcraft.wmv
[2011.04.19 22:28:35 | 026,808,604 | ---- | M] () -- C:\Users\Joshua\Desktop\Portal - Victims of Science - The Device Has Been Modified.wav
[2011.04.19 22:24:21 | 000,001,780 | ---- | M] () -- C:\Users\Joshua\Desktop\PeerBlock.lnk
[2011.04.19 21:05:34 | 000,050,799 | ---- | M] () -- C:\Users\Joshua\Desktop\portal.jpg
[2011.04.19 21:01:30 | 000,634,444 | ---- | M] () -- C:\Users\Joshua\Desktop\Portal_2_Logo.jpg
[2011.04.19 03:26:04 | 114,516,126 | ---- | M] () -- C:\Users\Joshua\Desktop\Portalcraftv1.wmv
[2011.04.19 03:12:26 | 000,084,760 | ---- | M] () -- C:\Users\Joshua\Desktop\repeat.wav
[2011.04.19 02:57:10 | 000,130,496 | ---- | M] () -- C:\Users\Joshua\Desktop\portalgunsound.wav
[2011.04.19 02:51:19 | 000,000,088 | ---- | M] () -- C:\ProgramData\profile.xml
[2011.04.19 02:31:13 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011.04.19 02:02:48 | 000,001,069 | ---- | M] () -- C:\windows\lightworks.ini
[2011.04.19 01:56:20 | 114,452,126 | ---- | M] () -- C:\Users\Joshua\Desktop\pc.wmv
[2011.04.18 04:22:29 | 000,001,571 | ---- | M] () -- C:\Users\Joshua\Desktop\portalbuildproj.inv
[2011.04.17 23:49:57 | 000,041,722 | ---- | M] () -- C:\Users\Joshua\Desktop\müll.png
[2011.04.17 07:31:44 | 000,011,804 | ---- | M] () -- C:\Program Files\README.html
[2011.04.17 03:15:15 | 120,508,110 | ---- | M] () -- C:\Users\Joshua\Desktop\Mob Trap.wmv
[2011.04.17 01:51:10 | 103,932,062 | ---- | M] () -- C:\Users\Joshua\Desktop\Josh's suicide.wmv
[2011.04.17 01:21:55 | 025,142,925 | ---- | M] () -- C:\Users\Joshua\Desktop\Slimefight.wmv
[2011.04.11 19:55:45 | 017,997,252 | ---- | M] () -- C:\Users\Joshua\Desktop\texture_pack_128x128_by_de dmen.zip
[2011.04.11 19:53:34 | 056,530,520 | ---- | M] () -- C:\Users\Joshua\AppData\Roaming\.minecraft.7z
[2011.04.11 18:47:00 | 000,311,245 | ---- | M] () -- C:\Users\Joshua\Desktop\result1.3dr
[2011.04.08 23:09:15 | 002,589,739 | ---- | M] () -- C:\Users\Joshua\Desktop\bin.7z
[2011.04.07 21:23:13 | 000,002,804 | ---- | M] () -- C:\Users\Joshua\Documents\MY_AUDIO_040711_2.p2g
[2011.04.07 21:03:11 | 000,002,804 | ---- | M] () -- C:\Users\Joshua\Documents\MY_AUDIO_040711_1.p2g
[2011.04.07 19:54:36 | 000,000,034 | ---- | M] () -- C:\windows\cdplayer.ini
[2011.04.06 17:54:48 | 000,012,498 | ---- | M] () -- C:\Users\Joshua\Desktop\sitemanager.xml
[2011.04.06 10:45:56 | 000,001,034 | ---- | M] () -- C:\Users\Joshua\Desktop\VNC Viewer 4.lnk
[2011.04.03 01:04:04 | 034,841,014 | ---- | M] () -- C:\Users\Joshua\Desktop\MServer.zip
[2011.04.01 17:55:59 | 059,528,759 | ---- | M] () -- C:\Users\Joshua\Desktop\.minecraft.7z
[2011.03.27 22:58:54 | 000,000,139 | ---- | M] () -- C:\Users\Joshua\Desktop\wiederholungen_übungen_2b. py
[2011.03.27 17:02:53 | 000,001,298 | ---- | M] () -- C:\Users\Joshua\Desktop\Minecraft Server.lnk
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.22 03:24:07 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.22 03:18:34 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.22 02:28:00 | 000,012,498 | ---- | C] () -- C:\Users\Joshua\Desktop\sitemanager.xml
[2011.04.21 04:05:32 | 000,001,593 | ---- | C] () -- C:\Users\Joshua\Documents\mcedit.ini
[2011.04.21 04:05:05 | 000,060,447 | ---- | C] () -- C:\Programme\mcedit-uninstall.exe
[2011.04.21 04:05:05 | 000,001,604 | ---- | C] () -- C:\Program Files\MCEdit-64bit.lnk
[2011.04.19 23:03:10 | 139,189,543 | ---- | C] () -- C:\Users\Joshua\Desktop\Portalcraft.wmv
