Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: MSN Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.05.2010, 09:53   #1
lukas07091
 
MSN Virus - Standard

MSN Virus



mein freund hat mir ein Foto geschickt bei MSN ich dachte mir ok da es ja bestimmt kein Virus ist gucke ich mir das Foto mal dann aufeinmal meckert mein Microsoft Secruity essentials und sagt Virus!! Win32/Pushbot.gen!C

hier die logfile:HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:52:29, on 29.05.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Lukas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HFELITY2\HiJackThis204[1].exe
C:\Users\Lukas\Desktop\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Windows System Manager] C:\Users\Public\winnsvc.exe
O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

--
End of file - 6795 bytes
         
--- --- ---



bin ich sauber?? vielen dank im voraus

Alt 29.05.2010, 10:00   #2
Crash129
 
MSN Virus - Standard

MSN Virus



Was war das denn für eine Datei? .pif .exe .jpg .gif ? Hast du diese Datei denn geöffnet und hat sie vielleicht nach Admin Rechten gefragt? (Win7/Vista)
__________________


Alt 29.05.2010, 10:08   #3
lukas07091
 
MSN Virus - Standard

MSN Virus



es war ein JPG ich habe sie angeklickt aba sie hat ncih nach admin rechten gefragt aba die JPG funktionierte nich
__________________

Alt 29.05.2010, 10:09   #4
lukas07091
 
MSN Virus - Standard

MSN Virus



win7 habe ich home premium

Alt 29.05.2010, 10:57   #5
Crash129
 
MSN Virus - Standard

MSN Virus



Ganz sicher das es eine JPG und kein .scr oder sowas war? Hm Es gibt ja eine Methode exe Dateien usw in eine JPG Datei zu "infizieren".

Zitat:
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
Diese Dateien bitte mal bei virustotal.com/de hochladen


Alt 29.05.2010, 15:58   #6
lukas07091
 
MSN Virus - Standard

MSN Virus



oh doch es war eine jpg.scr dateit was mache ich jetzt bloss

Alt 29.05.2010, 15:59   #7
lukas07091
 
MSN Virus - Standard

MSN Virus



nein eine jpg angeblich ein bildschirmschoner sry doppel post

C:\Windows\bdoscandel.exe : virustotal hat nichts gefunden

nur die virus meldung kommt nach jedem neustart wieder ich bracuhe echt hilfe das system is knapp 3wochen alt

in der datei svchost ist der virus win32trojan horse

Geändert von lukas07091 (29.05.2010 um 16:12 Uhr)

Alt 30.05.2010, 00:55   #8
Feenixatwork
 
MSN Virus - Standard

MSN Virus



Malewarebytes runterladen updaten und auf Vollcan durchlaufen lassen danach CCcleaner habe ich auch gemacht leider wurde mein Logpost hier noch nicht asugewertet mit OLT

Alt 30.05.2010, 09:11   #9
nochdigger
 
MSN Virus - Standard

MSN Virus



Moin

Zitat:
Zitat:
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
Diese Dateien bitte mal bei virustotal.com/de hochladen
bdoscandel.exe
srvany.exe

Wie schon gesagt, Malwarebytes laden, updaten vollständige Überprüfung durchführen und alle Funde löschen lassen.
Anschließend das Log hier posten und ein OTL Log erstellen.

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

MFG
__________________
Kein Support per PN - Bitte im Forum posten.

Alt 30.05.2010, 12:10   #10
lukas07091
 
MSN Virus - Standard

MSN Virus



bodscandel is sauber
srvany auch
malware bytes findet nichts
ist es villeicht ein fehler von microsoft secruity essentials???
ich habe auch eine csrss.exe

