Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Malware Protection Virus - Alles sauber?

Malware Protection Virus - Alles sauber?


Log-Analyse und Auswertung: Malware Protection Virus - Alles sauber?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 15.08.2011, 09:13   #1
vihille
 
Malware Protection Virus - Alles sauber? - Standard

Malware Protection Virus - Alles sauber?


Guten Morgen,

ich hab mir diesen nervigen Malware Protection Virus eingefangen. Es hat sich dieses Fake Anti-Viren-Programm geöffnet und alle Programme wurden geblockt. Zusätzlich sind noch der Großteil meiner Dateien versteckt.

- Ich hab den PC im abgesichterten Modus gestartet
- rkill 2x ausgeführt
- einen vollständigen (aktualisierten) Malwarebytes-Scan durchgeführt
- dann OTH laufen lassen
- nochmal einen Quickscan mit Malwarebytes ausgeführt
- Neustart
- Defogger
- Neustart
- OTL

OTL.TXTOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.08.2011 10:00:12 - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Vincent\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1021,31 Mb Total Physical Memory | 373,64 Mb Available Physical Memory | 36,58% Memory free
2,25 Gb Paging File | 1,43 Gb Available in Paging File | 63,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,82 Gb Total Space | 43,30 Gb Free Space | 30,11% Space Free | Partition Type: NTFS
Drive D: | 5,23 Gb Total Space | 1,18 Gb Free Space | 22,61% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 13,69 Gb Free Space | 2,94% Space Free | Partition Type: NTFS
 
Computer Name: VINCENT-PC | User Name: Vincent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Vincent\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\Programme\Dell\MFP_DELL\deMntrService.exe (Dell)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Programme\HP\QuickPlay\Kernel\TV\CLSched.exe ()
PRC - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Vincent\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) -- File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (deMntrService) -- C:\Program Files\Dell\MFP_DELL\deMntrService.exe (Dell)
SRV - (adonym Update Service) -- C:\Program Files\adonym\adonymService.exe ( )
SRV - (adonymServiceUpdater) -- C:\Program Files\adonym\adonymServiceUpdater.exe ( )
SRV - (SSScsiSV) -- C:\Programme\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ServiceLayer) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (Nokia.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (QuarticsWPMirror) -- C:\Windows\System32\drivers\QuarticsWPMirror.sys (Quartics LLC)
DRV - (QuarticsWP) -- C:\Windows\System32\drivers\QuarticsWP.sys (Quartics LLC)
DRV - (DESVUSB) -- C:\Windows\System32\drivers\desrvusb.sys (Olivetti-Engineering SA)
DRV - (MXOPSWD) -- C:\Windows\System32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (ST50220) -- C:\Windows\System32\drivers\ST50220.sys (Sonix)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (Nokia USB Phone Parent) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
DRV - (Nokia USB Port) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia)
DRV - (Nokia USB Modem) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (Nokia USB Generic) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=laptop
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.28 07:34:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.13 11:56:19 | 000,000,000 | ---D | M]
 
