Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Versuchte Datei?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.08.2012, 23:30   #1
verseuchter1
 
Versuchte Datei? - Standard

Versuchte Datei?



Hallo, ich habe heute Mittag eine .docx datei geöffnet die 3mb groß war aber keinen Inhalt hatte. Danach habe ich zumindest einen Prozess unter den Tasks gesehen den ich nicht kannte. Leider ist er jetzt weg und ich kann mich nciht an den Namen erinnern, trotzdem wäre es nett wenn ihr mal meine Logfiles überfliegt.
dankeschön
lg


OTL logfile created on: 21.08.2012 22:04:15 - Run 2
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\username\Desktop\Neuer Ordner
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,01 Gb Available Physical Memory | 75,31% Memory free
8,00 Gb Paging File | 6,91 Gb Available in Paging File | 86,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,50 Gb Total Space | 10,61 Gb Free Space | 18,14% Space Free | Partition Type: NTFS
Drive E: | 239,49 Gb Total Space | 102,00 Gb Free Space | 42,59% Space Free | Partition Type: NTFS
Drive H: | 1863,01 Gb Total Space | 434,98 Gb Free Space | 23,35% Space Free | Partition Type: NTFS

Computer Name: BB-LI-W7 | User Name: username | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.08.21 21:50:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\username\Desktop\Neuer Ordner\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.09.29 03:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.26 14:57:35 | 000,113,120 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.05 12:34:26 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.08.05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.20 13:53:19 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.19 22:07:19 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.01.19 22:07:18 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.09.29 04:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.09.29 04:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.09.29 03:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.08.16 12:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2012.03.29 16:32:12 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [1998.05.07 01:00:00 | 000,000,111 | ---- | M] () [Adapter | On_Demand | Unknown] -- C:\Windows\SysWow64\WINSOCK.SRG -- (Winsock)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 B4 55 70 FB 7F CB 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\username\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\username\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.04 03:12:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.26 14:57:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.21 18:51:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.26 14:57:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.21 18:51:05 | 000,000,000 | ---D | M]

