Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner verschickt Emails?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Thema geschlossen
Alt 04.12.2011, 17:21   #1
green devil
 
Trojaner verschickt Emails? - Standard

Trojaner verschickt Emails?



Moin Moin,

als ich eben mein Emailpostfach kontrolliert habe, habe ich festgestellt, dass Emails mit folgendem Betreff und Inhalt:

Betreff: FWD: I DID IT!!!
Inhalt: Whats up whats up. I knew it was important to stay positive without this my life would be miserable ive committed myself to this just check it out no pressure hxxp://www.ecolopack.com.mx/profile/73KevinLee/ see you soon.

an verschiedene Kontakte geschickt worden sind.

Ich habe HijackThis drüber laufen lassen, Logfile siehe unten. Malwarebytes läuft derzeit noch durch und mein letzter Systemcheck mit meiner Securitysoftware (G Data Total Care 2012) verlief gestern Abend problemlos.

Wie soll ich weitermachen, bzw. besteht die Möglichkeit das weitere Kontos (Bankkonto etc.) gehacked werden?

Besten Dank für eure Hilfe

André

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:47:53, on 04.12.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\G Data\TotalCare\AVKTray\AVKTray.exe
C:\Program Files\G Data\TotalCare\Firewall\GDFirewallTray.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\PCTV Systems\RemoTerm\remoterm.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\program files\g data\totalcare\avk\avk.exe
C:\Windows\explorer.exe
C:\Users\Andre\Downloads\HiJackThis204.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll
O1 - Hosts: soundspectrum.com
O1 - Hosts: SoundSpectrum - artistic music visuals for your media player
O1 - Hosts: soundspectrum.com
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\TotalCare\WebFilter\AvkWebIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winload - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G Data BankGuard - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files\Common Files\G Data\AVKProxy\BanksafeBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\TotalCare\WebFilter\AvkWebIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\TotalCare\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G Data\TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [RemoTerm.exe] C:\Program Files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe
O4 - Global Startup: Nach Updates suchen.lnk = C:\Program Files\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup-Dienst (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVK\AVKService.exe
O23 - Service: G Data Dateisystem Wächter (AVKWCtl) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVK\AVKWCtl.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: G Data Backup Service (GDBackupSvc) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVKBackup\AVKBackupService.exe
O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files\G Data\TotalCare\Firewall\GDFwSvc.exe
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
O23 - Service: G Data Tuner Service (GDTunerSvc) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10816 bytes

Alt 04.12.2011, 19:30   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner verschickt Emails? - Standard

Trojaner verschickt Emails?



Bitte beachten => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html
__________________

__________________

Alt 04.12.2011, 20:17   #3
green devil
 
Trojaner verschickt Emails? - Standard

Trojaner verschickt Emails?



Nochmal Hallo und Sorry für das Missachten der Regeln,

war vorhin ein wenig in Eile und habe das schlichtweg überlesen...

Hier nun mein OTL Log, der Extra Log befindet sich im Angang.

Vielen Dank für eure Bemühungen.

André

OTL Log:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.12.2011 20:53:15 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Andre\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,87% Memory free
5,99 Gb Paging File | 4,52 Gb Available in Paging File | 75,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,16 Gb Total Space | 51,20 Gb Free Space | 36,01% Space Free | Partition Type: NTFS
Drive D: | 142,18 Gb Total Space | 135,07 Gb Free Space | 94,99% Space Free | Partition Type: NTFS
Drive G: | 50,00 Gb Total Space | 49,87 Gb Free Space | 99,74% Space Free | Partition Type: NTFS
Drive I: | 32,88 Gb Total Space | 25,12 Gb Free Space | 76,39% Space Free | Partition Type: NTFS
Drive J: | 931,51 Gb Total Space | 296,37 Gb Free Space | 31,82% Space Free | Partition Type: NTFS
Drive L: | 500,00 Gb Total Space | 75,89 Gb Free Space | 15,18% Space Free | Partition Type: NTFS
Drive M: | 500,00 Gb Total Space | 39,08 Gb Free Space | 7,82% Space Free | Partition Type: NTFS
Drive N: | 397,26 Gb Total Space | 232,40 Gb Free Space | 58,50% Space Free | Partition Type: NTFS
Drive O: | 150,00 Gb Total Space | 9,59 Gb Free Space | 6,39% Space Free | Partition Type: NTFS
 