[2009.01.17 13:36:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Vincent\AppData\Roaming\mozilla\Extensions
[2011.06.21 23:33:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vincent\AppData\Roaming\mozilla\Firefox\Profiles\uzvm1syi.default\extensions
[2011.05.25 09:27:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Vincent\AppData\Roaming\mozilla\Firefox\Profiles\uzvm1syi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.21 23:33:57 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Vincent\AppData\Roaming\mozilla\Firefox\Profiles\uzvm1syi.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.08.15 01:00:20 | 000,001,056 | ---- | M] () -- C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\uzvm1syi.default\searchplugins\icqplugin.xml
[2011.03.20 12:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.08.15 18:12:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009.01.17 13:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org
File not found (No name found) -- 
[2010.08.15 18:12:13 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.06.28 07:34:55 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.08.15 18:09:54 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.05.13 11:56:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.05.13 11:56:08 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2011.05.13 11:56:08 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.05.13 11:56:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.05.13 11:56:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.05.13 11:56:09 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (WebSpeechBHO Class) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Programme\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [EPSON Stylus DX7400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk = File not found
O4 - Startup: C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk = C:\Programme\stickies\stickies.exe (Zhorn Software)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.ak.studivz.net/photouploader/ImageUploader4.cab?nocache=20071219-1 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1206910536 (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Vincent\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Vincent\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2008.12.15 11:52:18 | 000,000,080 | ---- | M] () - G:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{235bce2d-53f7-11de-87f7-001a6b211ad2}\Shell - "" = AutoRun
O33 - MountPoints2\{235bce2d-53f7-11de-87f7-001a6b211ad2}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{235bce35-53f7-11de-87f7-001a6b211ad2}\Shell - "" = AutoRun
O33 - MountPoints2\{235bce35-53f7-11de-87f7-001a6b211ad2}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{3adf0d12-77f1-11df-9b5e-001a6b211ad2}\Shell\AutoRun\command - "" = C:\Windows\System32\cmd.exe -- [2008.01.19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{3adf0d12-77f1-11df-9b5e-001a6b211ad2}\Shell\explore\command - "" = C:\Windows\System32\cmd.exe -- [2008.01.19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{3adf0d12-77f1-11df-9b5e-001a6b211ad2}\Shell\open\command - "" = C:\Windows\System32\cmd.exe -- [2008.01.19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{4526b870-6fcd-11df-aa23-001a6b211ad2}\Shell\AutoRun\command - "" = C:\Windows\System32\cmd.exe -- [2008.01.19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{4526b870-6fcd-11df-aa23-001a6b211ad2}\Shell\explore\command - "" = C:\Windows\System32\cmd.exe -- [2008.01.19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{4526b870-6fcd-11df-aa23-001a6b211ad2}\Shell\open\command - "" = C:\Windows\System32\cmd.exe -- [2008.01.19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{8b5b7e97-960c-11dd-89ef-001a6b211ad2}\Shell\AutoRun\command - "" = wscript.exe .\.vbs
O33 - MountPoints2\{8b5b7e97-960c-11dd-89ef-001a6b211ad2}\Shell\open\command - "" = wscript.exe .\.vbs
O33 - MountPoints2\{b8cea898-fda1-11dd-82c4-001a6b211ad2}\Shell - "" = AutoRun
O33 - MountPoints2\{b8cea898-fda1-11dd-82c4-001a6b211ad2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{c453a39c-b7e7-11df-8cf8-001a6b211ad2}\Shell - "" = AutoRun
O33 - MountPoints2\{c453a39c-b7e7-11df-8cf8-001a6b211ad2}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{c453a39d-b7e7-11df-8cf8-001a6b211ad2}\Shell - "" = AutoRun
O33 - MountPoints2\{c453a39d-b7e7-11df-8cf8-001a6b211ad2}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{e1d7b08d-cde4-11de-9aff-001a6b211ad2}\Shell\AutoRun\command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{e1d7b08d-cde4-11de-9aff-001a6b211ad2}\Shell\Explore\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{e1d7b08d-cde4-11de-9aff-001a6b211ad2}\Shell\Open\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{ef0fb2ff-a14b-11de-a7c6-001a6b211ad2}\Shell - "" = AutoRun