[2011.04.19 22:28:33 | 026,808,604 | ---- | C] () -- C:\Users\Joshua\Desktop\Portal - Victims of Science - The Device Has Been Modified.wav
[2011.04.19 21:05:34 | 000,050,799 | ---- | C] () -- C:\Users\Joshua\Desktop\portal.jpg
[2011.04.19 21:01:23 | 000,634,444 | ---- | C] () -- C:\Users\Joshua\Desktop\Portal_2_Logo.jpg
[2011.04.19 03:19:04 | 114,516,126 | ---- | C] () -- C:\Users\Joshua\Desktop\Portalcraftv1.wmv
[2011.04.19 03:12:25 | 000,084,760 | ---- | C] () -- C:\Users\Joshua\Desktop\repeat.wav
[2011.04.19 02:57:10 | 000,130,496 | ---- | C] () -- C:\Users\Joshua\Desktop\portalgunsound.wav
[2011.04.19 02:51:19 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
[2011.04.19 02:27:12 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011.04.19 01:47:55 | 114,452,126 | ---- | C] () -- C:\Users\Joshua\Desktop\pc.wmv
[2011.04.19 01:37:30 | 000,001,069 | ---- | C] () -- C:\windows\lightworks.ini
[2011.04.18 04:22:26 | 000,001,571 | ---- | C] () -- C:\Users\Joshua\Desktop\portalbuildproj.inv
[2011.04.17 23:49:56 | 000,041,722 | ---- | C] () -- C:\Users\Joshua\Desktop\müll.png
[2011.04.17 07:31:44 | 000,011,804 | ---- | C] () -- C:\Programme\README.html
[2011.04.17 03:08:25 | 120,508,110 | ---- | C] () -- C:\Users\Joshua\Desktop\Mob Trap.wmv
[2011.04.17 01:46:44 | 103,932,062 | ---- | C] () -- C:\Users\Joshua\Desktop\Josh's suicide.wmv
[2011.04.17 01:21:07 | 025,142,925 | ---- | C] () -- C:\Users\Joshua\Desktop\Slimefight.wmv
[2011.04.11 20:23:12 | 017,997,252 | ---- | C] () -- C:\Users\Joshua\Desktop\texture_pack_128x128_by_de dmen.zip
[2011.04.11 18:46:51 | 000,311,245 | ---- | C] () -- C:\Users\Joshua\Desktop\result1.3dr
[2011.04.08 23:09:14 | 002,589,739 | ---- | C] () -- C:\Users\Joshua\Desktop\bin.7z
[2011.04.08 23:05:44 | 059,528,759 | ---- | C] () -- C:\Users\Joshua\Desktop\.minecraft.7z
[2011.04.07 21:23:13 | 000,002,804 | ---- | C] () -- C:\Users\Joshua\Documents\MY_AUDIO_040711_2.p2g
[2011.04.07 21:03:11 | 000,002,804 | ---- | C] () -- C:\Users\Joshua\Documents\MY_AUDIO_040711_1.p2g
[2011.04.07 17:17:49 | 000,000,034 | ---- | C] () -- C:\windows\cdplayer.ini
[2011.04.06 10:41:37 | 000,001,034 | ---- | C] () -- C:\Users\Joshua\Desktop\VNC Viewer 4.lnk
[2011.04.01 20:23:59 | 034,841,014 | ---- | C] () -- C:\Users\Joshua\Desktop\MServer.zip
[2011.03.31 20:33:43 | 056,530,520 | ---- | C] () -- C:\Users\Joshua\AppData\Roaming\.minecraft.7z
[2011.03.27 22:58:53 | 000,000,139 | ---- | C] () -- C:\Users\Joshua\Desktop\wiederholungen_übungen_2b. py
[2011.03.27 17:02:53 | 000,001,298 | ---- | C] () -- C:\Users\Joshua\Desktop\Minecraft Server.lnk
[2011.03.15 16:17:45 | 000,356,352 | ---- | C] () -- C:\windows\SpaceFighters3DUninstaller.exe
[2011.03.14 19:52:18 | 000,033,792 | ---- | C] () -- C:\windows\SysWow64\rgbacodec.dll
[2011.03.09 16:25:19 | 000,270,240 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2011.03.09 16:25:17 | 000,075,136 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2011.02.26 18:43:55 | 000,001,077 | ---- | C] () -- C:\windows\unins000.dat
[2011.02.26 00:32:55 | 000,000,219 | ---- | C] () -- C:\windows\SIERRA.INI
[2011.02.25 22:21:10 | 000,192,512 | ---- | C] () -- C:\windows\SysWow64\fgkey.exe
[2011.02.05 00:48:16 | 000,073,728 | ---- | C] () -- C:\windows\SysWow64\GkSui18.EXE
[2011.01.03 15:30:56 | 000,204,385 | -H-- | C] () -- C:\Users\Joshua\AppData\Local\debuggee.mdmp
[2010.11.30 21:26:52 | 000,000,935 | ---- | C] () -- C:\windows\STA2.ini