Computer Name: ANDRE-PC | User Name: Andre | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.04 19:46:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andre\Desktop\OTL.exe
PRC - [2011.12.02 17:58:41 | 001,045,328 | ---- | M] (Flexera Software, Inc.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011.11.09 23:52:11 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.10.28 14:36:53 | 001,506,824 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2011.10.28 14:36:43 | 001,617,416 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\Firewall\GDFirewallTray.exe
PRC - [2011.10.28 14:36:11 | 000,457,536 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G Data\GDScan\GDScan.exe
PRC - [2011.10.28 02:40:14 | 001,554,184 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\AVK\AVKWCtl.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.10 13:20:28 | 001,613,424 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\Firewall\GDFwSvc.exe
PRC - [2011.05.11 11:18:59 | 000,923,144 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\AVKTray\AVKTray.exe
PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.03.04 19:56:12 | 000,381,448 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\AVK\AVKService.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.02.24 10:34:36 | 000,220,944 | ---- | M] (PCTV Systems S.à r.l.) -- C:\Programme\Common Files\PCTV Systems\RemoTerm\remoterm.exe
PRC - [2010.02.18 13:01:06 | 000,462,632 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2009.12.21 17:35:18 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009.03.30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2009.02.23 16:16:02 | 000,870,920 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.09 23:52:10 | 001,989,592 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll
MOD - [2009.02.27 15:39:29 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2003.06.07 13:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.02 17:58:41 | 001,045,328 | ---- | M] (Flexera Software, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.10.28 14:43:51 | 001,498,616 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Programme\G Data\TotalCare\AVKBackup\AVKBackupService.exe -- (GDBackupSvc)
SRV - [2011.10.28 14:36:53 | 001,506,824 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2011.10.28 14:36:11 | 000,457,536 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2011.10.28 02:40:14 | 001,554,184 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\G Data\TotalCare\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.10 13:20:28 | 001,613,424 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\G Data\TotalCare\Firewall\GDFwSvc.exe -- (GDFwSvc)
SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.05.20 02:40:34 | 000,960,504 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files\G Data\TotalCare\AVKTuner\AVKTunerService.exe -- (GDTunerSvc)
SRV - [2011.03.04 19:56:12 | 000,381,448 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\G Data\TotalCare\AVK\AVKService.exe -- (AVKService)
SRV - [2010.02.18 13:01:06 | 000,462,632 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.04 17:13:10 | 000,041,336 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2011.12.04 17:12:50 | 000,079,992 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2011.12.04 17:12:50 | 000,040,440 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2011.12.04 17:12:49 | 000,054,648 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd)
DRV - [2011.10.17 19:12:17 | 000,030,256 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\GRD.sys -- (GRD)
DRV - [2011.10.13 06:02:23 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.10.10 14:14:21 | 000,084,512 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vsflt58.sys -- (vidsflt58) Acronis Disk Storage Filter (58)
DRV - [2011.10.10 14:14:16 | 000,076,768 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\fltsrv.sys -- (fltsrv)
DRV - [2011.10.09 20:53:56 | 000,049,016 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV - [2011.10.09 20:52:17 | 000,029,400 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GdNetMon32.sys -- (GdNetMon)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.02 17:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.08.24 08:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\serial.sys -- (Serial)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2008.11.21 21:07:00 | 007,451,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.10.08 09:43:08 | 000,005,632 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidshim.sys -- (hidshim)
DRV - [2008.10.08 09:43:06 | 000,022,528 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys -- (nuvotonhidgeneric)
DRV - [2008.09.25 04:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2007.09.24 13:46:24 | 000,433,664 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctv4XXe.sys -- (PCTV)
DRV - [2006.11.28 15:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.05.03 21:40:42 | 000,390,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd.sys -- (snpstd)
DRV - [1997.06.27 05:33:00 | 000,064,512 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\sentinel.SYS -- (SENTINEL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.09 23:52:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.10.10 13:47:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andre\AppData\Roaming\mozilla\Extensions
[2011.11.19 18:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andre\AppData\Roaming\mozilla\Firefox\Profiles\swidoxwj.default\extensions
[2011.11.19 18:57:49 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Andre\AppData\Roaming\mozilla\Firefox\Profiles\swidoxwj.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.12.04 17:12:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.04 17:12:49 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2011.12.04 17:12:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2011.12.04 17:12:49 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{906305F7-AAFC-45E9-8BBD-941950A84DAD}
[2011.11.09 23:52:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = hxxp://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
 