O33 - MountPoints2\{ef0fb2ff-a14b-11de-a7c6-001a6b211ad2}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.15 09:21:25 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\Vincent\Desktop\OTH.scr
[2011.08.12 19:31:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.08.10 14:52:24 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.08.10 00:54:01 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.08.10 00:52:40 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.08.10 00:52:35 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.08.10 00:52:31 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.08.10 00:52:31 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.08.10 00:52:30 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.08.10 00:52:29 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.08.10 00:52:29 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.08.10 00:52:28 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.08.10 00:52:27 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.08.10 00:52:26 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.08.10 00:52:25 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.08.10 00:52:06 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.08.10 00:52:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.08.10 00:52:04 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.08.10 00:52:03 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.08.10 00:52:03 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.08.10 00:52:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.08.10 00:52:01 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.08.10 00:50:12 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.08.10 00:50:11 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.08.08 10:26:10 | 000,000,000 | ---D | C] -- C:\Users\Vincent\Desktop\Strafrecht Hausarbeit
[2011.08.08 09:31:36 | 000,000,000 | ---D | C] -- C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2011.08.08 09:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2011.08.08 09:31:35 | 000,000,000 | ---D | C] -- C:\Programme\OpenVPN
[2011.07.17 01:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2011.07.17 01:37:01 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.5
[2007.09.07 20:52:01 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[2007.09.07 20:52:01 | 000,049,152 | ---- | C] ( ) -- C:\Windows\System32\AxInterop.SHDocVw.dll
[1 C:\Users\Vincent\AppData\Local\*.tmp files -> C:\Users\Vincent\AppData\Local\*.tmp -> ]
[1 C:\Users\Vincent\*.tmp files -> C:\Users\Vincent\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.15 09:55:32 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.15 09:55:21 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.15 09:55:21 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.15 09:55:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.15 09:55:08 | 1071,702,016 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.15 09:53:49 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.08.15 09:52:08 | 000,000,000 | ---- | M] () -- C:\Users\Vincent\defogger_reenable
[2011.08.15 09:49:12 | 000,050,477 | ---- | M] () -- C:\Users\Vincent\Desktop\Defogger.exe
[2011.08.15 09:38:11 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.15 09:21:01 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Vincent\Desktop\OTH.scr
[2011.08.14 22:52:18 | 000,115,200 | ---- | M] () -- C:\Users\Vincent\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.14 18:00:00 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan.job
[2011.08.12 19:32:47 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.12 19:32:47 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.12 19:32:47 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.12 19:32:46 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.11 10:19:31 | 000,702,336 | ---- | M] () -- C:\Users\Vincent\Documents\931960285img5150122477l.jpg
[2011.08.11 08:47:42 | 158,804,141 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.08.10 14:52:24 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.08.10 14:15:40 | 000,006,192 | ---- | M] () -- C:\Users\Vincent\Documents\1401780-1247540871-Autobots.gif
[2011.08.10 14:13:11 | 000,003,615 | ---- | M] () -- C:\Users\Vincent\Documents\lens1465314_transformers.jpg
[2011.08.08 12:44:46 | 000,576,454 | ---- | M] () -- C:\Users\Vincent\Documents\6ae5b04e0386de8e96bbf848c3963964.jpg
[2011.08.08 10:03:28 | 000,128,318 | ---- | M] () -- C:\Users\Vincent\Documents\2291486256e48694a611ooy9.jpg
[2011.08.08 10:03:20 | 000,135,180 | ---- | M] () -- C:\Users\Vincent\Documents\22914859320c6d4f2d72oth0.jpg
[2011.08.08 10:02:41 | 000,091,031 | ---- | M] () -- C:\Users\Vincent\Documents\g55black.jpg
[2011.08.08 10:02:20 | 000,948,576 | ---- | M] () -- C:\Users\Vincent\Documents\5496425195_9dc56a7f0b_o.jpg
[2011.08.08 09:47:56 | 000,165,386 | ---- | M] () -- C:\Users\Vincent\Documents\dsc0201sa.jpg