[2012.01.04 03:12:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Extensions
[2012.08.07 01:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\ezg0owud.default\extensions
[2012.04.21 02:04:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.26 14:57:35 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.26 14:55:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.26 14:55:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.26 14:55:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.26 14:55:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.26 14:55:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.26 14:55:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sou rceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\username\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\username\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\username\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\username\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Google Update (Enabled) = C:\Users\username\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - Extension: Google Drive = C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.1_0\
CHR - Extension: YouTube = C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google-Suche = C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: FB Photo Zoom = C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1206.11.1_0\
CHR - Extension: AdBlock = C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\
CHR - Extension: Disconnect = C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\3.6.0_0\
CHR - Extension: Google Mail-Checker = C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: iFood.tv = C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngeklgfllcbcfbffbobpokjkdloljgni\1.0.3_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012.08.14 11:38:36 | 000,002,300 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: # Copyright (c) 1993-2009 Microsoft Corp.
O1 - Hosts: 127.0.0.1 psdto.com
O1 - Hosts: 22 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FE9C31D-8401-4CC4-8303-AAE6FADE0992}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\ccleaner64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\ccsetup321.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\firefox.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\zune.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\ccleaner64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\ccsetup321.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\firefox.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\uninst.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\zune.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6017e811-ae63-11e1-9c2b-0019dbf38d50}\Shell - "" = AutoRun
O33 - MountPoints2\{6017e811-ae63-11e1-9c2b-0019dbf38d50}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\{98c2923c-5edb-11e1-a130-0019dbf38d50}\Shell - "" = AutoRun
O33 - MountPoints2\{98c2923c-5edb-11e1-a130-0019dbf38d50}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a3b8b5d0-6907-11e0-9549-0019dbf38d50}\Shell - "" = AutoRun
O33 - MountPoints2\{a3b8b5d0-6907-11e0-9549-0019dbf38d50}\Shell\AutoRun\command - "" = G:\unlock.exe autoplay=true
O33 - MountPoints2\{a7b3fab6-cffb-11e1-b866-0019dbf38d50}\Shell - "" = AutoRun
O33 - MountPoints2\{a7b3fab6-cffb-11e1-b866-0019dbf38d50}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{e121ba44-ecf9-11df-bf0c-0019dbf38d50}\Shell - "" = AutoRun
O33 - MountPoints2\{e121ba44-ecf9-11df-bf0c-0019dbf38d50}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.08.21 21:50:21 | 000,000,000 | ---D | C] -- C:\Users\username\Desktop\Neuer Ordner
[2012.08.21 21:38:52 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Local\Wajam
[2012.08.21 18:50:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.21 16:59:28 | 000,000,000 | ---D | C] -- C:\Users\username\Documents\Updater
[2012.08.16 16:10:21 | 000,000,000 | ---D | C] -- C:\Users\username\Desktop\10.000
[2012.08.15 15:19:18 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Local\Microsoft Games
[2012.08.15 15:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2012.08.15 14:47:07 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Media Player Classic
[2012.08.14 21:26:20 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.08.14 21:26:20 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.08.14 21:26:20 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.08.14 21:26:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.08.07 18:54:34 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\vlc
[2012.08.07 01:18:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2012.08.07 00:13:07 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\ScummVM
[2012.08.07 00:13:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScummVM
[2012.08.07 00:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012.08.07 00:04:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.08.07 00:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012.08.06 20:53:08 | 000,000,000 | ---D | C] -- C:\Users\username\Documents\Square Enix
[2012.08.06 20:02:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.08.02 22:14:46 | 003,907,920 | ---- | C] (Piriform Ltd) -- C:\Users\username\Desktop\ccsetup321.exe
[2012.08.02 18:41:13 | 000,000,000 | ---D | C] -- C:\Users\username\Documents\WB Games
[2012.08.02 18:39:10 | 000,000,000 | ---D | C] -- C:\Users\username\Documents\Games for Windows - LIVE Demos
[2012.08.02 18:37:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2012.08.02 18:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2012.07.26 16:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012.07.26 14:07:33 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Thinstall
[2012.07.24 17:35:28 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\GlarySoft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.08.21 22:07:41 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.21 22:07:41 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.21 22:00:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.21 22:00:16 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.21 21:59:34 | 000,000,020 | ---- | M] () -- C:\Users\username\defogger_reenable
[2012.08.21 21:23:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3773092963-2584170513-1593871782-1000UA.job
[2012.08.21 18:51:06 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.08.21 18:23:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3773092963-2584170513-1593871782-1000Core.job
[2012.08.21 17:01:10 | 000,003,324 | ---- | M] () -- C:\Users\username\Desktop\Unbenannt-2.png
[2012.08.16 17:27:29 | 001,644,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.16 17:27:29 | 000,707,918 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.16 17:27:29 | 000,661,514 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.16 17:27:29 | 000,153,404 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.16 17:27:29 | 000,125,600 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.16 15:47:05 | 079,119,398 | ---- | M] () -- C:\Users\username\Desktop\10.000.rar
[2012.08.16 15:45:03 | 000,353,371 | ---- | M] () -- C:\Users\username\Desktop\WP_000456.jpg
[2012.08.16 14:53:53 | 000,060,359 | ---- | M] () -- C:\Users\username\Desktop\studbesch_6FBAE6A4787249ECB5C11FC30F9B2FC1.cit-prod-tomcat2.pdf
[2012.08.16 14:53:32 | 000,060,355 | ---- | M] () -- C:\Users\username\Desktop\vorstudbesch_6FBAE6A4787249ECB5C11FC30F9B2FC1.cit-prod-tomcat2.pdf
[2012.08.16 03:00:36 | 000,042,996 | ---- | M] () -- C:\Users\username\Desktop\5069033_460s.jpg
[2012.08.15 13:50:58 | 000,101,944 | ---- | M] () -- C:\Users\username\Desktop\418491_3788923487037_1478150138_n.jpg
[2012.08.15 12:53:16 | 000,476,734 | ---- | M] () -- C:\Users\username\Desktop\256331_434712349913224_362815178_o.jpg
[2012.08.15 12:48:21 | 000,237,553 | ---- | M] () -- C:\Users\username\Desktop\22.08.png
[2012.08.07 22:03:00 | 004,864,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.07 18:54:29 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.08.03 00:29:27 | 000,087,064 | ---- | M] () -- C:\Users\username\Desktop\83135.jpg
[2012.08.02 22:15:17 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.08.02 22:14:44 | 003,907,920 | ---- | M] (Piriform Ltd) -- C:\Users\username\Desktop\ccsetup321.exe
[2012.07.26 21:39:12 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.08.21 21:59:34 | 000,000,020 | ---- | C] () -- C:\Users\username\defogger_reenable
[2012.08.21 18:50:35 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.08.21 18:50:35 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.08.21 17:00:03 | 000,003,324 | ---- | C] () -- C:\Users\username\Desktop\Unbenannt-2.png
[2012.08.16 15:45:06 | 000,353,371 | ---- | C] () -- C:\Users\username\Desktop\WP_000456.jpg
[2012.08.16 15:03:20 | 079,119,398 | ---- | C] () -- C:\Users\username\Desktop\10.000.rar
[2012.08.16 14:53:54 | 000,060,359 | ---- | C] () -- C:\Users\username\Desktop\studbesch_6FBAE6A4787249ECB5C11FC30F9B2FC1.cit-prod-tomcat2.pdf
[2012.08.16 14:53:35 | 000,060,355 | ---- | C] () -- C:\Users\username\Desktop\vorstudbesch_6FBAE6A4787249ECB5C11FC30F9B2FC1.cit-prod-tomcat2.pdf
[2012.08.16 03:00:40 | 000,042,996 | ---- | C] () -- C:\Users\username\Desktop\5069033_460s.jpg
[2012.08.15 13:51:01 | 000,101,944 | ---- | C] () -- C:\Users\username\Desktop\418491_3788923487037_1478150138_n.jpg
[2012.08.15 12:53:19 | 000,476,734 | ---- | C] () -- C:\Users\username\Desktop\256331_434712349913224_362815178_o.jpg
[2012.08.15 12:48:20 | 000,237,553 | ---- | C] () -- C:\Users\username\Desktop\22.08.png
[2012.08.14 21:26:14 | 000,002,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.08.07 18:54:29 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.08.07 10:30:21 | 3220,672,512 | -HS- | C] () -- C:\hiberfil.sys
[2012.08.07 01:21:41 | 000,001,272 | ---- | C] () -- C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zune.exe.lnk
[2012.08.03 00:29:18 | 000,087,064 | ---- | C] () -- C:\Users\username\Desktop\83135.jpg
[2012.08.02 22:15:17 | 000,000,840 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner.lnk
[2012.08.02 22:15:17 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.26 21:39:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.26 14:29:49 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.04.25 01:22:08 | 000,000,064 | ---- | C] () -- C:\Windows\picture2avi.ini
[2012.02.16 17:37:39 | 000,001,456 | ---- | C] () -- C:\Users\username\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.02.16 17:35:08 | 000,000,132 | ---- | C] () -- C:\Users\username\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012.01.13 20:25:55 | 000,000,097 | ---- | C] () -- C:\Users\username\AppData\Local\fusioncache.dat
[2012.01.12 16:21:03 | 000,179,471 | ---- | C] () -- C:\ProgramData\1326377832.bdinstall.bin
[2012.01.11 17:57:51 | 000,017,408 | ---- | C] () -- C:\Users\username\AppData\Local\WebpageIcons.db
[2011.10.08 21:47:20 | 000,017,434 | ---- | C] () -- C:\Windows\W2BNEUnin.dat
[2011.04.28 16:47:45 | 001,672,648 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.25 19:11:52 | 000,000,132 | ---- | C] () -- C:\Users\username\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.03.14 17:03:03 | 000,001,456 | ---- | C] () -- C:\Users\username\AppData\Local\Adobe Für Web speichern 11.0 Prefs
[2010.12.28 20:12:42 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.12.28 20:12:42 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI

========== LOP Check ==========

[2011.09.20 18:49:45 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\.minecraft
[2012.07.26 15:05:16 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Atari
[2012.04.26 14:15:13 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\avidemux
[2011.11.04 20:15:58 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\benibela
[2012.04.30 16:26:38 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Broad Intelligence
[2012.01.10 18:00:27 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\calibre
[2011.10.03 21:40:53 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\casualArts
[2011.10.04 11:28:16 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Command and Conquer 4
[2012.07.23 14:14:32 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\DAEMON Tools Lite
[2012.06.14 23:40:30 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\DAEMON Tools Pro
[2012.07.26 17:08:40 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\GlarySoft
[2012.01.10 18:18:42 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\GonVisor
[2011.09.17 15:31:11 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Hoyle Blackjack
[2011.09.17 15:37:34 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Hoyle Card Games
[2011.09.17 15:24:15 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Hoyle FaceCreator
[2011.05.01 13:07:59 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\ICQ
[2011.12.21 02:54:39 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Jens Lorek
[2011.02.23 00:55:10 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Kalypso Media
[2012.01.13 03:44:24 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\KRKsoft
[2012.06.20 15:04:06 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Leadertech
[2012.03.30 15:54:16 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Might & Magic Heroes VI
[2010.11.12 18:57:52 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Miranda
[2011.10.12 20:45:42 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Nokia
[2010.11.09 15:30:45 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Notepad++
[2011.01.02 20:32:29 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\OpenOffice.org
[2012.01.04 03:16:28 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Opera
[2012.03.21 20:16:58 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\PACE Anti-Piracy
[2011.12.18 20:08:38 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\PC Remote
[2011.10.12 20:44:27 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\PC Suite
[2011.08.30 03:09:36 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\PunkBuster
[2012.01.12 16:18:52 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\QuickScan
[2012.04.23 01:06:18 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2011.09.16 12:37:30 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Rovio
[2012.08.07 00:13:07 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\ScummVM
[2012.07.17 15:50:18 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\SoftGrid Client
[2012.03.23 19:24:36 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.04.26 14:35:32 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\systweak
[2012.07.26 14:07:33 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Thinstall
[2012.07.12 17:17:07 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\TP
[2012.08.06 20:03:55 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\TuneUp Software
[2011.12.01 19:40:56 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Ubisoft
[2011.10.27 19:33:44 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\xm1
[2011.02.02 19:21:24 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\{4916c8ce-b9e7-4e25-9a23-25493e41e04c}
[2012.07.13 20:21:26 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1116 bytes -> C:\Users\username\AppData\Local\MyjDBrFH:EIkK4N0KvgdvsB9hrEF9
@Alternate Data Stream - 1056 bytes -> C:\Users\username\AppData\Local\5xy5YcJtplwRGrx:C3vhYiu7vRizrjAmoTt

< End of report >



Extra.txt file gabs nicht!