O1 HOSTS File: ([2011.11.18 20:55:07 | 000,001,437 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: soundspectrum.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: SoundSpectrum - artistic music visuals for your media player
O1 - Hosts: soundspectrum.com
O1 - Hosts: 127.0.0.1 secure.disc-soft.com 
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\TotalCare\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\TotalCare\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [RemoTerm.exe] C:\Programme\Common Files\PCTV Systems\RemoTerm\remoterm.exe (PCTV Systems S.à r.l.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.6.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0D44C06-0796-4C42-8CE4-4A97DE546AF3}: DhcpNameServer = 10.0.6.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD8AF39C-FA0F-43E0-9D93-04518E4FC3D6}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0233D7D-9FEE-482E-97A0-8B92EC543B1A}: DhcpNameServer = 139.13.30.65
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) -C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\F\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\F\Shell\install\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {121374FD-01EE-0AC9-DD20-60E7DEF850C1} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5743D567-BDBC-2C9C-C4A3-B904A1F67D3E} - Internet Explorer
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {DBC83924-8347-F086-E863-33FD0165B938} - Internet Explorer
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F1274DDC-9028-C55E-E069-D0DCD93C79A3} - Browser Customizations
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: Connectify - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NBAgent - hkey= - key= - C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: snpstd - hkey= - key= - C:\Windows\vsnpstd.exe ()
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.04 20:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2011.12.04 20:30:37 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\E8D0C297-324A-4218-B5B8-6BA8D5D27442
[2011.12.04 20:30:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.12.04 19:45:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Andre\Desktop\OTL.exe
[2011.12.04 17:45:43 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Malwarebytes
[2011.12.04 17:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.04 17:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.04 17:45:24 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.04 17:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.04 17:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011.12.04 17:16:04 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{B709CB73-FC67-462E-A7E8-F7B136327677}
[2011.12.04 15:50:04 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{E6A3128D-37EE-4796-85EE-F9C6C5658F47}
[2011.12.02 17:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Enfocus
[2011.12.02 17:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Enfocus Software
[2011.12.02 17:00:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\SettingsConfigurator
[2011.12.02 17:00:30 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Enfocus Prefs Folder
[2011.12.02 17:00:26 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\PitStop Extreme
[2011.12.02 17:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Enfocus Prefs Folder
[2011.12.02 17:00:24 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\EskoArtwork
[2011.12.02 16:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\Enfocus
[2011.11.30 21:15:08 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\IHS_Fairplay
[2011.11.30 18:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ports and Terminals Guide 2011
[2011.11.30 18:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\IHS
[2011.11.30 18:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\IHS
[2011.11.29 20:56:08 | 000,000,000 | ---D | C] -- C:\Users\Andre\Documents\StreamTransport
[2011.11.29 19:23:22 | 000,000,000 | ---D | C] -- C:\Users\Andre\Application Data
[2011.11.29 17:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
[2011.11.29 17:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\StreamTransport
[2011.11.28 21:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\TryEcdis
[2011.11.21 10:20:01 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\redsn0w
[2011.11.20 19:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NauticTools
[2011.11.20 19:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\NauticTools
[2011.11.20 19:09:27 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NauticTools
[2011.11.19 20:27:29 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\DivX
[2011.11.19 18:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011.11.19 18:57:04 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Conduit
[2011.11.19 18:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\Winload
[2011.11.19 18:16:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\desktop-education-icons ico
[2011.11.19 17:51:58 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Hulubulu
[2011.11.19 17:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Renamer
[2011.11.19 17:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced Renamer
[2011.11.19 13:46:44 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TryEcdis
[2011.11.19 11:04:14 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
[2011.11.19 10:51:15 | 000,347,656 | ---- | C] (Dritek System Inc.) -- C:\Windows\UNINST32.EXE
[2011.11.18 22:15:29 | 000,000,000 | ---D | C] -- C:\Users\Andre\Desktop\Programme Nautikstudium
[2011.11.18 20:55:22 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\SoundSpectrum
[2011.11.18 20:52:19 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhiteCap
[2011.11.18 20:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\SoundSpectrum
[2011.11.17 19:04:09 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Skype
[2011.11.17 19:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.11.17 19:03:47 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011.11.17 19:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011.11.16 18:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tsunamis '99
[2011.11.16 18:43:15 | 000,377,624 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\sstbars.ocx
[2011.11.16 18:43:15 | 000,324,376 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\SSTree.ocx
[2011.11.16 18:43:15 | 000,305,432 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\Threed20.ocx
[2011.11.16 18:43:15 | 000,154,392 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\Splitter.ocx
[2011.11.16 18:43:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\RNBOSENT
[2011.11.16 18:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Transas Shared
[2011.11.16 18:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\Transas
[2011.11.16 18:43:07 | 000,000,000 | ---D | C] -- C:\tcwf
[2011.11.14 07:01:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.11.13 16:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radarplot
[2011.11.13 16:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Radarplot
[2011.11.13 14:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Morsetrainer
[2011.11.13 14:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\Projekt1
[2011.11.13 13:04:00 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Buhl Data Service
[2011.11.13 13:03:22 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Buhl Data Service
[2011.11.13 13:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\DataDesign
[2011.11.13 13:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\Letstrade
[2011.11.13 13:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Buhl Data Service
[2011.11.13 12:58:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH
[2011.11.13 09:41:42 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{6B250D70-6AF2-41DD-8DDA-C311F8251671}
[2011.11.12 18:58:26 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{8229848E-3E51-4DD7-A87C-111FFB948731}
[2011.11.11 06:51:59 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{138CF936-9A7B-4DE4-A6B1-AEEB31AD6029}
[2011.11.10 18:54:25 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{74AE5361-8FFF-43C2-B539-63410C5DEA99}
[2011.11.10 06:50:02 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{FB2F801E-59BA-4F5B-85A5-3A0C91DFE26D}
[2011.11.09 08:32:27 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\ElevatedDiagnostics
[2011.11.09 08:05:58 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{8D428A37-7593-48DD-AB09-3DD7EA5A6556}
[2011.11.08 19:27:46 | 000,000,000 | R--D | C] -- C:\Users\Andre\AppData\Roaming\Brother
[2011.11.08 19:26:21 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{8E2D89D0-B857-44F8-8402-0E01CC521A9A}
[2011.11.08 19:20:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2011.11.08 19:19:53 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BroSNMP.dll
[2011.11.08 19:19:53 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2L.dll
[2011.11.08 19:19:52 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2.dll
[2011.11.08 19:19:52 | 000,012,288 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2S.dll
[2011.11.08 19:19:51 | 001,534,464 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrWia09b.dll
