Trojaner TR/Gendal gefunden und mit OTL gesvannt

reaper666 · 02.10.2010, 19:54

Hallo !!!!

Habe diesen Trojaner mit AntiVir gefunden und nach den Postvorschlägen hier im Forum mit OTL gescannt.
Hier nun das Ergebnis,bitte um Hilfestellung wie ich den ohne Formatierung loswerde!!!

Danke =)OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 02.10.2010 20:04:04 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,88 Gb Total Space | 21,88 Gb Free Space | 19,56% Space Free | Partition Type: NTFS
Drive D: | 111,00 Gb Total Space | 75,96 Gb Free Space | 68,44% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SAMSUNG
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\u8ser\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\u8ser\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - d:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\u8ser\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (TomTomHOMEService) -- d:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (HauppaugeTVServer) -- C:\Program Files\WinTV\HCWTVServer.exe (Hauppauge Computer Works)
SRV - (EPGService) -- C:\Program Files\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VcommMgr) -- C:\Windows\System32\Drivers\VcommMgr.sys File not found
DRV - (VComm) -- C:\Windows\System32\DRIVERS\VComm.sys File not found
DRV - (upperdev) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (pccsmcfd) -- C:\Windows\System32\DRIVERS\pccsmcfd.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IvtBtBUs) -- C:\Windows\System32\Drivers\IvtBtBus.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (btwrchid) -- C:\Windows\System32\DRIVERS\btwrchid.sys File not found
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys File not found
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys File not found
DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys File not found
DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys File not found
DRV - (BtHidBus) -- C:\Windows\System32\Drivers\BtHidBus.sys File not found
DRV - (Btcsrusb) -- C:\Windows\System32\Drivers\btcusb.sys File not found
DRV - (BT) -- C:\Windows\System32\DRIVERS\btnetdrv.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (ADDMEM) -- C:\Windows\TEMP\__Samsung_Update\ADDMEM.SYS File not found
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (btnetBUs) -- C:\Windows\System32\drivers\btnetBus.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NETw2v32) Intel(R) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (HabuFltr) -- C:\Windows\System32\drivers\habu.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.t-online.de/cpm-redir/ie-8.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/cpm-redir/ie-8.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://de-de.facebook.com/"
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.11 13:13:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.23 14:41:31 | 000,000,000 | ---D | M]
 