hier die otl logfile :
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.05.2010 12:04:21 - Run 1
OTL by OldTimer - Version 3.2.5.1     Folder = C:\Users\Lukas\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 46,57 Gb Total Space | 19,18 Gb Free Space | 41,18% Space Free | Partition Type: NTFS
Drive D: | 419,18 Gb Total Space | 396,94 Gb Free Space | 94,69% Space Free | Partition Type: NTFS
Drive E: | 644,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LUKAS-PC
Current User Name: Lukas
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lukas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Programme\Spyware Doctor\TFEngine\TFService.exe (PC Tools)
PRC - C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Lukas\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Spyware Doctor\TFEngine\TFWAH.dll (PC Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- C:/Program Files/Common Files/Akamai/rswin_3697.dll ()
SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (ThreatFire) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\Windows\system32\DRIVERS\tdrpm251.sys (Acronis)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (TfSysMon) -- C:\Windows\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\Windows\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys (PC Tools)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (pctgntdi) -- C:\Windows\System32\drivers\pctgntdi.sys (PC Tools)
DRV - (pctplsg) -- C:\Windows\System32\drivers\pctplsg.sys (PC Tools)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation                                            )
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (rt2870) -- C:\Windows\System32\drivers\rt2870.sys (Ralink Technology, Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 91 11 E2 64 FA CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.22
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.28 19:14:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.28 19:14:18 | 000,000,000 | ---D | M]
 