[2011.08.08 09:47:49 | 000,150,872 | ---- | M] () -- C:\Users\Vincent\Documents\dsc0198do.jpg
[2011.08.08 09:34:36 | 000,000,918 | ---- | M] () -- C:\Users\Vincent\Desktop\OpenVPN GUI.lnk
[2011.08.08 08:26:09 | 000,339,920 | ---- | M] () -- C:\Users\Vincent\Documents\wallpaper-i1280x1024.jpg
[2011.08.06 20:40:31 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9BB5E2AA-C05E-4E5A-92E4-9E4C19C017B3}.job
[2011.08.02 09:57:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.23 13:04:18 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.07.23 13:01:07 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.07.23 13:00:36 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.07.23 13:00:36 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.07.23 13:00:05 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.07.23 12:59:57 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.07.23 12:59:52 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.07.23 12:59:35 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.07.23 12:59:34 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.07.23 12:59:34 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.07.23 12:59:34 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.07.23 12:59:34 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.07.23 12:59:29 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.07.23 12:03:47 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.07.23 11:27:04 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.07.23 11:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.07.23 11:26:12 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.07.23 11:25:38 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.07.22 09:26:59 | 002,087,556 | ---- | M] () -- C:\Users\Vincent\Documents\IMGP2715.JPG
[2011.07.22 09:26:45 | 002,099,679 | ---- | M] () -- C:\Users\Vincent\Documents\IMGP2701.JPG
[1 C:\Users\Vincent\AppData\Local\*.tmp files -> C:\Users\Vincent\AppData\Local\*.tmp -> ]
[1 C:\Users\Vincent\*.tmp files -> C:\Users\Vincent\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.15 09:52:08 | 000,000,000 | ---- | C] () -- C:\Users\Vincent\defogger_reenable
[2011.08.15 09:51:07 | 000,050,477 | ---- | C] () -- C:\Users\Vincent\Desktop\Defogger.exe
[2011.08.15 09:35:51 | 1071,702,016 | -HS- | C] () -- C:\hiberfil.sys
[2011.08.11 10:19:14 | 000,702,336 | ---- | C] () -- C:\Users\Vincent\Documents\931960285img5150122477l.jpg
[2011.08.10 14:15:34 | 000,006,192 | ---- | C] () -- C:\Users\Vincent\Documents\1401780-1247540871-Autobots.gif
[2011.08.10 14:12:51 | 000,003,615 | ---- | C] () -- C:\Users\Vincent\Documents\lens1465314_transformers.jpg
[2011.08.08 12:44:39 | 000,576,454 | ---- | C] () -- C:\Users\Vincent\Documents\6ae5b04e0386de8e96bbf848c3963964.jpg
[2011.08.08 10:03:27 | 000,128,318 | ---- | C] () -- C:\Users\Vincent\Documents\2291486256e48694a611ooy9.jpg
[2011.08.08 10:03:17 | 000,135,180 | ---- | C] () -- C:\Users\Vincent\Documents\22914859320c6d4f2d72oth0.jpg
[2011.08.08 10:02:41 | 000,091,031 | ---- | C] () -- C:\Users\Vincent\Documents\g55black.jpg
[2011.08.08 10:02:16 | 000,948,576 | ---- | C] () -- C:\Users\Vincent\Documents\5496425195_9dc56a7f0b_o.jpg
[2011.08.08 09:47:54 | 000,165,386 | ---- | C] () -- C:\Users\Vincent\Documents\dsc0201sa.jpg
[2011.08.08 09:47:41 | 000,150,872 | ---- | C] () -- C:\Users\Vincent\Documents\dsc0198do.jpg
[2011.08.08 09:34:36 | 000,000,918 | ---- | C] () -- C:\Users\Vincent\Desktop\OpenVPN GUI.lnk
[2011.08.08 08:26:00 | 000,339,920 | ---- | C] () -- C:\Users\Vincent\Documents\wallpaper-i1280x1024.jpg
[2011.07.22 09:26:31 | 002,087,556 | ---- | C] () -- C:\Users\Vincent\Documents\IMGP2715.JPG
[2011.07.22 09:26:19 | 002,099,679 | ---- | C] () -- C:\Users\Vincent\Documents\IMGP2701.JPG
[2011.05.24 23:23:30 | 000,000,344 | -H-- | C] () -- C:\ProgramData\43769592
[2009.09.24 11:46:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 11:46:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.11 00:29:04 | 000,007,052 | -H-- | C] () -- C:\Users\Vincent\AppData\Local\d3d9caps.dat
[2009.06.03 10:40:25 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009.02.07 00:41:35 | 000,000,553 | ---- | C] () -- C:\Windows\eReg.dat