Alt 21.08.2012, 23:33   #2
markusg
/// Malware-holic
 
Versuchte Datei? - Standard

Versuchte Datei?



hi
lad mal die doc hoch:
Trojaner-Board Upload Channel
__________________

__________________

Alt 22.08.2012, 12:03   #3
verseuchter1
 
Versuchte Datei? - Standard

Versuchte Datei?



Hab sie sofort gelöscht, aber ich schau mal ob ich sie wiederfinde.
Melde mich dann nochmal!

Und danke für die schnelle Antwort, dieser Service ist echt eine super Sache von euch!
__________________

Alt 22.08.2012, 14:44   #4
markusg
/// Malware-holic
 
Versuchte Datei? - Standard

Versuchte Datei?



ist kein prob
der download link wäre auch ok.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Versuchte Datei?
adapter, adblock, adobe, bho, browser, ccsetup, desktop, error, explorer, explorer.exe, fb photo zoom, firefox, format, helper, homepage, langs, logfiles, microsoft, mozilla, namen, programme, prozess, realtek, registry, scan, software, symantec, windows, winlogon



Ähnliche Themen: Versuchte Datei?


  1. Versuchte Phishing Attacke auf Facebook.
    Diskussionsforum - 12.08.2015 (11)
  2. Dauernde Werbe-Popups und versuchte Downloads von fugupdates108.com
    Log-Analyse und Auswertung - 25.01.2015 (5)
  3. Win 8 - Versuchte Registryänderung
    Log-Analyse und Auswertung - 09.01.2015 (11)
  4. scr. Datei heruntergeladen, Link war als png. Datei angegeben
    Plagegeister aller Art und deren Bekämpfung - 05.01.2015 (3)
  5. Hacker versuchte Supercomputer-Zugangsdaten zu verkaufen
    Nachrichten - 28.08.2013 (0)
  6. Versuchte Reinigung von kontaminierter Services.exe bei W7/64
    Log-Analyse und Auswertung - 09.08.2013 (16)
  7. Mahnung von www.wahlbusch.de zip-Datei und darin enthaltene Datei geöffnet
    Log-Analyse und Auswertung - 18.04.2013 (7)
  8. Photshop datei von Adebo geladen und TROJ_GEN.RC1H1AV in der Datei gefunden
    Log-Analyse und Auswertung - 11.02.2013 (1)
  9. H1N1 Datei fehlt in meiner rundll Datei, was tun?
    Log-Analyse und Auswertung - 19.01.2013 (13)
  10. Avira findet TR/ATRAPS.gen kann die Datei aber nicht löschen. Wie bekomme ich die Datei vom System?
    Plagegeister aller Art und deren Bekämpfung - 25.06.2012 (1)
  11. Datei: Postetikett#1485-245DE.zip Datei herunterladen
    Log-Analyse und Auswertung - 14.06.2012 (1)
  12. Glaube Verschlüsslungstrojaner(vor Datei locked nach datei pffp und andere änderungen)
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  13. Pwn2Own-Wettbewerb: An Chrome versuchte sich keiner
    Nachrichten - 10.03.2011 (0)
  14. Trojaner in .rar Datei! Bitte um Analyse dieser Datei!!!
    Plagegeister aller Art und deren Bekämpfung - 23.08.2009 (12)
  15. Auf Trojaner aufmerksam geworden durch OnlineGame in dem man mich versuchte zu Hacken
    Log-Analyse und Auswertung - 17.05.2008 (5)
  16. SPYBOT LOG DATEI mysteriös. bitte um auswertung der HIJACKTHIS LOG DATEI
    Log-Analyse und Auswertung - 29.01.2008 (0)
  17. Trojaner in datei gefunden (datei aber nicht vorhanden)
    Plagegeister aller Art und deren Bekämpfung - 29.11.2004 (2)

Zum Thema Versuchte Datei? - Hallo, ich habe heute Mittag eine .docx datei geöffnet die 3mb groß war aber keinen Inhalt hatte. Danach habe ich zumindest einen Prozess unter den Tasks gesehen den ich nicht - Versuchte Datei?...
Archiv
Du betrachtest: Versuchte Datei? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.