BKA Bundeskriminalamt Trojaner/Ukash: Wie entferne ich Überreste?

Antigone · 12.08.2011, 03:26

Hallo liebe Helfer,

vor ein paar Tagen hatte ich den BKA-Trojaner auf meinem Rechner (Win 7, 32 bit). Obwohl ich überhaupt keine Ahnung von Computern habe, habe ich eine Nacht lang herumgetüfftelt.

1. Die Kaspersky-CD rescue disc 10 fand zunächst nicht.

2. Dann habe ich über meinen Administrater (Supermann) (der sich noch normal öffnen ließ, befallen war nur mein Benutzerkonto ohne Administratorenrechte) Malwarebytes laufen lassen.
Das Programm fand etwas (unter AppData), das ich gelöscht habe. Danach funktionierte scheinbar alles wieder und ich war als Computer-Unerfahrene erst einmal glücklich.

Wie ich jetzt gelesen habe, wäre das Ergebnis des Scans zur Eröterung des Trojaner-Befalls wichtig gewesen. Sorry, das wußte ich nicht! Ich hoffe, ich kann trotzdem auf Eure Hilfe hoffen!

Inzwischen habe ich verstanden, dass das Löschen dieser BKA-Ansicht das Problem noch nicht in Gänze beheben muss.

Nachdem ich das BKA-Bild los war, habe ich alle meine Passwörter geändert. Dennoch meldet sich auf meinem Facebookaccount ein anderen Computer an (so die Kontoaktivität bei Facebook). Mir ist das Ganze recht unheimlich.

Über kurz oder lang: Ich will meinen Rechner wieder sauber haben. (Deswegen freue ich mich auch über Tips für das beste Virenschutzprogramm, damit ab nun alles besser wird!)

--------------------------------------------------------------
Heute Abend habe ich zunächst noch einmal malewarebytes laufen lassen.
Mit folgendem Ergebnis:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7435

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.08.2011 02:33:13
mbam-log-2011-08-12 (02-32-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 313252
Laufzeit: 1 Stunde(n), 8 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\xxx\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\9Q7NNWEZ\readme[1].exe (Spyware.Passwords.XGen) -> No action taken.

-----------------------------------------------------------

Kurz danach piepte mein (kostenfreies) Avira-Virenschutzprogramm:

Avira: In der Datei 'C:\Useres\xxx\AppData\LocalLow\...\5ab40f57-6cdc7162' wurde ein Virus oder ein unerwünschtes Programm 'EXP2\2010-4452.AC.2' gefunden.

------------------------------------------------------------------------

Dann habe ich Eure Anleitung für Hilfesuchende entdeckt und defogger laufen lassen:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 02:39 on 12/08/2011 (Supermann)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

-----------------------------------------------------------------------

Dann kam OTL an die Reihe:

OTL.txt:
OTL logfile created on: 8/12/2011 3:14:19 AM - Run 6
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Supermann\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.96 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 60.73% Memory free
3.92 Gb Paging File | 2.88 Gb Available in Paging File | 73.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 230.88 Gb Total Space | 180.96 Gb Free Space | 78.38% Space Free | Partition Type: NTFS

Computer Name: Antigone | User Name: Supermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Supermann\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Users\Supermann\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\Supermann\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Windows\System32\HPSIsvc.exe (HP)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
PRC - C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
PRC - C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
PRC - C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)
PRC - C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Windows\System32\lxddcoms.exe ( )
PRC - C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)

========== Modules (SafeList) ==========

MOD - C:\Users\Supermann\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (MBAMService) -- C:\Users\Supermann\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (HPSIService) -- C:\Windows\System32\HPSIsvc.exe (HP)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TestHandler) -- C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (lxddCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe ()
SRV - (lxdd_device) -- C:\Windows\System32\lxddcoms.exe ( )
SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (mvusbews) -- C:\Windows\System32\drivers\mvusbews.sys (Marvell Semiconductor, Inc.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSA&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.ts.fujitsu.com/index2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ecosia.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2011/07/15 15:30:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/12 15:46:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/14 22:14:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/08/23 12:54:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/11/20 00:05:54 | 000,000,000 | ---D | M]