[2011.11.08 19:19:51 | 000,053,760 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrUsi09a.dll
[2011.11.08 19:19:45 | 000,167,936 | ---- | C] (brother) -- C:\Windows\System32\NSSearch.dll
[2011.11.08 19:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2011.11.08 19:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2011.11.08 19:18:35 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\InstallShield
[2011.11.08 17:56:01 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{FE2DBC82-55B3-4F02-B14D-AE07FD74D59B}
[2011.11.08 08:06:06 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{1EE1BDCD-38AF-491F-B5DD-13B3DFEC8C31}
[2011.11.07 18:00:32 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{CC27D423-F93A-41CB-9E08-97BDA8C24387}
[2011.11.07 13:47:29 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{4A4132D7-8671-439E-95EF-A194BF6543D2}
[2011.11.07 06:53:01 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{9B50E46A-2710-4AD2-B652-499788427C9A}
[2011.11.06 09:14:21 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{949D6187-D988-49E6-8532-CBF5B5BC92F9}
[2011.11.05 19:10:07 | 000,000,000 | ---D | C] -- C:\Users\Andre\Desktop\Von Desktop
[2011.11.05 14:26:08 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.11.05 14:15:01 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{F5C09B98-9B59-4414-AE1E-33BD1874EC34}
[2011.11.05 14:14:46 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{42E789F4-0D51-4BB7-B2FD-FA3560BAF199}
[2011.11.05 14:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\Connectify
[2011.11.05 13:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Connectify
[2011.11.05 13:53:10 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{E1B963D2-E5BE-4FA5-9053-1AC6136B6D90}
[2011.11.05 12:55:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011.11.05 12:53:19 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{1284736E-99DF-4AAF-A9E2-AB161162DD33}
[2011.11.05 12:25:11 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{C60E59FB-44D4-43F0-AD72-C9171557E39A}
[2011.11.05 11:29:13 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Roaming\Apple Computer
[2011.11.05 11:29:13 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Apple Computer
[2011.11.05 11:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.11.05 11:29:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011.11.05 11:27:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.11.05 11:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.11.05 11:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.11.05 11:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.11.05 11:27:20 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Apple
[2011.11.05 11:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011.11.05 11:25:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.11.05 11:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011.11.05 11:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011.11.05 10:30:14 | 000,000,000 | ---D | C] -- C:\Users\Andre\Documents\Outlook-Dateien
[2011.11.05 09:53:03 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{B8564540-A093-490E-BFD2-0AB248715ABC}
[2011.11.05 09:37:54 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{435117A1-65BD-4AC0-A3AE-9D08FFDCB377}
[2011.11.05 09:35:03 | 000,027,248 | ---- | C] (Connectify) -- C:\Windows\System32\drivers\cnnctfy2.sys
[2011.11.05 09:27:28 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Diagnostics
[2011.11.05 09:21:26 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{4BE12525-2643-4B28-968B-D0851E6ED8E1}
[2011.11.05 09:18:41 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\Chris_Pietschmann_(http__
[2011.11.05 09:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Router
[2011.11.05 08:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP
[2011.11.05 08:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2011.11.05 08:27:59 | 000,000,000 | ---D | C] -- C:\Users\Andre\AppData\Local\{9986D621-7390-4CED-9A97-61B054080621}
[2011.10.20 16:14:09 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd.dll
[2011.10.20 16:14:08 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd.dll
[2005.04.20 23:16:28 | 000,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.04 20:49:48 | 000,000,020 | ---- | M] () -- C:\Users\Andre\defogger_reenable
[2011.12.04 20:48:24 | 000,050,477 | ---- | M] () -- C:\Users\Andre\Desktop\Defogger.exe
[2011.12.04 20:46:40 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011.12.04 20:41:42 | 000,021,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.04 20:41:42 | 000,021,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.04 20:34:28 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.04 20:34:27 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2011.12.04 20:34:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.04 20:34:08 | 2411,888,640 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.04 20:12:18 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.04 19:56:59 | 000,476,427 | ---- | M] () -- C:\Windows\System32\sig.bin
[2011.12.04 19:56:59 | 000,034,700 | ---- | M] () -- C:\Windows\System32\nmp.map
[2011.12.04 19:46:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andre\Desktop\OTL.exe
[2011.12.04 17:45:31 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.04 17:13:10 | 000,041,336 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2011.12.04 17:12:50 | 000,079,992 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2011.12.04 17:12:50 | 000,040,440 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2011.12.04 17:12:49 | 000,054,648 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2011.12.04 09:05:39 | 000,696,416 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.04 09:05:39 | 000,651,694 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.04 09:05:39 | 000,147,680 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.04 09:05:39 | 000,120,626 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.02 22:40:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2011.12.02 17:35:13 | 004,780,637 | ---- | M] () -- C:\Users\Andre\Desktop\admiralty-list-of-radio-sig....pdf
[2011.11.30 19:44:37 | 000,180,040 | ---- | M] () -- C:\Users\Andre\Desktop\pruefungsplan_ws11.pdf
[2011.11.29 21:34:28 | 181,998,082 | ---- | M] () -- C:\Users\Andre\Documents\Die Jet-Setter in Dubai  Teil 1 von 3  Die Geissens  Video  RTL2 Mediathek.flv
[2011.11.29 21:20:23 | 074,995,025 | ---- | M] () -- C:\Users\Andre\Documents\Die Jet-Setter in Dubai  Teil 2 von 3  Die Geissens  Video  RTL2 Mediathek.flv
[2011.11.29 20:56:24 | 048,854,468 | ---- | M] () -- C:\Users\Andre\Desktop\Deckblatt Funktecnische Reiseplanung.psd
[2011.11.29 19:33:11 | 026,870,498 | ---- | M] () -- C:\Users\Andre\Documents\Die Jet-Setter in Dubai  Teil 3 von 3  Die Geissens  Video  RTL2 Mediathek.flv
[2011.11.29 19:03:26 | 019,065,830 | ---- | M] () -- C:\Users\Andre\Desktop\NASE SHIPPING bearbeitet.psd
[2011.11.29 18:55:17 | 019,090,195 | ---- | M] () -- C:\Users\Andre\Desktop\NASE SHIPPING.psd
[2011.11.29 18:31:50 | 000,027,711 | ---- | M] () -- C:\Users\Andre\Desktop\Alam Sakti.pdf
[2011.11.29 18:28:59 | 002,219,032 | ---- | M] () -- C:\Users\Andre\Desktop\IkanJebuh.jpg
[2011.11.29 18:02:51 | 138,624,299 | ---- | M] () -- C:\Users\Andre\Documents\Die Jet-Setter in Athen  Teil 2 von 3  Die Geissens  Video  RTL2 Mediathek.flv
[2011.11.29 17:34:58 | 060,803,562 | ---- | M] () -- C:\Users\Andre\Documents\Die Jet-Setter in Athen  Teil 1 von 3  Die Geissens  Video  RTL2 Mediathek.flv
[2011.11.29 17:24:47 | 017,072,489 | ---- | M] () -- C:\Users\Andre\Documents\Die Jet-Setter in Athen  Teil 3 von 3  Die Geissens  Video  RTL2 Mediathek.flv
[2011.11.28 21:14:01 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\TryEcdis!.lnk
[2011.11.24 11:12:05 | 001,070,918 | ---- | M] () -- C:\Users\Andre\Desktop\Deckblatt Bürokauffrau.jpg
[2011.11.22 20:31:00 | 000,097,766 | ---- | M] () -- C:\Users\Andre\Desktop\Screenshot Single Turn POB.jpg
[2011.11.21 10:17:03 | 014,188,871 | ---- | M] () -- C:\Users\Andre\Desktop\Screenshots ECDIS.psd
[2011.11.20 19:09:52 | 000,001,005 | ---- | M] () -- C:\Users\Andre\Desktop\NauticTools.lnk
[2011.11.19 11:04:17 | 000,000,083 | ---- | M] () -- C:\Windows\LManager.UNI
[2011.11.18 22:18:58 | 000,000,000 | ---- | M] () -- C:\Windows\Setup.INI
[2011.11.15 20:00:23 | 000,000,065 | ---- | M] () -- C:\Users\Andre\.radarplot
[2011.11.15 20:00:02 | 000,000,000 | ---- | M] () -- C:\Users\Andre\.gtk-bookmarks
[2011.11.15 16:28:50 | 001,610,977 | ---- | M] () -- C:\Users\Andre\Desktop\SCAN0013.PDF
[2011.11.10 06:48:37 | 002,337,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.11.08 19:20:50 | 000,000,050 | ---- | M] () -- C:\Windows\System32\bridf07a.dat
[2011.11.08 19:20:47 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011.11.08 19:20:47 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2011.11.06 21:29:12 | 000,038,251 | ---- | M] () -- C:\Users\Andre\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2011.11.05 14:26:03 | 289,358,270 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.11.05 14:21:38 | 000,000,600 | ---- | M] () -- C:\Users\Andre\AppData\Roaming\winscp.rnd
[2011.11.05 09:35:03 | 000,027,248 | ---- | M] (Connectify) -- C:\Windows\System32\drivers\cnnctfy2.sys
 