[2010.10.26 03:40:12 | 000,016,896 | -H-- | C] () -- C:\Users\Joshua\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2010.07.14 15:36:31 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2010.07.03 18:01:00 | 000,000,058 | -H-- | C] () -- C:\Users\Joshua\AppData\Local\DonationCoder_Screen shotCaptor_InstallInfo.dat
[2010.07.03 18:01:00 | 000,000,058 | ---- | C] () -- C:\windows\SysWow64\DonationCoder_ScreenshotCaptor _InstallInfo.dat
[2010.06.27 17:33:03 | 000,001,404 | ---- | C] () -- C:\windows\SysWow64\tsdigsgn.dat
[2010.05.20 19:48:25 | 000,000,048 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2010.05.20 18:26:46 | 000,007,600 | -H-- | C] () -- C:\Users\Joshua\AppData\Local\Resmon.ResmonCfg
[2010.02.25 09:24:31 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2010.02.25 09:24:31 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2010.02.25 09:16:52 | 000,016,648 | R--- | C] () -- C:\windows\SysWow64\LogAPI.dll
[2010.02.25 09:07:22 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2010.02.25 09:07:22 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2010.02.25 09:07:10 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2010.02.25 09:00:22 | 001,829,040 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009.07.13 23:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009.07.13 23:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2007.04.27 11:43:58 | 000,120,200 | ---- | C] () -- C:\windows\SysWow64\DLLDEV32i.dll
[2007.04.10 02:55:00 | 000,114,688 | ---- | C] () -- C:\windows\SysWow64\lua5.1.dll
[2007.03.01 12:38:42 | 000,151,552 | ---- | C] () -- C:\windows\SysWow64\SDL_gfx.dll
[2007.01.26 01:04:12 | 000,138,752 | ---- | C] () -- C:\windows\SysWow64\mase32.dll
[2007.01.26 01:04:12 | 000,027,648 | ---- | C] () -- C:\windows\SysWow64\ma32.dll
[2006.06.27 07:47:08 | 000,258,048 | ---- | C] () -- C:\windows\SysWow64\SDL.dll
[2006.06.26 19:39:36 | 001,101,824 | ---- | C] () -- C:\windows\SysWow64\vorbis.dll
[2006.06.26 19:39:36 | 000,229,376 | ---- | C] () -- C:\windows\SysWow64\SDL_mixer.dll
[2006.06.26 19:39:36 | 000,196,608 | ---- | C] () -- C:\windows\SysWow64\smpeg.dll
[2006.06.26 19:39:36 | 000,032,768 | ---- | C] () -- C:\windows\SysWow64\vorbisfile.dll
[2006.06.26 19:39:36 | 000,024,576 | ---- | C] () -- C:\windows\SysWow64\ogg.dll
[2006.06.16 16:15:52 | 000,090,112 | ---- | C] () -- C:\windows\SysWow64\physfs.dll
[2006.06.16 09:03:32 | 000,241,664 | ---- | C] () -- C:\windows\SysWow64\freeglut.dll
[2006.06.09 19:51:46 | 000,372,736 | ---- | C] () -- C:\windows\SysWow64\ode.dll
[2006.05.23 02:44:24 | 000,032,768 | ---- | C] () -- C:\windows\SysWow64\alut.dll
[2006.05.17 19:19:34 | 000,331,776 | ---- | C] () -- C:\windows\SysWow64\SDL_ttf.dll
[2006.05.17 19:10:00 | 000,024,576 | ---- | C] () -- C:\windows\SysWow64\SDL_net.dll
[2006.05.17 10:57:36 | 000,385,090 | ---- | C] () -- C:\windows\SysWow64\libtiff.dll
[2006.05.17 10:57:36 | 000,169,443 | ---- | C] () -- C:\windows\SysWow64\jpeg.dll
[2006.05.17 10:57:36 | 000,126,976 | ---- | C] () -- C:\windows\SysWow64\libpng12.dll
[2006.05.17 10:57:36 | 000,077,824 | ---- | C] () -- C:\windows\SysWow64\zlib1.dll
[2006.05.17 10:57:36 | 000,040,960 | ---- | C] () -- C:\windows\SysWow64\SDL_image.dll
[2005.04.15 05:57:02 | 000,037,376 | ---- | C] () -- C:\windows\SysWow64\glfw.dll
[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\iyvu9_32.dll
 