[2011/08/03 23:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Supermann\AppData\Roaming\mozilla\Extensions
[2011/08/03 23:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Supermann\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/05/12 15:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Supermann\AppData\Roaming\mozilla\Firefox\Profiles\0eb0fghg.default\extensions
[2010/10/13 12:59:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/15 15:30:26 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\PROGRAM FILES\AUTOCOMPLETEPRO\SUPPORT@PREDICTAD.COM
[2010/04/01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/04/01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/04/01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/04/01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/04/01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CtrlVol] File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LaunchAp] File not found
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Users\Supermann\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Users\Supermann\Desktop\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Wbutton] File not found
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Supermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\lbxfile {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
O18 - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/12 01:29:03 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Supermann\Desktop\OTL.exe
[2011/08/11 13:43:17 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/11 13:43:16 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/11 13:42:59 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/11 13:42:58 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/11 13:42:58 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/08/11 13:42:58 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/08/11 13:42:58 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/08/11 13:42:58 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/08/11 13:42:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/11 13:42:58 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/11 13:42:58 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/08/11 13:42:58 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/11 13:42:58 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/08/11 13:42:58 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/08/11 13:42:48 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/08/11 13:42:48 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/11 13:42:47 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/08/11 13:42:47 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/08/11 13:42:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/11 13:42:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/11 13:42:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/11 13:42:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/08/11 13:42:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/08/11 13:42:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/11 13:42:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/08/11 13:42:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/11 13:42:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/11 13:42:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/11 13:42:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/08/11 13:42:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/11 13:42:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/11 13:42:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/08/11 13:42:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/08/11 13:42:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/08/11 13:42:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/11 13:42:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/08/11 13:42:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/08/11 13:42:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/08/11 13:42:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/11 13:42:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/11 13:42:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/11 13:42:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/08/11 13:42:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/11 13:42:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/08/11 13:42:44 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011/08/11 13:42:44 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011/08/11 13:42:44 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/08/11 13:42:44 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011/08/11 13:42:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011/08/03 23:51:34 | 000,000,000 | ---D | C] -- C:\Users\Supermann\AppData\Roaming\Malwarebytes
[2011/08/03 23:51:26 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/03 23:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/03 23:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/03 23:51:20 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/03 23:51:20 | 000,000,000 | ---D | C] -- C:\Users\Supermann\Desktop\Malwarebytes' Anti-Malware
[2011/08/03 23:11:34 | 000,000,000 | ---D | C] -- C:\Users\Supermann\AppData\Roaming\Thunderbird
[2011/08/03 23:11:34 | 000,000,000 | ---D | C] -- C:\Users\Supermann\AppData\Local\Thunderbird
[2011/08/03 14:09:54 | 000,000,000 | ---D | C] -- C:\Users\Supermann\AppData\Roaming\Avira
[2011/07/23 12:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011/07/15 16:05:37 | 000,000,000 | ---D | C] -- C:\Users\Supermann\Documents\MAGIX_MusicEditor
[2011/07/15 16:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2011/07/15 16:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2011/07/15 16:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2011/07/15 16:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2011/07/15 15:30:47 | 000,000,000 | ---D | C] -- C:\temp
[2011/07/15 15:30:31 | 000,000,000 | ---D | C] -- C:\Users\Supermann\AppData\Roaming\Music Editor Free
[2011/07/15 15:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\AutocompletePro
[2011/07/15 15:20:11 | 000,000,000 | ---D | C] -- C:\Users\Supermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Editor Free
[2011/07/15 15:20:05 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTAudioFile2.dll
[2011/07/15 15:20:05 | 001,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioInformation2.dll
[2011/07/15 15:20:05 | 000,602,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioTransform2.dll
[2011/07/15 15:20:05 | 000,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioVisualization2.dll
[2011/07/15 15:20:05 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioRecord2.dll
[2011/07/15 15:20:05 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioPlayer2.dll
[2011/07/15 15:20:05 | 000,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTTextToAudio2.dll
[2011/07/15 15:20:05 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTWMAFile2.dll
[2011/07/15 15:20:04 | 000,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioEditor2.dll
[2011/07/15 15:20:04 | 000,835,584 | ---- | C] (NCT) -- C:\Windows\System32\NCTAudioCDGrabber2.dll
[2011/07/15 15:20:04 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll
[2011/07/15 15:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Music Editor Free
[2011/07/13 17:16:27 | 002,332,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/05/13 17:10:40 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxddinpa.dll
[2010/05/13 17:10:40 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDDhcp.dll
[2010/05/13 17:10:39 | 001,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxddserv.dll
[2010/05/13 17:10:39 | 000,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxddusb1.dll
[2010/05/13 17:10:39 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxddpmui.dll