[2009.01.27 14:22:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.10.31 18:58:57 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008.10.31 18:58:57 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008.10.31 18:58:57 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008.10.31 18:58:57 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008.10.31 18:58:57 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008.10.31 18:58:57 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008.10.31 18:58:57 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008.10.31 18:58:57 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008.10.31 18:58:57 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008.10.31 18:58:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008.10.31 18:58:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008.10.31 18:58:57 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008.10.31 18:58:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008.10.31 18:58:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008.10.31 18:58:57 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008.10.31 18:58:57 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008.10.31 18:58:57 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008.10.31 18:58:57 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.10.31 18:58:56 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008.10.31 18:49:55 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX7400DEFGIPS.ini
[2008.10.15 13:02:37 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.07.13 17:26:33 | 000,006,751 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008.07.04 12:48:12 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\C1E486C548.sys
[2008.07.04 12:48:11 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008.07.03 17:51:40 | 001,369,680 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2008.07.03 17:50:22 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008.02.18 14:20:44 | 000,002,476 | -H-- | C] () -- C:\Users\Vincent\AppData\Roaming\NMM-MetaData.db
[2007.12.11 14:49:32 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.10.31 17:08:19 | 000,013,015 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2007.10.31 17:08:17 | 004,229,496 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2007.08.19 19:03:46 | 000,394,240 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2007.08.19 19:03:45 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe
[2007.08.19 19:03:45 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2007.08.19 19:03:44 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe
[2007.08.19 19:03:44 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe
[2007.08.19 19:03:44 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe
[2007.06.28 19:30:55 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2007.06.25 13:01:38 | 000,000,238 | -H-- | C] () -- C:\Users\Vincent\AppData\Roaming\wklnhst.dat
[2007.06.18 20:03:14 | 000,084,268 | -H-- | C] () -- C:\Users\Vincent\AppData\Roaming\nvModes.001
[2007.06.18 18:03:30 | 000,115,200 | ---- | C] () -- C:\Users\Vincent\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.18 18:00:24 | 000,084,268 | -H-- | C] () -- C:\Users\Vincent\AppData\Roaming\nvModes.dat
[2007.06.06 09:32:52 | 000,002,699 | ---- | C] () -- C:\Windows\System32\d1wiaUiStr.bin
[2006.12.21 05:34:29 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006.11.29 09:32:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 17:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 001,684,128 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.09.19 09:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.09.19 09:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.03.10 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.12.07 13:31:00 | 000,202,752 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2005.05.08 06:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2011.04.21 10:39:45 | 000,000,000 | ---D | M] -- C:\Users\Vincent\AppData\Roaming\.minecraft
[2009.06.03 10:40:35 | 000,000,000 | -H-D | M] -- C:\Users\Vincent\AppData\Roaming\Atari
[2009.02.04 08:30:22 | 000,000,000 | -H-D | M] -- C:\Users\Vincent\AppData\Roaming\Clone2Go DVD to iPod Converter
[2010.03.07 20:08:03 | 000,000,000 | ---D | M] -- C:\Users\Vincent\AppData\Roaming\EPSON
[2011.05.25 09:27:14 | 000,000,000 | ---D | M] -- C:\Users\Vincent\AppData\Roaming\Facebook
[2011.05.25 09:27:14 | 000,000,000 | ---D | M] -- C:\Users\Vincent\AppData\Roaming\gtk-2.0
[2011.08.14 18:57:57 | 000,000,000 | ---D | M] -- C:\Users\Vincent\AppData\Roaming\ICQ
[2007.06.18 14:26:48 | 000,000,000 | -H-D | M] -- C:\Users\Vincent\AppData\Roaming\ICQ Toolbar
[2008.07.05 18:40:23 | 000,000,000 | -H-D | M] -- C:\Users\Vincent\AppData\Roaming\Leadertech
[2007.12.07 21:15:45 | 000,000,000 | -H-D | M] -- C:\Users\Vincent\AppData\Roaming\Nokia
[2007.12.07 21:07:23 | 000,000,000 | -H-D | M] -- C:\Users\Vincent\AppData\Roaming\PC Suite
[2008.07.03 17:50:03 | 000,000,000 | -H-D | M] -- C:\Users\Vincent\AppData\Roaming\ScanSoft
[2008.01.29 16:37:10 | 000,000,000 | -H-D | M] -- C:\Users\Vincent\AppData\Roaming\SlySoft
[2011.08.15 09:58:14 | 000,000,000 | ---D | M] -- C:\Users\Vincent\AppData\Roaming\stickies
[2007.06.25 13:01:49 | 000,000,000 | -H-D | M] -- C:\Users\Vincent\AppData\Roaming\Template
[2011.08.15 09:53:45 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.08.06 20:40:31 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9BB5E2AA-C05E-4E5A-92E4-9E4C19C017B3}.job
 