========== Files Created - No Company Name ==========
 
[2011.12.04 20:48:58 | 000,000,020 | ---- | C] () -- C:\Users\Andre\defogger_reenable
[2011.12.04 20:48:23 | 000,050,477 | ---- | C] () -- C:\Users\Andre\Desktop\Defogger.exe
[2011.12.04 17:45:31 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.02 22:40:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2011.12.02 17:34:30 | 004,780,637 | ---- | C] () -- C:\Users\Andre\Desktop\admiralty-list-of-radio-sig....pdf
[2011.12.02 16:56:08 | 000,000,196 | ---- | C] () -- C:\Users\Andre\AppData\Roaming\PitStop Extreme Prefs
[2011.11.30 19:44:37 | 000,180,040 | ---- | C] () -- C:\Users\Andre\Desktop\pruefungsplan_ws11.pdf
[2011.11.29 20:59:06 | 074,995,025 | ---- | C] () -- C:\Users\Andre\Documents\Die Jet-Setter in Dubai  Teil 2 von 3  Die Geissens  Video  RTL2 Mediathek.flv
[2011.11.29 20:58:05 | 181,998,082 | ---- | C] () -- C:\Users\Andre\Documents\Die Jet-Setter in Dubai  Teil 1 von 3  Die Geissens  Video  RTL2 Mediathek.flv
[2011.11.29 19:22:00 | 026,870,498 | ---- | C] () -- C:\Users\Andre\Documents\Die Jet-Setter in Dubai  Teil 3 von 3  Die Geissens  Video  RTL2 Mediathek.flv
[2011.11.29 19:05:41 | 048,854,468 | ---- | C] () -- C:\Users\Andre\Desktop\Deckblatt Funktecnische Reiseplanung.psd
[2011.11.29 19:03:24 | 019,065,830 | ---- | C] () -- C:\Users\Andre\Desktop\NASE SHIPPING bearbeitet.psd
[2011.11.29 18:43:16 | 019,090,195 | ---- | C] () -- C:\Users\Andre\Desktop\NASE SHIPPING.psd
[2011.11.29 18:31:50 | 000,027,711 | ---- | C] () -- C:\Users\Andre\Desktop\Alam Sakti.pdf
[2011.11.29 18:28:57 | 002,219,032 | ---- | C] () -- C:\Users\Andre\Desktop\IkanJebuh.jpg
[2011.11.29 17:36:25 | 138,624,299 | ---- | C] () -- C:\Users\Andre\Documents\Die Jet-Setter in Athen  Teil 2 von 3  Die Geissens  Video  RTL2 Mediathek.flv
[2011.11.29 17:17:08 | 017,072,489 | ---- | C] () -- C:\Users\Andre\Documents\Die Jet-Setter in Athen  Teil 3 von 3  Die Geissens  Video  RTL2 Mediathek.flv
[2011.11.29 17:15:17 | 060,803,562 | ---- | C] () -- C:\Users\Andre\Documents\Die Jet-Setter in Athen  Teil 1 von 3  Die Geissens  Video  RTL2 Mediathek.flv
[2011.11.28 21:14:01 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\TryEcdis!.lnk
[2011.11.24 11:11:57 | 001,070,918 | ---- | C] () -- C:\Users\Andre\Desktop\Deckblatt Bürokauffrau.jpg
[2011.11.22 20:30:52 | 000,097,766 | ---- | C] () -- C:\Users\Andre\Desktop\Screenshot Single Turn POB.jpg
[2011.11.20 19:09:27 | 000,001,005 | ---- | C] () -- C:\Users\Andre\Desktop\NauticTools.lnk
[2011.11.20 15:32:04 | 014,188,871 | ---- | C] () -- C:\Users\Andre\Desktop\Screenshots ECDIS.psd
[2011.11.19 10:52:39 | 000,000,083 | ---- | C] () -- C:\Windows\LManager.UNI
[2011.11.18 22:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\Setup.INI
[2011.11.16 18:43:16 | 000,209,672 | ---- | C] () -- C:\Windows\System32\VsVIEW3.ocx
[2011.11.16 18:43:15 | 000,064,512 | ---- | C] () -- C:\Windows\System32\drivers\sentinel.SYS
[2011.11.16 18:43:15 | 000,052,736 | ---- | C] () -- C:\Windows\System32\drivers\Ssipddp.sys
[2011.11.16 18:43:15 | 000,047,616 | ---- | C] () -- C:\Windows\System32\drivers\Ssipddpm.sys
[2011.11.16 18:43:15 | 000,040,601 | ---- | C] () -- C:\Windows\System32\Ssiact.386
[2011.11.16 18:43:14 | 000,064,868 | ---- | C] () -- C:\Windows\System32\Sentinel.vxd
[2011.11.15 20:00:23 | 000,000,065 | ---- | C] () -- C:\Users\Andre\.radarplot
[2011.11.13 18:52:23 | 000,000,000 | ---- | C] () -- C:\Users\Andre\.gtk-bookmarks
[2011.11.08 19:20:50 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2011.11.08 19:20:47 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.11.08 19:20:47 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.11.05 14:26:03 | 289,358,270 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.11.05 11:27:17 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.11.05 10:31:14 | 000,038,251 | ---- | C] () -- C:\Users\Andre\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2011.11.05 08:37:34 | 000,000,600 | ---- | C] () -- C:\Users\Andre\AppData\Roaming\winscp.rnd
[2011.10.20 16:14:31 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsnpstd.dll
[2011.10.20 16:14:31 | 000,015,541 | ---- | C] () -- C:\Windows\snpstd.ini
[2011.10.10 12:12:37 | 000,476,427 | ---- | C] () -- C:\Windows\System32\sig.bin
[2011.04.12 02:30:05 | 000,696,416 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 02:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 02:30:05 | 000,147,680 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 02:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.11.20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.01.18 12:42:06 | 000,034,666 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 002,337,504 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,651,694 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,120,626 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.09.06 01:01:22 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007.08.23 17:55:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2006.05.03 21:40:42 | 000,390,784 | ---- | C] () -- C:\Windows\System32\drivers\snpstd.sys
[2005.10.11 19:54:48 | 000,339,968 | ---- | C] () -- C:\Windows\vsnpstd.exe
[2005.02.02 01:29:12 | 000,020,480 | ---- | C] () -- C:\Windows\usnpstd.exe
[2002.07.24 03:52:36 | 000,032,768 | ---- | C] () -- C:\Windows\System32\inpout32.dll
 