[2010.05.27 19:41:16 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\mozilla\Extensions
[2010.05.28 19:15:29 | 000,000,000 | ---D | M] -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\luq7oef7.default\extensions
[2010.05.28 19:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lukas\AppData\Roaming\mozilla\Firefox\Profiles\luq7oef7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.05.28 19:14:18 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Windows System Manager] C:\Users\Public\winnsvc.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.03.18 10:50:27 | 000,000,420 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010.03.18 10:50:27 | 000,000,011 | R--- | M] () - E:\autorun.tag -- [ CDFS ]
O33 - MountPoints2\{5c0f5a13-6655-11df-919b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5c0f5a13-6655-11df-919b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe -- [2009.02.13 10:59:52 | 000,935,768 | R--- | M] (mirabyte GmbH & Co. KG)
O33 - MountPoints2\{d66ccf58-6662-11df-91b4-94445209c74f}\Shell - "" = AutoRun
O33 - MountPoints2\{d66ccf58-6662-11df-91b4-94445209c74f}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.30 12:03:43 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\Lukas\Desktop\OTL.exe
[2010.05.29 22:02:12 | 000,059,664 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2010.05.29 22:02:12 | 000,051,984 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2010.05.29 22:02:12 | 000,033,552 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2010.05.29 21:33:11 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010.05.29 21:33:10 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.05.29 21:33:10 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010.05.29 21:29:11 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010.05.29 21:29:11 | 000,098,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010.05.29 21:29:06 | 000,207,792 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010.05.29 21:29:06 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010.05.29 21:29:00 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.05.29 21:28:47 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools
[2010.05.29 21:28:46 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Doctor
[2010.05.29 21:28:46 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\PC Tools
[2010.05.29 21:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.05.29 18:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.05.29 10:18:42 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Malwarebytes
[2010.05.29 10:18:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.29 09:52:08 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Lukas\Desktop\HiJackThis204.exe
[2010.05.28 21:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.05.28 19:15:31 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\QuickScan
[2010.05.28 19:14:17 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2010.05.28 19:11:30 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010.05.28 19:10:46 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Blizzard Entertainment
[2010.05.28 18:46:21 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Blizzard Entertainment.temp
[2010.05.28 18:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010.05.28 18:43:26 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Essentials
[2010.05.27 19:41:06 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Mozilla
[2010.05.27 19:41:06 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Mozilla
[2010.05.27 19:28:57 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Akamai
[2010.05.27 19:17:42 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Diagnostics
[2010.05.26 16:18:23 | 000,000,000 | ---D | C] -- C:\Programme\Gameforge4D
[2010.05.26 15:17:28 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\teamspeak2
[2010.05.26 15:17:06 | 000,034,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lhacm.acm
[2010.05.26 15:16:57 | 000,000,000 | ---D | C] -- C:\Programme\Teamspeak2_RC2
[2010.05.26 15:15:50 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\runic games
[2010.05.26 15:12:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.05.25 19:52:48 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Apple Computer
[2010.05.25 19:52:48 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Apple Computer
[2010.05.25 19:52:34 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010.05.25 19:52:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010.05.25 19:52:23 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.05.25 19:52:22 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.05.25 19:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.05.25 19:51:51 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.05.25 19:51:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.05.25 19:51:47 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Apple
[2010.05.25 19:51:46 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010.05.25 19:51:34 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.05.25 19:51:31 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2010.05.25 19:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.05.25 10:14:44 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\WinRAR
[2010.05.25 10:14:31 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.05.24 15:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.05.24 15:48:35 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2010.05.24 15:48:35 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2010.05.24 15:48:03 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Adobe
[2010.05.24 15:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010.05.24 15:27:06 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\ds
[2010.05.24 11:23:37 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.05.24 10:51:55 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.05.24 10:51:55 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.05.24 10:51:55 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.05.24 10:51:54 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.05.24 10:51:45 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.05.24 10:51:45 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010.05.24 10:51:41 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.05.24 10:51:41 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010.05.24 10:51:41 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010.05.24 10:51:41 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010.05.24 10:51:34 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.05.24 10:51:33 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.05.24 10:51:33 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.05.24 10:51:33 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.05.24 10:51:32 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.05.24 10:51:32 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.05.24 10:51:32 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.05.24 10:51:31 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.05.24 10:51:31 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.05.24 10:51:30 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.05.24 10:51:30 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010.05.24 10:51:30 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.05.24 10:51:29 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.05.24 10:51:28 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.05.24 10:51:26 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.05.24 10:51:26 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.05.24 10:51:26 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.05.24 10:51:26 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.05.24 10:51:25 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.05.24 10:51:25 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.05.24 10:51:25 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.05.24 10:51:25 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.05.23 15:57:34 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Desktop\games
[2010.05.23 15:09:22 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\My Games
[2010.05.23 15:09:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
[2010.05.23 15:09:01 | 000,000,000 | ---D | C] -- C:\Programme\AGEIA Technologies
[2010.05.23 15:08:45 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard
[2010.05.23 14:07:58 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010.05.23 14:07:57 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010.05.23 14:07:57 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010.05.23 14:07:57 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2010.05.23 14:07:57 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010.05.23 14:07:57 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010.05.23 14:07:57 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010.05.23 14:07:57 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2010.05.23 14:07:57 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010.05.23 14:07:57 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010.05.23 14:07:57 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2010.05.23 14:07:57 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010.05.23 14:07:57 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010.05.23 14:07:57 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010.05.23 14:07:57 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010.05.23 14:07:57 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010.05.23 14:07:57 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010.05.23 14:07:56 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010.05.23 14:07:56 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010.05.23 14:07:56 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010.05.23 14:07:56 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010.05.23 14:07:56 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010.05.23 14:07:56 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010.05.23 14:07:55 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010.05.23 14:07:55 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010.05.23 14:07:55 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2010.05.23 14:07:55 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2010.05.23 14:07:55 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010.05.23 14:07:55 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2010.05.23 14:07:55 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010.05.23 14:07:55 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2010.05.23 14:07:55 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2010.05.23 14:07:55 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2010.05.23 14:07:55 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\GamersFirst LIVE!
[2010.05.23 14:07:54 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2010.05.23 14:07:54 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010.05.23 14:07:54 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2010.05.23 14:07:54 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010.05.23 14:07:54 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2010.05.23 14:07:54 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2010.05.23 14:07:54 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2010.05.23 14:07:54 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010.05.23 14:07:54 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2010.05.23 14:07:54 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2010.05.23 14:07:54 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2010.05.23 14:07:54 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2010.05.23 14:07:54 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010.05.23 14:07:54 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2010.05.23 14:07:54 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2010.05.23 14:07:54 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2010.05.23 14:07:54 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2010.05.23 14:07:54 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2010.05.23 14:07:54 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2010.05.23 14:07:53 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010.05.23 14:07:53 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010.05.23 14:07:53 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2010.05.23 14:07:53 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010.05.23 14:07:53 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2010.05.23 14:07:53 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2010.05.23 14:07:53 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2010.05.23 14:07:53 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2010.05.23 14:07:53 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2010.05.23 14:07:53 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2010.05.23 14:07:53 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2010.05.23 14:07:53 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2010.05.23 14:07:53 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2010.05.23 14:07:53 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2010.05.23 14:07:53 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2010.05.23 14:07:53 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2010.05.23 14:07:53 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2010.05.23 14:07:53 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2010.05.23 14:07:51 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010.05.23 14:07:51 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2010.05.23 14:07:51 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2010.05.23 14:07:50 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2010.05.23 14:07:50 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2010.05.23 14:07:50 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2010.05.23 14:07:50 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2010.05.23 14:07:50 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2010.05.23 14:07:50 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2010.05.23 14:07:31 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\PMB Files
[2010.05.23 14:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010.05.23 14:07:28 | 000,000,000 | ---D | C] -- C:\Programme\Pando Networks
[2010.05.23 14:07:23 | 000,000,000 | ---D | C] -- C:\Programme\GamersFirst
[2010.05.23 14:05:37 | 000,000,000 | ---D | C] -- C:\Programme\JoWooD
[2010.05.23 13:59:02 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite
[2010.05.23 13:58:39 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\DAEMON Tools Lite
[2010.05.23 13:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010.05.23 13:53:48 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Google
[2010.05.23 13:53:48 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Google
[2010.05.23 13:51:03 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Macromedia
[2010.05.23 13:51:03 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Adobe
[2010.05.23 13:50:54 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2010.05.23 13:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010.05.23 13:50:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010.05.23 13:38:09 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Desktop\musik
[2010.05.23 13:30:28 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Acronis
[2010.05.23 13:29:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2010.05.23 13:28:03 | 000,152,704 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\afcdp.sys
[2010.05.23 13:28:01 | 000,902,432 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\tdrpm251.sys
[2010.05.23 13:28:01 | 000,570,016 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2010.05.23 13:27:57 | 000,156,928 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2010.05.23 13:27:52 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Acronis
[2010.05.23 13:27:52 | 000,000,000 | ---D | C] -- C:\Programme\Acronis
[2010.05.23 13:23:39 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.05.23 13:23:26 | 000,000,000 | -HSD | C] -- C:\Boot
[2010.05.23 12:57:18 | 000,000,000 | ---D | C] -- C:\Users\Lukas\Documents\Outlook-Dateien
[2010.05.23 12:56:07 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.05.23 12:50:51 | 001,070,901 | ---- | C] (FreeSoft) -- C:\Users\Lukas\Desktop\mini-KMS_Activator_v1.052.exe
[2010.05.23 12:42:15 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services
[2010.05.23 12:42:15 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2010.05.23 12:42:08 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.05.23 12:42:08 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2010.05.23 12:42:08 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition
[2010.05.23 12:40:58 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Analysis Services
[2010.05.23 12:40:47 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Microsoft Help
[2010.05.23 12:40:45 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2010.05.23 12:40:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010.05.23 12:40:42 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.05.23 12:40:36 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.05.23 12:33:53 | 000,637,952 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\System32\drivers\rt2870.sys
[2010.05.23 12:33:53 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\System32\RaCoInst.dll
[2010.05.23 12:31:53 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Searches
[2010.05.23 12:31:46 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Identities
[2010.05.23 12:31:45 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Contacts
[2010.05.23 12:31:40 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\VirtualStore
[2010.05.23 12:31:39 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Vorlagen
[2010.05.23 12:31:39 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\AppData\Local\Verlauf
[2010.05.23 12:31:39 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\AppData\Local\Temporary Internet Files
[2010.05.23 12:31:39 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Startmenü
[2010.05.23 12:31:39 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\SendTo
[2010.05.23 12:31:39 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Recent
[2010.05.23 12:31:39 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Netzwerkumgebung
[2010.05.23 12:31:39 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Lokale Einstellungen
[2010.05.23 12:31:39 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Documents\Eigene Videos
[2010.05.23 12:31:39 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Documents\Eigene Musik
[2010.05.23 12:31:39 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Eigene Dateien
[2010.05.23 12:31:39 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Documents\Eigene Bilder