========== LOP Check ==========
 
[2011.04.22 02:37:20 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\.minecraft
[2010.11.06 11:33:42 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\AntMe
[2011.04.19 02:24:20 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\avidemux
[2011.03.18 23:57:39 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Call Graph
[2010.11.30 23:14:57 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\DAEMON Tools Lite
[2010.11.02 00:11:41 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Dev-Cpp
[2010.07.03 18:01:00 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\DonationCoder
[2011.04.17 02:36:39 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\DVDVideoSoft
[2011.03.26 16:44:25 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\DVDVideoSoftIEHelp ers
[2011.04.22 03:10:27 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\FileZilla
[2011.02.26 00:05:25 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\GetRightToGo
[2010.08.31 17:18:00 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\gtk-2.0
[2011.02.21 22:57:52 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Hi-Rez Studios
[2010.12.08 19:45:10 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\IrfanView
[2011.03.03 15:57:22 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Jonas Ruchti
[2011.02.04 23:57:32 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Kalypso Media
[2010.07.31 14:55:51 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\LolClient
[2010.11.11 17:19:22 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\MAGIX
[2011.01.15 18:24:46 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\MonoDevelop
[2010.07.16 18:26:58 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Mumble
[2010.12.22 15:09:55 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Need for Speed World
[2011.01.22 02:43:57 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Nokia
[2010.10.26 03:38:31 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Nokia Ovi Suite
[2010.06.16 20:13:37 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Notepad++
[2010.05.20 19:49:15 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\OpenOffice.org
[2010.05.20 19:08:45 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Opera
[2011.03.23 08:12:07 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\PapDesigner
[2010.10.26 03:22:37 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\PC Suite
[2011.02.07 18:01:35 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\ProtectDISC
[2010.11.11 16:44:19 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Publish Providers
[2010.07.30 00:33:14 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Screaming Bee
[2011.03.18 23:26:21 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Sedna Wireless
[2011.04.19 20:12:47 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Sony
[2011.02.20 18:43:35 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\STABELINOREADER
[2010.08.31 15:36:24 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\stetic
[2010.06.27 17:10:45 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Subversion
[2011.04.17 22:56:22 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\TeamViewer
[2010.11.11 16:24:32 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Thinstall
[2011.03.13 05:58:23 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\TS3Client
[2011.04.19 23:28:44 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\uTorrent
[2011.02.12 17:09:06 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\win32
[2011.02.20 03:06:58 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\Windows Live Writer
[2011.04.20 17:36:16 | 000,000,000 | ---D | M] -- C:\Users\Joshua\AppData\Roaming\yWorks
[2011.02.26 14:59:34 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
         