========== LOP Check ==========
 
[2011.10.10 14:14:35 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\7508E511-E65F-4F2E-B4BF-BE92A47D0E5F
[2011.10.10 14:21:03 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Acronis
[2011.11.19 19:44:21 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\AllDup
[2011.11.13 13:04:00 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Buhl Data Service
[2011.10.12 22:15:32 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\DAEMON Tools Lite
[2011.10.13 06:33:00 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\DAEMON Tools Pro
[2011.12.04 20:30:40 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\E8D0C297-324A-4218-B5B8-6BA8D5D27442
[2011.12.02 18:03:16 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Enfocus Prefs Folder
[2011.12.02 17:00:30 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\EskoArtwork
[2011.11.19 17:51:58 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\Hulubulu
[2011.12.02 18:03:03 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\PitStop Extreme
[2011.11.21 10:20:01 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\redsn0w
[2011.11.18 20:56:38 | 000,000,000 | ---D | M] -- C:\Users\Andre\AppData\Roaming\SoundSpectrum
[2011.12.04 20:34:27 | 000,000,264 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2009.07.14 05:53:46 | 000,030,368 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.01.01 19:51:32 | 000,000,000 | -HSD | M] -- C:\#GDATA.Trash.Store#
[2011.11.14 07:01:28 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.01.01 13:00:48 | 000,000,000 | ---D | M] -- C:\Acer
[2011.01.01 21:33:25 | 000,000,000 | ---D | M] -- C:\Book
[2011.10.06 18:49:01 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.01.01 13:12:11 | 000,000,000 | ---D | M] -- C:\CLSetup
[2011.12.04 20:33:51 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.01.01 12:56:53 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.01.23 04:52:21 | 000,000,000 | ---D | M] -- C:\Elements
[2008.11.11 04:39:10 | 000,000,000 | ---D | M] -- C:\Intel
[2011.10.20 16:12:55 | 000,000,000 | ---D | M] -- C:\Medion
[2011.01.01 20:07:50 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.04 20:33:51 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.04 20:31:12 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.01.01 12:56:53 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.10.06 19:13:34 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.12.04 20:56:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.11.16 18:43:07 | 000,000,000 | ---D | M] -- C:\tcwf
[2011.10.13 09:19:45 | 000,000,000 | ---D | M] -- C:\Temp
[2011.10.09 21:02:06 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.02 23:17:33 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2010.11.20 22:29:19 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011.04.25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-02 16:02:51

< End of report >
         
--- --- ---
__________________
Angehängte Dateien
Dateityp: txt Extras.Txt (55,1 KB, 227x aufgerufen)

Alt 04.12.2011, 21:02   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner verschickt Emails? - Standard

Trojaner verschickt Emails?



Zitat:
Malwarebytes läuft derzeit noch durch und mein letzter Systemcheck
Alle Logs von Malwarebytes bitte auch posten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.12.2011, 21:50   #5
green devil
 
Trojaner verschickt Emails? - Standard

Trojaner verschickt Emails?



Hier der Malwarebyte Logfile:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8309

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

04.12.2011 22:44:20
mbam-log-2011-12-04 (22-44-20).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 187161
Laufzeit: 5 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


LG

André


Alt 05.12.2011, 08:29   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner verschickt Emails? - Standard

Trojaner verschickt Emails?



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
--> Trojaner verschickt Emails?

Alt 05.12.2011, 09:04   #7
green devil
 
Trojaner verschickt Emails? - Standard

Trojaner verschickt Emails?



Hier noch ein Log aus Malwarebytes... Hatte die ausführliche
Suche jedoch beendet, da es mir zu lange gedauert hat und
ich gelesen haben, dass ein QuickSearch oftmals ausreicht.
Was meint ihr dazu?

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8309

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

04.12.2011 20:21:17
mbam-log-2011-12-04 (20-21-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|I:\|J:\|L:\|M:\|N:\|O:\|)
Durchsuchte Objekte: 233471
Laufzeit: 2 Stunde(n), 31 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\***\autoloader_dt_loader_0.4.exe (Trojan.Swisyn) -> Quarantined and deleted successfully.

Und ein so genannten protection log:

17:48:41 Andre MESSAGE Protection started successfully
17:48:48 Andre MESSAGE IP Protection started successfully
20:34:40 Andre MESSAGE Protection started successfully
20:34:44 Andre MESSAGE IP Protection started successfully
23:12:57 Andre MESSAGE Protection started successfully
23:13:01 Andre MESSAGE IP Protection started successfully


LG

André

Geändert von green devil (05.12.2011 um 09:16 Uhr)

Alt 05.12.2011, 11:52   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner verschickt Emails? - Standard

Trojaner verschickt Emails?



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.12.2011, 08:09   #9
green devil
 
Trojaner verschickt Emails? - Standard

Trojaner verschickt Emails?