[2010.05.06 14:24:21 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\mozilla\Extensions
[2009.11.06 21:38:55 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.03.25 02:06:34 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.09.26 18:25:08 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\mozilla\Firefox\Profiles\5sjhec6g.default\extensions
[2010.05.06 14:28:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\u8ser\AppData\Roaming\mozilla\Firefox\Profiles\5sjhec6g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.06 14:28:57 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\u8ser\AppData\Roaming\mozilla\Firefox\Profiles\5sjhec6g.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010.09.13 14:57:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.20 01:25:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.13 14:57:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009.08.20 17:36:00 | 000,097,376 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FFPDFConverter.dll
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.20 10:56:32 | 000,409,006 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.123topsearch.com
O1 - Hosts: 127.0.0.1    123topsearch.com
O1 - Hosts: 127.0.0.1    www.132.com
O1 - Hosts: 127.0.0.1    132.com
O1 - Hosts: 127.0.0.1    www.136136.net
O1 - Hosts: 127.0.0.1    136136.net
O1 - Hosts: 127.0.0.1    www.163ns.com
O1 - Hosts: 14145 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dbbv-online.de ([www] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: mydvag.com ([www] https in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1ced4018-528b-11dd-8482-a102c65a2f41}\Shell - "" = AutoRun
O33 - MountPoints2\{1ced4018-528b-11dd-8482-a102c65a2f41}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{69084e16-caf4-11de-a994-0013776d50d7}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{752f9f2d-97f2-11de-a232-0013776d50d7}\Shell\Open(&0)\command - "" = G:\Recycled\ctfmon.exe -- File not found
O33 - MountPoints2\{764d41a3-8b45-11de-b670-001f3c6d307f}\Shell - "" = AutoRun
O33 - MountPoints2\{764d41a3-8b45-11de-b670-001f3c6d307f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{8b46a558-4f1e-11df-adb6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8b46a558-4f1e-11df-adb6-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AUTOSTARTER.EXE -- File not found
O33 - MountPoints2\{929ebf2f-529f-11de-bd57-0013776d50d7}\Shell\Open(&0)\command - "" = G:\Recycled\ctfmon.exe -- File not found
O33 - MountPoints2\{932906e8-4d17-11dd-a6c0-e0038038c446}\Shell - "" = AutoRun
O33 - MountPoints2\{932906e8-4d17-11dd-a6c0-e0038038c446}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{96d6b8b6-2253-11df-92aa-c7ae976f5723}\Shell - "" = AutoRun
O33 - MountPoints2\{96d6b8b6-2253-11df-92aa-c7ae976f5723}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{96d6b8c7-2253-11df-92aa-806c5c6b9993}\Shell - "" = AutoRun
O33 - MountPoints2\{96d6b8c7-2253-11df-92aa-806c5c6b9993}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{99b15076-3bf0-11df-a491-0013776d50d7}\Shell - "" = AutoRun
O33 - MountPoints2\{99b15076-3bf0-11df-a491-0013776d50d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{99b15078-3bf0-11df-a491-0013776d50d7}\Shell - "" = AutoRun
O33 - MountPoints2\{99b15078-3bf0-11df-a491-0013776d50d7}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{9f456271-3b2c-11df-89bf-0013776d50d7}\Shell - "" = AutoRun
O33 - MountPoints2\{9f456271-3b2c-11df-89bf-0013776d50d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{9f456289-3b2c-11df-89bf-0013776d50d7}\Shell - "" = AutoRun
O33 - MountPoints2\{9f456289-3b2c-11df-89bf-0013776d50d7}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{9f4562ca-3b2c-11df-89bf-0013776d50d7}\Shell - "" = AutoRun
O33 - MountPoints2\{9f4562ca-3b2c-11df-89bf-0013776d50d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{9f4562cc-3b2c-11df-89bf-0013776d50d7}\Shell - "" = AutoRun
O33 - MountPoints2\{9f4562cc-3b2c-11df-89bf-0013776d50d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{c36986a6-3c87-11df-b608-0013776d50d7}\Shell - "" = AutoRun
O33 - MountPoints2\{c36986a6-3c87-11df-b608-0013776d50d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{c36986a7-3c87-11df-b608-0013776d50d7}\Shell - "" = AutoRun
O33 - MountPoints2\{c36986a7-3c87-11df-b608-0013776d50d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.02 20:02:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\u8ser\Desktop\OTL.exe
[2010.09.30 12:17:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.09.15 19:35:09 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010.09.13 14:57:04 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.09.13 14:57:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.09.13 14:57:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2006.11.25 00:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.25 00:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.02 20:05:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{85730654-E29C-4874-A36D-39FBE5EC9466}.job
[2010.10.02 20:05:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{58D761D1-4B05-4BE7-A793-C90D512363C7}.job
[2010.10.02 20:04:20 | 007,864,320 | -HS- | M] () -- C:\Users\u8ser\NTUSER.DAT
[2010.10.02 20:03:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\u8ser\Desktop\OTL.exe
[2010.10.02 19:59:36 | 001,592,556 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.10.02 19:59:36 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.02 19:59:36 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.02 19:59:36 | 000,149,786 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.02 19:59:36 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.02 19:45:29 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.02 19:45:29 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.02 19:43:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.02 19:10:01 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-707431271-2008918173-2048168635-1003UA.job