[2010/05/13 17:10:39 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxddiesc.dll
[2010/05/13 17:10:39 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxddprox.dll
[2010/05/13 17:10:39 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxddpplc.dll
[2010/05/13 17:10:38 | 000,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxddhbn3.dll
[2010/05/13 17:10:38 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxddlmpm.dll
[2010/05/13 17:10:38 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxddcoms.exe
[2010/05/13 17:10:38 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxddih.exe
[2010/05/13 17:10:37 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxddcomc.dll
[2010/05/13 17:10:37 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxddcomm.dll
[2010/05/13 17:10:37 | 000,394,160 | ---- | C] ( ) -- C:\Windows\System32\lxddcfg.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/12 03:07:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/12 03:07:50 | 1579,851,776 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/12 02:53:51 | 000,302,592 | ---- | M] () -- C:\Users\Supermann\Desktop\e8695vod.exe
[2011/08/12 02:45:18 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/12 02:45:18 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/12 02:38:59 | 000,000,000 | ---- | M] () -- C:\Users\Supermann\defogger_reenable
[2011/08/12 02:18:35 | 000,018,518 | ---- | M] () -- C:\Users\Supermann\Desktop\Trojaner.odt
[2011/08/12 01:57:39 | 000,050,477 | ---- | M] () -- C:\Users\Supermann\Desktop\Defogger.exe
[2011/08/12 01:29:14 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Supermann\Desktop\OTL.exe
[2011/08/03 23:51:26 | 000,000,771 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/03 17:06:57 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/08/03 17:06:57 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/03 17:06:57 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/08/03 17:06:57 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/03 15:01:04 | 213,340,160 | ---- | M] () -- C:\Users\Supermann\Desktop\kav_rescue_10.iso
[2011/07/26 11:38:21 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/07/26 11:38:21 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/07/22 06:56:17 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/07/16 06:37:32 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/07/16 06:19:58 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/07/16 06:19:58 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/16 06:19:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/16 06:19:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/07/16 06:19:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/07/16 06:19:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/16 06:19:58 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/07/16 06:19:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/16 06:19:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/16 06:19:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/07/16 06:19:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/16 06:19:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/16 06:19:58 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/07/16 06:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/07/16 06:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/16 06:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/07/16 06:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/07/16 06:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/07/16 06:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/16 06:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/16 06:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/16 06:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/07/16 06:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/16 06:19:58 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/07/16 04:21:47 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/07/16 04:21:47 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/16 04:21:47 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/16 04:21:47 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/07/15 16:05:27 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX MP3 deluxe 17 Download-Version.lnk
[2011/07/15 15:30:26 | 000,001,833 | ---- | M] () -- C:\Users\Supermann\Desktop\Music Editor Free.lnk
[2011/07/14 03:04:49 | 000,499,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/12 02:53:41 | 000,302,592 | ---- | C] () -- C:\Users\Supermann\Desktop\e8695vod.exe
[2011/08/12 02:38:59 | 000,000,000 | ---- | C] () -- C:\Users\Supermann\defogger_reenable
[2011/08/12 01:57:26 | 000,050,477 | ---- | C] () -- C:\Users\Supermann\Desktop\Defogger.exe
[2011/08/12 01:45:00 | 000,018,518 | ---- | C] () -- C:\Users\Supermann\Desktop\Trojaner.odt
[2011/08/03 23:51:26 | 000,000,771 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/03 15:00:44 | 213,340,160 | ---- | C] () -- C:\Users\Supermann\Desktop\kav_rescue_10.iso
[2011/07/15 16:05:27 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX MP3 deluxe 17 Download-Version.lnk
[2011/07/15 15:20:11 | 000,001,833 | ---- | C] () -- C:\Users\Supermann\Desktop\Music Editor Free.lnk
[2011/01/24 23:52:20 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE
[2011/01/24 23:52:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL
[2011/01/24 23:52:02 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.dll
[2011/01/24 23:51:59 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll
[2011/01/24 23:51:58 | 000,054,272 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll
[2011/01/16 15:23:13 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/05/16 21:56:18 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/05/16 21:38:39 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010/05/15 23:54:40 | 000,000,153 | ---- | C] () -- C:\ProgramData\lxdd
[2010/05/13 17:10:40 | 000,286,720 | ---- | C] () -- C:\Windows\System32\LXDDinst.dll
[2010/05/13 17:10:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxddgrd.dll
[2010/05/13 15:42:59 | 000,002,971 | R--- | C] () -- C:\Windows\System32\SETUP.INI
[2010/05/13 15:41:26 | 000,069,632 | R--- | C] () -- C:\Windows\System32\SendMail.exe
[2010/05/13 15:41:26 | 000,006,496 | R--- | C] () -- C:\Windows\System32\KPNDLG.INI
[2010/05/13 15:41:26 | 000,003,564 | R--- | C] () -- C:\Windows\System32\KPNMSG.INI
[2010/05/12 04:37:02 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2010/05/11 20:58:39 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/12/15 09:28:51 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/12/15 09:28:49 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/11/17 13:08:34 | 000,197,424 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009/08/07 15:53:57 | 000,643,866 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/08/07 15:53:57 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/08/07 15:53:57 | 000,126,394 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/08/07 15:53:57 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/30 13:49:22 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 000,499,216 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,607,190 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,103,568 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/01 11:48:16 | 000,053,478 | ---- | C] () -- C:\Windows\mvtcpui.ini
[2007/04/27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007/03/28 14:16:44 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxddcoin.dll
[2007/01/23 19:40:04 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxddcaps.dll
[2007/01/09 17:13:08 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdddrs.dll
[2006/10/06 17:08:04 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxddcnv4.dll
[2006/05/18 02:47:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxddvs.dll