Moin Moin Arne, hier nun der Logfile von ESET.
Nochmals Vielen Dank für Deine bisherigen Bemühungen.

LG

André

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=53ba1e45ac99a442b21c42fef9a54d19
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-05 06:06:32
# local_time=2011-12-05 07:06:32 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 95667 95667 0 0
# compatibility_mode=4096 16777215 100 0 4922326 4922326 0 0
# compatibility_mode=5893 16776573 100 94 27416 74739057 0 0
# compatibility_mode=8192 67108863 100 0 4173 4173 0 0
# scanned=1667
# found=0
# cleaned=0
# scan_time=526
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=53ba1e45ac99a442b21c42fef9a54d19
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-06 07:46:02
# local_time=2011-12-06 08:46:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 96746 96746 0 0
# compatibility_mode=4096 16777215 100 0 4923405 4923405 0 0
# compatibility_mode=5893 16776573 100 94 3796 74740136 0 0
# compatibility_mode=8192 67108863 100 0 5252 5252 0 0
# scanned=677323
# found=15
# cleaned=0
# scan_time=48617
C:\Users\Andre\AppData\Local\Mozilla\Firefox\Profiles\swidoxwj.default\Cache\3\B4\3413Fd01	HTML/ScrInject.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
J:\Installs Stand 01-02-2011\A\Adobe CS3\KeyGen\Keygen.exe	a variant of Win32/Keygen.AH application (unable to clean)	00000000000000000000000000000000	I
J:\Installs Stand 01-02-2011\A\AdobeAcrobat90-93_Crack(EDGE)\keygen.exe	probably a variant of Win32/Agent.DQPHVKD trojan (unable to clean)	00000000000000000000000000000000	I
J:\Installs Stand 01-02-2011\I\installer_vmware_workstation_6_0_build_44426_Deutsch_Deutsch.exe	Win32/Toggle application (unable to clean)	00000000000000000000000000000000	I
J:\Installs Stand 01-02-2011\N\Nero.9.Reloaded.v9.4.17.0.MULTiLANGUAGE.DVD-RESTORE\BackItUp and Burn\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
J:\Installs Stand 01-02-2011\S\Sony.Vegas.PRO.9.0.3-WinAll.Incl.KeyGen\Sony Vegas PRO 9.0.3 (32 Bit)\Sony.Vegas.PRO.9.0.3.WinAll.Incl.KeyGen\Sony_VegasPro8_DVDArchitect45_SoundForge9_CRACK.exe	probably a variant of Win32/Agent.BCOVDCM trojan (unable to clean)	00000000000000000000000000000000	I
J:\Installs Stand 01-02-2011\V\VMware Workstation 7.0 build 203739\VMware.Workstation.v7.0.0.203739.Keymaker-EMBRACE.exe	a variant of Win32/Keygen.BN application (unable to clean)	00000000000000000000000000000000	I
J:\Installs Stand 01-02-2011\V\VMware Workstation 7.1.3 Build 324285 UPLOAD\keygen.exe	a variant of Win32/Keygen.BN application (unable to clean)	00000000000000000000000000000000	I
J:\Installs Stand 01-02-2011\W\Winrar3.93_Final_x32-x64_-Reg-aktiviert\Winrar3.93 Final x32-x64 -Reg-aktiviert\Keygen(FFF)\Keygen.exe	a variant of Win32/Keygen.AI application (unable to clean)	00000000000000000000000000000000	I
N:\SoftonicDownloader25726.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
N:\Die Sims 3\Erweiterungspacks\Die Sims 3.iso	probably a variant of Win32/Hupigon.CJKIBCX trojan (unable to clean)	00000000000000000000000000000000	I
N:\Partition C gesichert 01-01-2011\Program Files\Acer Arcade Deluxe\PlayMovie\VideoFilter\cl264dec.ax	probably a variant of Win32/Hupigon.DCPCEC trojan (unable to clean)	00000000000000000000000000000000	I
N:\Partition C gesichert 01-01-2011\Program Files\Acer Arcade Deluxe\PlayMovie\VideoFilter\cldabc.dll	probably a variant of Win32/Hupigon.EFSSZFA trojan (unable to clean)	00000000000000000000000000000000	I
N:\Partition C gesichert 01-01-2011\Program Files\Acer Arcade Deluxe\PlayMovie\VideoFilter\cldorz.dll	probably a variant of Win32/Hupigon.KQQLKZT trojan (unable to clean)	00000000000000000000000000000000	I
N:\Partition C gesichert 01-01-2011\Users\André\AppData\Local\Temp\NERO1002529\unit_app_75\Toolbar.exe	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
         

Alt 06.12.2011, 08:20   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner verschickt Emails? - Standard

Trojaner verschickt Emails?



Zitat:
J:\Installs Stand 01-02-2011\A\Adobe CS3\KeyGen\Keygen.exe a variant of Win32/Keygen.AH application (unable to clean) 00000000000000000000000000000000 I
J:\Installs Stand 01-02-2011\A\AdobeAcrobat90-93_Crack(EDGE)\keygen.exe probably a variant of Win32/Agent.DQPHVKD trojan (unable to clean) 00000000000000000000000000000000 I
J:\Installs Stand 01-02-2011\I\installer_vmware_workstation_6_0_build_44426_Deutsch_Deutsch.exe Win32/Toggle application (unable to clean) 00000000000000000000000000000000 I
J:\Installs Stand 01-02-2011\N\Nero.9.Reloaded.v9.4.17.0.MULTiLANGUAGE.DVD-RESTORE\BackItUp and Burn\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
J:\Installs Stand 01-02-2011\S\Sony.Vegas.PRO.9.0.3-WinAll.Incl.KeyGen\Sony Vegas PRO 9.0.3 (32 Bit)\Sony.Vegas.PRO.9.0.3.WinAll.Incl.KeyGen\Sony_VegasPro8_DVDArchitect45_SoundForge9_CRACK.exe probably a variant of Win32/Agent.BCOVDCM trojan (unable to clean) 00000000000000000000000000000000 I
J:\Installs Stand 01-02-2011\V\VMware Workstation 7.0 build 203739\VMware.Workstation.v7.0.0.203739.Keymaker-EMBRACE.exe a variant of Win32/Keygen.BN application (unable to clean) 00000000000000000000000000000000 I
J:\Installs Stand 01-02-2011\V\VMware Workstation 7.1.3 Build 324285 UPLOAD\keygen.exe a variant of Win32/Keygen.BN application (unable to clean) 00000000000000000000000000000000 I
J:\Installs Stand 01-02-2011\W\Winrar3.93_Final_x32-x64_-Reg-aktiviert\Winrar3.93 Final x32-x64 -Reg-aktiviert\Keygen(FFF)\Keygen.exe a variant of Win32/Keygen.AI application (unable to clean) 00000000000000000000000000000000 I



Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.12.2011, 12:12   #11
green devil
 
Trojaner verschickt Emails? - Standard

Trojaner verschickt Emails?



Da habe ich aber keine Aktien drinne!!! Der Laufwerkbuchstabe J bezieht sich auf die Festplatte von nem Kommilitonen, dem ich gerade alle Unterlagen aus meinem Semester zuspiele, da dieser ein halbes Jahr im Ausland war...

Ist das Problem damit gelöst, dass ich die Platte einfach wieder abstöpsel oder sitzt die Sch***e jetzt in meinem System fest?

Alt 06.12.2011, 12:15   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner verschickt Emails? - Standard

Trojaner verschickt Emails?



Nee ist klar, diese Hosteinträge kommen natürlich niemals nicht von einem Crack für Adobe


Zitat:
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.12.2011, 15:44   #13
green devil
 
Trojaner verschickt Emails? - Standard

Trojaner verschickt Emails?



Mensch, wenn ich es doch sage...

Die Platte J ist von nem Kommilitonen, der mir auch Acrobat fürs Studium installiert hat. Ich hab davon überhaupt keine Peilung... Umso verwirrter war ich, als ich das mit den Emails entdeckt habe...

LG

Andre

Alt 06.12.2011, 18:04   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner verschickt Emails? - Standard

Trojaner verschickt Emails?



Und die Host-Einträge auf deinem System stammen typischerweise von einer gecrackten Adobe-Version. Und deswegen gibt es hier auch keine Bereinigung mehr.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.12.2011, 18:09   #15
green devil
 
Trojaner verschickt Emails? - Standard

Trojaner verschickt Emails?



Das mag ja sein... dann spackse ich Adobe von meinem Rechner und gut ist...

Mir stellt sich aber jetzt nur die Frage ob die Trojaner und Viren von seinen Partionen N und J in meinem System drin sind und wenn ja, wie ich das wegbekomme...

Wenn ich n großen Plan von der ganzen Materie hätte, dann hätte ich doch sicherlich nicht meinen Kommilitonen gefragt, ob er mir n Programm installieren kann, damit ich die Vorlesungsskripte lesen und mit Notizen versehen kann... Dass das ganze nicht koscher ist hatte er mir dabei wohl verschwiegen...

LG

André

Thema geschlossen

Themen zu Trojaner verschickt Emails?
adobe, antivirus, bankguard, bho, bonjour, browser, dateisystem, dll, explorer, firefox, firewall, google, hijack, hijackthis, hängen, internet, internet explorer, launch, logfile, microsoft, mozilla, nvidia, pdf, rundll, senden, suche, trojaner, windows, winload toolbar



Ähnliche Themen: Trojaner verschickt Emails?


  1. Trojaner verschickt Spam-Emails
    Log-Analyse und Auswertung - 05.11.2015 (3)
  2. Emails mit Virusanhang von eigener Adresse verschickt
    Plagegeister aller Art und deren Bekämpfung - 29.01.2015 (13)
  3. Emails mit Link werden verschickt: AOL
    Plagegeister aller Art und deren Bekämpfung - 20.04.2014 (9)
  4. Rechner verschickt emails
    Plagegeister aller Art und deren Bekämpfung - 19.04.2014 (21)
  5. Mein Rechner verschickt Spam-Emails... Trojaner? Virus?
    Plagegeister aller Art und deren Bekämpfung - 29.12.2013 (11)
  6. vermutlich verschickt dieses eee Trojaner emails
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (27)
  7. Ungewünschte Emails an Kontakte werden verschickt
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (19)
  8. Trojaner verschickt Emails über Yahoo-Account
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (47)
  9. Yahoo verschickt Emails mit Link - PC verseucht?
    Plagegeister aller Art und deren Bekämpfung - 26.06.2012 (30)
  10. Hotmail verschickt automatisch emails
    Plagegeister aller Art und deren Bekämpfung - 22.06.2012 (1)
  11. Virus oder Trojaner der eMails verschickt Mejores Amigos
    Plagegeister aller Art und deren Bekämpfung - 24.04.2012 (5)
  12. Account hat spam-emails verschickt
    Log-Analyse und Auswertung - 21.11.2011 (11)
  13. Live verschickt Emails mit diversen Links...
    Plagegeister aller Art und deren Bekämpfung - 08.09.2011 (0)
  14. Rechner verschickt selbsständig emails
    Log-Analyse und Auswertung - 06.08.2011 (1)
  15. EMails werden von Fremden verschickt
    Plagegeister aller Art und deren Bekämpfung - 23.05.2011 (13)
  16. Hotmail verschickt Viagra Emails
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (0)
  17. Virus verschickt Emails?
    Archiv - 07.01.2003 (3)

Zum Thema Trojaner verschickt Emails? - Moin Moin, als ich eben mein Emailpostfach kontrolliert habe, habe ich festgestellt, dass Emails mit folgendem Betreff und Inhalt: Betreff: FWD: I DID IT!!! Inhalt: Whats up whats up. I - Trojaner verschickt Emails?...
Archiv
Du betrachtest: Trojaner verschickt Emails? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.