Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Verdächtigte Datei kuga.exe?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.10.2010, 21:10   #1
AntiVir Prem
 
Verdächtigte Datei kuga.exe? - Standard

Verdächtigte Datei kuga.exe?



Guten Abend,
bin neu im Forum und hab ein Problem mit Firefox und zwar der öffnet immer von alleine Seiten dann blockiert die Firewall die Seite.
Firewall ist die von AntiVir Premium. Könnte es vielleicht der HTML Script Virus sein der in der Quarantäne ist?
"]

Und eine Logfile hab ich auch gleich dabei:
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:37:57, on 12.10.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\***\AppData\Local\Apps\2.0\QNJPYG18.L5A\0DN02096.RX8\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe
C:\Program Files\TwonkyMedia\MediaManager\twonkymediamanager.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Users\***\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TwonkyBeam - {D6E0063B-7B09-45C9-A51D-1FB51840EBE0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [{B0225CAE-3ADC-B249-9FE2-45DFDB1AC9E9}] C:\Users\König\AppData\Roaming\Telez\kuga.exe
O4 - HKCU\..\Run: [AVMUSBFernanschluss] C:\Users\König\AppData\Local\Apps\2.0\QNJPYG18.L5A\0DN02096.RX8\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\AVMAutoStart.exe
O8 - Extra context menu item: Add to Playlist - res://C:\Program Files\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: hxxp://192.168.
O17 - HKLM\System\CCS\Services\Tcpip\..\{6740F581-8B96-4B73-9C1B-74E80ABB4E31}: NameServer = 192.168.
O17 - HKLM\System\CS1\Services\Tcpip\..\{6740F581-8B96-4B73-9C1B-74E80ABB4E31}: NameServer = 192.168.
O17 - HKLM\System\CS2\Services\Tcpip\..\{6740F581-8B96-4B73-9C1B-74E80ABB4E31}: NameServer = 192.168.
O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 7278 bytes
         
--- --- ---

Kuga.exe kamm mir komisch vor also hab ich mal im Internet mal nachgeschaut und bin dabei auf folgenden Iiformationen gestoßen.
File Verhalten

KUGA.EXE has been seen to perform the following behavior: KUGA.EXE gesehen worden, um das folgende Verhalten auszuführen:

* The Process is packed and/or encrypted using a software packing process Der Prozess wird verpackt und / oder verschlüsselt mittels einer Software Verpackungsprozess
* Writes to another Process's Virtual Memory (Process Hijacking) Schreibt in einem anderen Prozess des virtuellen Speichers (Process-Hijacking)
* Executes a Process Führt ein Prozess
* Registers a Dynamic Link Library File Registriert eine Dynamic Link Library-Datei
* This process creates other processes on disk Dieser Prozess schafft andere Prozesse auf der Festplatte

KUGA.EXE has been the subject of the following behavior: KUGA.EXE ist Gegenstand der folgenden Verhaltens:

* Added as a Registry auto start to load Program on Boot up Hinzugefügt als Registry Autostart zu Programm beim Hochfahren geladen
* Executed as a Process Ausgeführt als Prozess
* Created as a process on disk Erstellt als einen Prozess auf der Festplatte
* Has code inserted into its Virtual Memory space by other programs Code eingefügt hat in seiner virtuellen Speicher von anderen Programmen
* Terminated as a Process Abgeschlossen als Prozess
* Registered as a Dynamic Link Library File Angemeldet als Dynamic Link Library-Datei


werde das prevx gleich Morgen mal drüberlaufen lassen.

Und ich wende mich deshalb an dieses Forum weil ich möchte das sich jemand die Logfile anschaut und mir mitteilt ob noch irgendwas anderes außer kuga.exe (Schadprogramme) existiert.

Geändert von AntiVir Prem (12.10.2010 um 21:20 Uhr)

Alt 13.10.2010, 07:23   #2
Chris4You
 
Verdächtigte Datei kuga.exe? - Standard

Verdächtigte Datei kuga.exe?



Hi,

Deine TCP-Einstellungen sind "seltsam"...
hxxp://192.168. üblicher weise kommen da noch .XXX.XXX dran...

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\Users\König\AppData\Roaming\Telez\kuga.exe
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Also:
Anleitung Avenger (by swandog46)

1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:



2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist.

Kopiere nun folgenden Text in das weiße Feld:
(bei -> "input script here")


Code:
ATTFilter
Files to delete:
C:\Users\König\AppData\Roaming\Telez\kuga.ex
         
3.) Schliesse nun alle Programme (vorher notfalls abspeichern!) und Browser-Fenster, nach dem Ausführen des Avengers wird das System neu gestartet.

4.) Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet!