[2010.10.02 18:24:21 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job
[2010.10.02 17:55:47 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.02 17:45:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.02 17:45:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.02 17:44:40 | 000,524,288 | -HS- | M] () -- C:\Users\u8ser\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.10.02 17:44:40 | 000,065,536 | -HS- | M] () -- C:\Users\u8ser\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.10.02 17:06:33 | 000,001,356 | ---- | M] () -- C:\Users\u8ser\AppData\Local\d3d9caps.dat
[2010.10.02 05:42:46 | 000,196,608 | ---- | M] () -- C:\Users\u8ser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.01 17:52:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.10.01 17:45:46 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.09.30 12:21:31 | 000,298,291 | ---- | M] () -- C:\Users\u8ser\AppData\Roaming\nvModes.001
[2010.09.30 12:10:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-707431271-2008918173-2048168635-1003Core.job
[2010.09.23 15:10:29 | 000,002,042 | ---- | M] () -- C:\Users\u8ser\Desktop\Google Chrome.lnk
[2010.09.14 15:18:50 | 001,482,723 | ---- | M] () -- C:\Users\u8ser\Desktop\Rundbrief August 2010.pdf
[2010.09.09 18:36:37 | 000,000,680 | RHS- | M] () -- C:\Users\u8ser\ntuser.pol
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.01 17:45:46 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.09.14 15:18:50 | 001,482,723 | ---- | C] () -- C:\Users\u8ser\Desktop\Rundbrief August 2010.pdf
[2010.07.18 13:19:58 | 000,000,000 | ---- | C] () -- C:\Windows\Screensaver 'An apple a day'.ini
[2010.03.21 22:52:59 | 000,000,229 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010.03.21 22:52:59 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010.03.21 22:40:42 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.03.21 22:40:42 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.02.14 01:35:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.13 01:04:17 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009.11.25 14:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.11.22 19:03:41 | 000,000,206 | ---- | C] () -- C:\Users\u8ser\AppData\Roaming\burnaware.ini
[2009.10.20 22:31:48 | 000,589,824 | ---- | C] () -- C:\Windows\System32\olevluzr.dll
[2009.10.20 22:31:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.11 01:03:04 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009.07.17 12:31:00 | 000,000,083 | ---- | C] () -- C:\Windows\Bibi_Tina6.ini
[2009.06.17 15:02:46 | 000,029,192 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2009.04.25 19:28:21 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.03.20 23:48:09 | 000,001,947 | ---- | C] () -- C:\Windows\vtplus32.ini
[2009.03.20 23:48:06 | 000,000,030 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2009.03.20 23:47:37 | 000,032,295 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.03.20 23:47:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2009.03.20 23:47:07 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.03.20 23:47:04 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll
[2009.03.20 23:45:57 | 000,006,268 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2009.02.21 14:12:12 | 000,000,197 | ---- | C] () -- C:\Windows\disneysy.ini
[2009.02.21 12:23:33 | 000,000,355 | ---- | C] () -- C:\Windows\Disney.ini
[2009.02.01 13:52:31 | 000,000,458 | ---- | C] () -- C:\Windows\wininit.ini
[2009.01.22 21:51:37 | 000,003,082 | ---- | C] () -- C:\Windows\System32\affv9869p3now.sys
[2008.12.26 21:11:30 | 000,000,000 | ---- | C] () -- C:\Windows\TutuSoft_Audio_Ogg.INI
[2008.12.18 22:38:04 | 000,000,090 | ---- | C] () -- C:\Users\u8ser\AppData\Local\mcafejxw.bat
[2008.12.06 14:38:44 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2008.12.02 18:59:48 | 000,000,088 | ---- | C] () -- C:\Windows\mp3wavcon.ini
[2008.12.02 18:58:32 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008.12.02 06:07:38 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.12.02 06:06:30 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.12.01 19:04:23 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.11.30 12:51:12 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2008.10.31 00:14:17 | 000,000,552 | ---- | C] () -- C:\Users\u8ser\AppData\Local\d3d8caps.dat
[2008.10.28 18:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.08.21 22:01:36 | 000,000,020 | ---- | C] () -- C:\Windows\eplan.ini
[2008.08.09 21:43:10 | 000,001,356 | ---- | C] () -- C:\Users\u8ser\AppData\Local\d3d9caps.dat
[2008.07.08 22:14:29 | 000,697,328 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.07.08 20:43:01 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.07.08 20:42:49 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.07.04 20:20:15 | 000,298,291 | ---- | C] () -- C:\Users\u8ser\AppData\Roaming\nvModes.001
[2008.07.04 20:19:26 | 000,298,291 | ---- | C] () -- C:\Users\u8ser\AppData\Roaming\nvModes.dat
[2008.06.26 17:24:04 | 000,196,608 | ---- | C] () -- C:\Users\u8ser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.29 02:57:47 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2007.12.29 02:57:47 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.02.16 02:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.30 03:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.09 20:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2005.04.27 13:40:30 | 000,002,572 | ---- | C] () -- C:\Windows\WINDVDBOOTRECDOE.sys
[2002.08.08 06:11:30 | 000,319,488 | R--- | C] () -- C:\Users\u8ser\AppData\Roaming\MafiaSetup.exe
 