[2010.05.23 12:31:39 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Druckumgebung
[2010.05.23 12:31:39 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Cookies
[2010.05.23 12:31:39 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\AppData\Local\Anwendungsdaten
[2010.05.23 12:31:39 | 000,000,000 | -HSD | C] -- C:\Users\Lukas\Anwendungsdaten
[2010.05.23 12:31:38 | 000,000,000 | --SD | C] -- C:\Users\Lukas\AppData\Roaming\Microsoft
[2010.05.23 12:31:38 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Videos
[2010.05.23 12:31:38 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Saved Games
[2010.05.23 12:31:38 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Pictures
[2010.05.23 12:31:38 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Music
[2010.05.23 12:31:38 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Links
[2010.05.23 12:31:38 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Favorites
[2010.05.23 12:31:38 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Downloads
[2010.05.23 12:31:38 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Documents
[2010.05.23 12:31:38 | 000,000,000 | R--D | C] -- C:\Users\Lukas\Desktop
[2010.05.23 12:31:38 | 000,000,000 | -H-D | C] -- C:\Users\Lukas\AppData
[2010.05.23 12:31:38 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Temp
[2010.05.23 12:31:38 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Local\Microsoft
[2010.05.23 12:31:38 | 000,000,000 | ---D | C] -- C:\Users\Lukas\AppData\Roaming\Media Center Programs
[2010.05.23 12:31:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.05.23 12:31:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.05.23 12:31:31 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010.05.23 12:31:31 | 000,000,000 | -HSD | C] -- C:\Programme
[2010.05.23 12:31:31 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.05.23 12:31:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.05.23 12:31:31 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2010.05.23 12:31:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.05.23 12:31:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.05.23 12:27:10 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.05.23 12:24:43 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.05.23 12:24:29 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.30 12:08:34 | 001,310,720 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT
[2010.05.30 12:03:48 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Lukas\Desktop\OTL.exe
[2010.05.30 12:03:04 | 000,019,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.30 12:03:04 | 000,019,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.30 12:01:56 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.30 12:01:56 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.30 12:01:56 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.30 12:01:56 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.30 12:01:56 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.30 11:55:38 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.30 11:55:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.30 11:55:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.30 11:55:20 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.29 23:18:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.29 21:46:27 | 001,876,037 | -H-- | M] () -- C:\Users\Lukas\AppData\Local\IconCache.db
[2010.05.29 21:29:03 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.05.29 21:09:02 | 000,000,137 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010.05.29 09:52:15 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Lukas\Desktop\HiJackThis204.exe
[2010.05.28 19:14:19 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.05.28 18:43:26 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010.05.26 15:17:06 | 000,034,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lhacm.acm
[2010.05.26 15:16:58 | 000,000,948 | ---- | M] () -- C:\Users\Lukas\Desktop\Teamspeak 2 RC2.lnk
[2010.05.25 19:52:46 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.05.25 19:51:54 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.05.25 10:14:44 | 010,861,302 | ---- | M] () -- C:\Users\Lukas\Desktop\CryptLoad_1.1.8.rar
[2010.05.24 15:48:38 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.05.24 15:45:28 | 000,407,324 | ---- | M] () -- C:\Users\Lukas\Desktop\langbogen.pdf
[2010.05.24 12:58:43 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2010.05.24 12:58:16 | 000,341,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.23 14:07:24 | 000,001,118 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2010.05.23 14:07:24 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
[2010.05.23 13:59:11 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2010.05.23 13:59:11 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010.05.23 13:30:27 | 000,086,080 | ---- | M] () -- C:\Users\Lukas\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.23 13:28:03 | 000,152,704 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\afcdp.sys
[2010.05.23 13:28:01 | 000,902,432 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\tdrpm251.sys
[2010.05.23 13:28:01 | 000,570,016 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2010.05.23 13:27:57 | 000,156,928 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2010.05.23 13:27:57 | 000,002,171 | ---- | M] () -- C:\Users\Public\Desktop\Acronis One-Click Backup.lnk
[2010.05.23 13:27:57 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image Home 2010.lnk
[2010.05.23 13:23:27 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010.05.23 12:41:04 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010.05.23 12:37:00 | 000,524,288 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.05.23 12:37:00 | 000,524,288 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.05.23 12:37:00 | 000,065,536 | -HS- | M] () -- C:\Users\Lukas\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.05.23 12:31:39 | 000,000,020 | -HS- | M] () -- C:\Users\Lukas\ntuser.ini
[2010.05.23 12:27:56 | 000,052,953 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010.05.23 12:26:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.05.21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2010.05.29 21:33:11 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010.05.29 21:33:11 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.05.29 21:33:11 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010.05.29 21:33:11 | 000,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010.05.29 21:33:11 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010.05.29 21:29:11 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010.05.29 21:29:07 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010.05.29 21:29:06 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010.05.29 21:29:03 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.05.29 21:29:00 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010.05.29 21:09:02 | 000,000,137 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.05.28 19:14:19 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.05.28 18:43:26 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010.05.26 15:16:58 | 000,000,948 | ---- | C] () -- C:\Users\Lukas\Desktop\Teamspeak 2 RC2.lnk
[2010.05.25 19:52:46 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.05.25 19:51:54 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.05.25 10:14:34 | 010,861,302 | ---- | C] () -- C:\Users\Lukas\Desktop\CryptLoad_1.1.8.rar
[2010.05.24 15:48:38 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.05.24 15:45:24 | 000,407,324 | ---- | C] () -- C:\Users\Lukas\Desktop\langbogen.pdf
[2010.05.24 12:58:43 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2010.05.23 14:07:24 | 000,001,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2010.05.23 14:07:24 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
[2010.05.23 14:04:02 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.23 14:04:01 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.23 13:59:11 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.05.23 13:59:11 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010.05.23 13:27:57 | 000,002,171 | ---- | C] () -- C:\Users\Public\Desktop\Acronis One-Click Backup.lnk
[2010.05.23 13:27:57 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image Home 2010.lnk
[2010.05.23 13:23:27 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010.05.23 13:23:26 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010.05.23 12:49:48 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2010.05.23 12:31:39 | 000,000,020 | -HS- | C] () -- C:\Users\Lukas\ntuser.ini
[2010.05.23 12:31:38 | 001,310,720 | -HS- | C] () -- C:\Users\Lukas\NTUSER.DAT
[2010.05.23 12:31:38 | 000,524,288 | -HS- | C] () -- C:\Users\Lukas\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.05.23 12:31:38 | 000,524,288 | -HS- | C] () -- C:\Users\Lukas\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.05.23 12:31:38 | 000,262,144 | -HS- | C] () -- C:\Users\Lukas\ntuser.dat.LOG1
[2010.05.23 12:31:38 | 000,065,536 | -HS- | C] () -- C:\Users\Lukas\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.05.23 12:31:38 | 000,000,000 | -HS- | C] () -- C:\Users\Lukas\ntuser.dat.LOG2
[2010.05.23 12:26:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.05.23 12:24:29 | 2415,370,240 | -HS- | C] () -- C:\hiberfil.sys
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.01.05 14:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
         