--- --- ---

[/code]

mbam

Code:
ATTFilter
 
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
 
Datenbank Version: 6416
 
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
 
22.04.2011 17:09:22
mbam-log-2011-04-22 (17-09-08).txt
 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 1072908
Laufzeit: 2 Stunde(n), 43 Minute(n), 21 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\ActiveDesktop\NoChangingWallPap er (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
c:\programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Joshua\AppData\Local\microsoft\Windows\te mporary internet files\Content.IE5\LXJ3U6XP\contacts[1].exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Joshua\downloads\BR7patch\patch.exe (Trojan.Downloader) -> No action taken.
c:\Users\Joshua\AppData\Roaming\win32\windll.exe (Backdoor.Agent) -> No action taken.
         

Zu den Spätfolgen zählen eben diese Viren/Registryeinträge. Kann ich diese ohne Bedenken von Malewarebytes entfernen lassen ?

LG Josh

Habe mbam die jetzt alle löschen lassen, ein neuer Scan mit vorhergehendem Update ist gerade am laufen. Log kommt, sobald der Download fertig ist. Soll ich nochmal OTL durchlaufen lassen ?

Alt 25.04.2011, 14:38   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/kazy.mekml.1 spätfolgen entfernen - Standard

TR/kazy.mekml.1 spätfolgen entfernen



Zitat:
c:\Users\Joshua\downloads\BR7patch\patch.exe
Was genau soll das für ein "patch" sein?
__________________

__________________

Antwort

Themen zu TR/kazy.mekml.1 spätfolgen entfernen
adobe, anti maleware, antivir, avgntflt.sys, avira, backdoor.agent, bho, bonjour, chdrt64.sys, conduit, converter, desktop, disabletaskmgr, entfernen, error, firefox, format, helper, home, intranet, lenovo, live cd, location, logfile, mozilla, mp3, object, oldtimer, plug-in, realtek, registry, scan, searchplugins, software, sptd.sys, start menu, starten, studio, system, syswow64, trojaner, visual studio, webcheck, windows



Ähnliche Themen: TR/kazy.mekml.1 spätfolgen entfernen


  1. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 30.05.2011 (37)
  2. tr/kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 17.05.2011 (5)
  3. TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..
    Log-Analyse und Auswertung - 15.05.2011 (33)
  4. TR/Kazy.mekml.1 - was tun?
    Plagegeister aller Art und deren Bekämpfung - 12.05.2011 (5)
  5. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 06.05.2011 (29)
  6. Trojaner TR/Kazy.mekml.1 entfernen ( doppelt )
    Mülltonne - 06.05.2011 (1)
  7. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (10)
  8. TR/Kazy.mekml.1 ... SOS
    Plagegeister aller Art und deren Bekämpfung - 30.04.2011 (34)
  9. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (14)
  10. TR/kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (10)
  11. TR/kazy.mekml.1...was nun?
    Log-Analyse und Auswertung - 28.04.2011 (10)
  12. TR/kazy.mekml.1
    Mülltonne - 26.04.2011 (0)
  13. Osterei: TR/Kazy.mekml.1 und TR/Kazy.20364
    Log-Analyse und Auswertung - 25.04.2011 (1)
  14. tr/kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 23.04.2011 (9)
  15. kazy.mekml.1
    Log-Analyse und Auswertung - 23.04.2011 (3)
  16. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (6)
  17. TR/kazy.mekml.1
    Log-Analyse und Auswertung - 20.04.2011 (16)

Zum Thema TR/kazy.mekml.1 spätfolgen entfernen - Hallo, gestern meldete mein Avira AntiVir den Trojaner TR/kazy.mekml.1 . Später zeigte er sich mir mit allen Syntomen (Fake Meldungen in schlechtem, wahrscheinlich maschinell übersetztem Deutsch, usw.). Laut Avira wurde - TR/kazy.mekml.1 spätfolgen entfernen...
Archiv
Du betrachtest: TR/kazy.mekml.1 spätfolgen entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.