========== Purity Check ==========
 
 
 
< End of report >
--- --- ---


Vielen Dank für eure Hilfe!

Gruß Vincent

 

Themen zu Malware Protection Virus - Alles sauber?
0x00000001, autorun, avira, bho, bonjour, c:\windows\system32\cmd.exe, defender, error, excel, excel.exe, firefox, format, google, helper, home, launch, locker, logfile, malware, mozilla, mp3, nvlddmkm.sys, object, plug-in, port, registry, security, software, start menu, symantec, virus, vista, wscript.exe


« Trojaner: Umleitung nach Suchmaschine in FF & IE auf fremde Seiten | BKA Bundeskriminalamt Trojaner/Ukash: Wie entferne ich Überreste? »


Ähnliche Themen: Malware Protection Virus - Alles sauber?


  1. Ist alles sauber?
    Log-Analyse und Auswertung - 28.03.2014 (7)
  2. system progressive protection Ist jetz alles sauber?
    Log-Analyse und Auswertung - 17.01.2013 (7)
  3. Trojaner TR/PSW.Zbot.605 gelöscht. Jetzt alles sauber?
    Log-Analyse und Auswertung - 19.02.2012 (1)
  4. Privacy Protection mit rkill und tdsskiller behandelt. Alles sauber?
    Log-Analyse und Auswertung - 16.11.2011 (28)
  5. Malware Protection entfernen
    Anleitungen, FAQs & Links - 26.05.2011 (2)
  6. Digital Protection Virus trotz Malwarebytes' Anti-Malware
    Plagegeister aller Art und deren Bekämpfung - 01.05.2010 (5)
  7. alles sauber auf meinem pc ?
    Log-Analyse und Auswertung - 18.09.2009 (1)
  8. Alles sauber?
    Log-Analyse und Auswertung - 23.04.2009 (1)
  9. Trojanerbefall/Jetzt wieder alles sauber?
    Mülltonne - 09.08.2008 (0)
  10. Alles sauber? ...
    Plagegeister aller Art und deren Bekämpfung - 09.07.2007 (3)
  11. Ist alles noch sauber?
    Log-Analyse und Auswertung - 07.12.2006 (5)
  12. alles sauber jetzt?
    Log-Analyse und Auswertung - 03.07.2006 (2)
  13. Ist hier noch alles sauber?
    Log-Analyse und Auswertung - 16.03.2006 (5)
  14. Ist alles sauber?
    Log-Analyse und Auswertung - 24.02.2006 (17)
  15. alles sauber bei mir??
    Log-Analyse und Auswertung - 20.05.2005 (1)
  16. System neu aufgesetzt - Nun endlich alles sauber?
    Log-Analyse und Auswertung - 16.02.2005 (3)
  17. Alles sauber bis auf OpenConn.F
    Plagegeister aller Art und deren Bekämpfung - 15.12.2004 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Malware Protection Virus - Alles sauber? - Guten Morgen, ich hab mir diesen nervigen Malware Protection Virus eingefangen. Es hat sich dieses Fake Anti-Viren-Programm geöffnet und alle Programme wurden geblockt. Zusätzlich sind noch der Großteil meiner Dateien - Malware Protection Virus - Alles sauber?...
Archiv
Du betrachtest: Malware Protection Virus - Alles sauber? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130