--- --- ---







hier die andere :
TL Extras logfile created on: 30.05.2010 12:04:21 - Run 1
OTL by OldTimer - Version 3.2.5.1 Folder = C:\Users\Lukas\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 46,57 Gb Total Space | 19,18 Gb Free Space | 41,18% Space Free | Partition Type: NTFS
Drive D: | 419,18 Gb Total Space | 396,94 Gb Free Space | 94,69% Space Free | Partition Type: NTFS
Drive E: | 644,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LUKAS-PC
Current User Name: Lukas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"4StoryDE_is1" = 4Story 3.3
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Akamai" = Akamai NetSession Interface
"Browser Defender_is1" = Browser Defender 2.0.6.11
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst Parabellum Beta" = Parabellum Beta
"GamersFirst War Rock" = War Rock
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Spyware Doctor" = Spyware Doctor 7.0
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23.05.2010 07:25:44 | Computer Name = Lukas-PC | Source = MsiInstaller | ID = 11719
Description =

Error - 23.05.2010 07:59:03 | Computer Name = Lukas-PC | Source = VSS | ID = 8194
Description =

Error - 23.05.2010 08:04:13 | Computer Name = Lukas-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: e7c Startzeit: 01cafa700110c84f Endzeit: 0 Anwendungspfad: C:\Program
Files\Internet Explorer\iexplore.exe Berichts-ID: 4b5e48e2-6663-11df-91b4-94445209c74f


Error - 23.05.2010 16:04:10 | Computer Name = Lukas-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: f40 Startzeit: 01cafab236326ad9 Endzeit: 16 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: 57af6d27-66a6-11df-a47e-94445209c74f