========== LOP Check ==========
 
[2008.12.08 00:42:09 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\Activision
[2008.08.21 17:54:29 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\Autodesk
[2008.08.14 00:59:02 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\CasinoOnNet
[2010.07.18 10:01:55 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\cerasus.media
[2008.07.08 22:14:20 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\DAEMON Tools
[2010.04.08 20:37:40 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\DAEMON Tools Pro
[2009.06.01 12:53:43 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\dBpoweramp
[2010.06.01 17:48:57 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\Desktopicon
[2008.11.08 00:43:54 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\FileZilla
[2010.06.20 00:48:31 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\GrabPro
[2009.12.30 23:26:00 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\IrfanView
[2009.11.20 19:48:53 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\Jumping Bytes
[2009.02.10 16:12:25 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\Kiddinx
[2010.09.23 15:28:09 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\LimeWire
[2009.10.19 21:53:40 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\Nokia
[2008.10.20 21:26:50 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\OpenOffice.org
[2009.04.20 19:55:52 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\Opera
[2009.09.25 20:57:13 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\PC Suite
[2009.11.17 02:38:32 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\PDF Software
[2009.10.21 22:30:59 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\ProtectDisc
[2010.02.28 13:40:49 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\runic games
[2010.06.18 15:12:11 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\SoftMaker
[2010.05.23 15:16:27 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\TaskCoach
[2009.06.05 21:43:58 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\TeamViewer
[2009.04.12 17:38:19 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\The Games Company
[2009.11.06 21:38:52 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\TomTom
[2008.12.01 19:00:16 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\Toolbars
[2009.12.19 01:44:49 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\Tropico 3
[2008.12.08 00:55:33 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\Ubisoft
[2009.09.02 21:47:24 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\Youdagames
[2010.10.01 17:52:31 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.10.02 18:24:21 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\SupBackGroundTask.job
[2010.10.02 20:05:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{58D761D1-4B05-4BE7-A793-C90D512363C7}.job
[2010.10.02 20:05:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{85730654-E29C-4874-A36D-39FBE5EC9466}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGKMVF9V8N4TKBRVDNGCMXLJ4M28WDP36MLTJ5KJ4VPXHAT
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0CE7F3C9
< End of report >

--- --- ---

cosinus · 03.10.2010, 14:47

Zitat:

Habe diesen Trojaner mit AntiVir gefunden

Immer die genauen Schädlingsnamen und Pfadangaben notieren und posten!

Aus den Regeln:

5. Beschreibe Dein Problem in einigen Sätzen und arbeite diese Anleitung ab Punkt 2. durch
Auch Funde von deiner Sicherheitssoftware bitte im Thema nennen: (z.B. c:\windows\virus.exe)
Fehlen diese Angaben, kann und wird dir hier niemand helfen.

Trojaner TR/Gendal gefunden und mit OTL gesvannt

Plagegeister aller Art und deren Bekämpfung: Trojaner TR/Gendal gefunden und mit OTL gesvannt

Trojaner TR/Gendal gefunden und mit OTL gesvannt

Trojaner TR/Gendal gefunden und mit OTL gesvannt

Ähnliche Themen: Trojaner TR/Gendal gefunden und mit OTL gesvannt