========== LOP Check ==========

[2010/05/16 00:09:50 | 000,000,000 | ---D | M] -- C:\Users\Supermann\AppData\Roaming\FreeAudioPack
[2010/05/13 17:43:40 | 000,000,000 | ---D | M] -- C:\Users\Supermann\AppData\Roaming\Lexmark Productivity Studio
[2010/05/14 22:16:34 | 000,000,000 | ---D | M] -- C:\Users\Supermann\AppData\Roaming\Libronix DLS
[2011/07/15 15:36:35 | 000,000,000 | ---D | M] -- C:\Users\Supermann\AppData\Roaming\Music Editor Free
[2010/05/12 16:43:41 | 000,000,000 | ---D | M] -- C:\Users\Supermann\AppData\Roaming\OpenOffice.org
[2011/08/03 23:11:35 | 000,000,000 | ---D | M] -- C:\Users\Supermann\AppData\Roaming\Thunderbird
[2011/07/27 17:38:30 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

---------------------------------------------------------------------

Dies ist die Extra.txt-Datei:

OTL Extras logfile created on: 8/12/2011 3:14:19 AM - Run 6
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Supermann\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.96 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 60.73% Memory free
3.92 Gb Paging File | 2.88 Gb Available in Paging File | 73.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 230.88 Gb Total Space | 180.96 Gb Free Space | 78.38% Space Free | Partition Type: NTFS

Computer Name: ANTIGONE | User Name: Supermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{19991EAD-C273-47EB-87E8-0D274925230B}" = OEB Resource Driver
"{1A531111-4E6F-4CBB-9515-F0A5FD1026BA}" = MAGIX MP3 deluxe 17 Download-Version
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{318CACFE-FB02-472F-A328-32CABC07F3D8}" = Firebird SQL Server - MAGIX Edition
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.2
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F81DD84-6A2F-11D4-903E-00E0293397B7}" = Bible Data Type System Files
"{5F81DD89-6A2F-11D4-903E-00E0293397B7}" = Common System Files
"{5F81DD92-6A2F-11D4-903E-00E0293397B7}" = Libronix Digital Library System
"{5F81DD97-6A2F-11D4-903E-00E0293397B7}" = Libronix DLS Application
"{5F81DD9B-6A2F-11D4-903E-00E0293397B7}" = LibronixUpdate
"{5F81DD9F-6A2F-11D4-903E-00E0293397B7}" = LLS Resource Driver
"{5F81DDA3-6A2F-11D4-903E-00E0293397B7}" = PDF Resource Driver
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{72CB5335-6D2A-4207-B811-6CB6C6925039}" = Batch Update
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7b38efde-74d9-4c87-8dfe-cedf031d9505}" = Nero 9 Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91D0B34A-022D-4376-9E78-CE2957851F22}" = Libronix DLS Shortcuts SESB
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B59C4B01-0880-4D48-8110-F48C5D99B890}" = Stuttgart Electronic Study Bible
"{BD01B72F-DA62-49D2-9C5B-F3A91AD00C3C}" = MAGIX Screenshare
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EF59DB7F-7426-426E-B862-7031F83ED304}" = SystemDiagnostics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F524FC88-DDF5-4433-A57C-67C31F437D0D}" = MAGIX Speed burnR (MSI)
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AutocompletePro2_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Lexmark 2500 Series" = Lexmark 2500 Series
"Libronix DLS" = Libronix Digital Library System
"MAGIX_MSI_mp3maker_17" = MAGIX MP3 deluxe 17 Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"Music Editor Free" = Music Editor Free
"PROHYBRIDR" = 2007 Microsoft Office system
"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.4 for Windows
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVWiz" = Intel(R) TV Wizard