Error - 28.05.2010 13:51:21 | Computer Name = Lukas-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(E2D59B3D503512C5F022BLZ00011A9ED70AC3F1BdFE\.F512H82\.._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 28.05.2010 15:29:02 | Computer Name = Lukas-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1996032853-QkxaMDAwMjFBOUVENzBBQzNGMUJkRkUuLEE5fUJFRg==._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 28.05.2010 16:07:53 | Computer Name = Lukas-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1502087261-QkxaMDAwMjFBOUVENzBBQzNGMUJkRkUuODJPMEVOQjk=._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 28.05.2010 16:18:33 | Computer Name = Lukas-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1747257897-QkxaMDAwMjFBOUVENzBBQzNGMUJkRkUuQzU5OUIxOEFk._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.

[ System Events ]
Error - 28.05.2010 12:57:40 | Computer Name = Lukas-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.

Error - 29.05.2010 03:38:00 | Computer Name = Lukas-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error - 29.05.2010 09:55:31 | Computer Name = Lukas-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error - 29.05.2010 11:16:31 | Computer Name = Lukas-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error - 29.05.2010 11:19:02 | Computer Name = Lukas-PC | Source = Microsoft Antimalware | ID = 1008
Description = Fehler in %%861 beim Durchführen von Maßnahmen gegen Spyware oder
andere möglicherweise unerwünschte Software. Im Folgenden finden Sie weitere Innformationen:
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Pushbot.gen!C&threatid=2147599924

Benutzer:
Lukas-PC\Lukas Name: Worm:Win32/Pushbot.gen!C ID: 2147599924 Schweregrad: Schwerwiegend

Kategorie:
Wurm Pfad: Aktion: %%809 Fehlercode: 0x80508023 Fehlerbeschreibung: Auf diesem Computer
wurde keine Spyware oder andere möglicherweise unerwünschte Software gefunden.
Status: Signaturversion: AV: 1.83.740.0, AS: 1.83.740.0 Modulversion: 1.1.5802.0

Error - 29.05.2010 12:14:21 | Computer Name = Lukas-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error - 29.05.2010 14:11:33 | Computer Name = Lukas-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error - 29.05.2010 15:10:01 | Computer Name = Lukas-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error - 29.05.2010 16:02:13 | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "ThreatFire" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error - 30.05.2010 05:55:19 | Computer Name = Lukas-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.


< End of report >

Geändert von lukas07091 (30.05.2010 um 12:22 Uhr)

Alt 30.05.2010, 18:26   #11
nochdigger
 
MSN Virus - Standard

MSN Virus



Hallo

Zitat:
malware bytes findet nichts
Ich würde trotzdem gern das Log sehen

Zitat:
ist es villeicht ein fehler von microsoft secruity essentials???
Nein, dieser Eintrag verrät eine (ehemalige) Infektion
O4 - HKCU\..\Run: [Windows System Manager] C:\Users\Public\winnsvc.exe


Zitat:
ich habe auch eine csrss.exe
Muss nix bedeuten, wo befindet sich die Datei (Pfadangabe)?

Starte HijackThis mit der Option - Scan - und hake diesen Eintrag an
Code:
ATTFilter
O4 - HKCU\..\Run: [Windows System Manager] C:\Users\Public\winnsvc.exe
         
klicke dann auf - fix checked - und beende Hijackthis.
Nach einem Neustart sollte dieser Eintrag im neuen Log nicht mehr erscheinen.

Ich würde gern einen Scan mit Combofix sehen
ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
MFG
__________________
Kein Support per PN - Bitte im Forum posten.

Antwort

Themen zu MSN Virus
adobe, bitdefender, bonjour, button, defender, desktop, explorer, google, gupdate, hijack, hijackthis, internet, internet explorer, logfile, microsoft security, microsoft security essentials, office, pando media booster, security, senden, software, system, system32, update, win32/pushbot.gen!c, windows, windows system




Zum Thema MSN Virus - mein freund hat mir ein Foto geschickt bei MSN ich dachte mir ok da es ja bestimmt kein Virus ist gucke ich mir das Foto mal dann aufeinmal meckert mein - MSN Virus...
Archiv
Du betrachtest: MSN Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.