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/3/2011 10:21:19 AM | Computer Name = Antigone | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 8/3/2011 10:21:19 AM | Computer Name = Antigone | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 8/3/2011 10:22:28 AM | Computer Name = Antigone | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 8/3/2011 10:22:28 AM | Computer Name = Antigone | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 8/3/2011 10:23:34 AM | Computer Name = Antigone | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 8/3/2011 10:23:34 AM | Computer Name = Antigone | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 8/3/2011 10:27:09 AM | Computer Name = Antigone | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 8/3/2011 10:27:09 AM | Computer Name = Antigone | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 8/3/2011 10:28:13 AM | Computer Name = Antigone | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 8/3/2011 10:28:13 AM | Computer Name = Antigone | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

[ System Events ]
Error - 1/20/2011 8:23:57 AM | Computer Name = Antigone | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxddCATSCustConnectService erreicht.

Error - 1/20/2011 8:23:57 AM | Computer Name = Antigone | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxddCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 1/20/2011 5:21:14 PM | Computer Name = Antigone | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxddCATSCustConnectService erreicht.

Error - 1/20/2011 5:21:14 PM | Computer Name = Antigone | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxddCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 1/21/2011 11:18:06 AM | Computer Name = Antigone | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxddCATSCustConnectService erreicht.

Error - 1/21/2011 11:18:06 AM | Computer Name = Antigone | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxddCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 1/21/2011 5:17:53 PM | Computer Name = Antigone | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxddCATSCustConnectService erreicht.

Error - 1/21/2011 5:17:53 PM | Computer Name = Antigone | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxddCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 1/22/2011 7:58:31 AM | Computer Name = Antigone | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxddCATSCustConnectService erreicht.

Error - 1/22/2011 7:58:31 AM | Computer Name = Antigone | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxddCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

< End of report >
------------------------------------------------------------------------

Da ich einen 32bit-System habe, habe ich ich GMER installiert. Mit folgendem Ergebnis:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-08-12 03:45:29
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250315AS rev.0003SDM1
Running: e8695vod.exe; Driver: C:\Users\SUPERM~1\AppData\Local\Temp\fwryrpod.sys

---- System - GMER 1.0.15 ----

SSDT 8E15FE96 ZwCreateSection
SSDT 8E15FE9B ZwSetContextThread
SSDT 8E15FE37 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C4E539 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C73092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 350 82C7A9B0 4 Bytes [96, FE, 15, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 6F0 82C7AD50 4 Bytes [9B, FE, 15, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 7C8 82C7AE28 4 Bytes [37, FE, 15, 8E]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000065 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

-----------------------------------------------------------------------

Ich hoffe, dass ich bislang alles richtig gemacht habe. Ich war mir etwas unsicher, ob ich alles hierherein kopieren soll oder ein Dokuemnt anhängen soll: Dazu scheint es ja unterschiedliche Ansichten zu geben, oder?

Also, wenn mir jemand sagen kann, ob ich noch irgendwas entfernen muss (und wenn ja, wie!), wäre ich sehr, sehr dankbar!

P.S. Bitte gebt mir, wenn Ihr mir helfen wollt, Schritt für Schritt-Anleitungen. Wie angedeutet: Dass ich so weit gekommen bin, grenzt schon an ein Wunder. Normalerweise klicke ich nur auf bunte Icons!

BKA Bundeskriminalamt Trojaner/Ukash: Wie entferne ich Überreste?

Log-Analyse und Auswertung: BKA Bundeskriminalamt Trojaner/Ukash: Wie entferne ich Überreste?

BKA Bundeskriminalamt Trojaner/Ukash: Wie entferne ich Überreste?

Ähnliche Themen: BKA Bundeskriminalamt Trojaner/Ukash: Wie entferne ich Überreste?