5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt
Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!
(Falls vorhanden, Teatimer von Spyboot wie folgt deaktivieren:
Modus-->Erweiterte Modus-->Ja-->Werkzeuge-->Resident-->Häkchen entfernen aus der "Resident "TeaTimer" (Schutz aller Systemeinstellungen)->exit)

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

chris
__________________

__________________

Alt 13.10.2010, 18:23   #3
AntiVir Prem
 
Verdächtigte Datei kuga.exe? - Standard

Verdächtigte Datei kuga.exe?



Guten Abend,
jetzt hab ich mal alles gemacht was ich machen sollte.
Und die Ip hab ich geändert. Also liegt dort kein Fehler vor.

Zuerst der Log von Virustotal:

Antivirus Version Last Update Result

AhnLab-V3 2010.10.13.01 2010.10.13 -
AntiVir 7.10.12.207 2010.10.13 TR/Spy.ZBot.aqvx
Antiy-AVL 2.0.3.7 2010.10.13 -
Authentium 5.2.0.5 2010.10.13 -
Avast 4.8.1351.0 2010.10.13 Win32:Spyware-gen
Avast5 5.0.594.0 2010.10.13 Win32:Spyware-gen
AVG 9.0.0.851 2010.10.13 PSW.Generic8.YWX
BitDefender 7.2 2010.10.13 -
CAT-QuickHeal 11.00 2010.10.13 -
ClamAV 0.96.2.0-git 2010.10.13 -
Comodo 6376 2010.10.13 -
DrWeb 5.0.2.03300 2010.10.13 -
Emsisoft 5.0.0.50 2010.10.13 Trojan-Spy.Win32.Zbot.aqvx!A2
eSafe 7.0.17.0 2010.10.12 -
eTrust-Vet 36.1.7908 2010.10.13 -
F-Prot 4.6.2.117 2010.10.12 -
F-Secure 9.0.15370.0 2010.10.13 -
Fortinet 4.2.249.0 2010.10.13 -
GData 21 2010.10.13 Win32:Spyware-gen
Ikarus T3.1.1.90.0 2010.10.13 -
Jiangmin 13.0.900 2010.10.13 -
K7AntiVirus 9.65.2733 2010.10.12 -
Kaspersky 7.0.0.125 2010.10.13 Trojan-Spy.Win32.Zbot.aqvx
McAfee 5.400.0.1158 2010.10.13 -
McAfee-GW-Editio 2010.1C 2010.10.13 -
Microsoft 1.6201 2010.10.13 -
NOD32 5528 2010.10.13 -
Norman 6.06.07 2010.10.12 -
nProtect 2010-10-13.01 2010.10.13 Trojan-Spy/W32.ZBot.113664.AB
Panda 10.0.2.7 2010.10.13 Trj/Downloader.XWW
PCTools 7.0.3.5 2010.10.13 -
Prevx 3.0 2010.10.13 Medium Risk Malware
Rising 22.69.02.04 2010.10.13 -
Sophos 4.58.0 2010.10.13 -
Sunbelt 7049 2010.10.13 Trojan.Win32.Generic!BT
SUPERAntiSpywar 4.40.0.1006 2010.10.13 -
Symantec 20101.2.0.161 2010.10.13 -
TheHacker 6.7.0.1.056 2010.10.13 Trojan/Spy.Zbot.aqvx
TrendMicro 9.120.0.1004 2010.10.13 -
TrendMicro-HouseCall9.120.0.1004 2010.10.13 -
VBA32 3.12.14.1 2010.10.13 -
ViRobot 2010.9.25.4060 2010.10.13 -
VirusBuster 12.67.14.0 2010.10.12 -

Log:

MD5 : 28daf25b2ceebd13037d92091dcfcc8d
SHA1 : 48043a6f8603fc841cc91b7f84ffd0db5d1336ba
SHA256: 11404d422144a3c76cea5420d5a7708ad817f3999371103c03e419b90a3a6675
ssdeep: 3072gJDIGVL1KvbDwcdLd9aLmBVQu4wsjl8L+:etKvbkOfIu43Q+
File size : 113664 bytes
First seen: 2010-10-13 14:18:59
Last seen : 2010-10-13 14:18:59
TrID:
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
sigcheck:
publisher....: Trend Micro Inc.
copyright....: (c) 2007 Trend Micro Inc
product......: HijackThis
description..: HijackThis
original name: n/a
internal name: HijackThis
file version.: 9.3.9.6
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): UPX
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x21B70
timedatestamp....: 0x317CB5EA (Tue Apr 23 10:50:18 1996)
machinetype......: 0x14c (I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
UPX0, 0x1000, 0x7000, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
UPX1, 0x8000, 0x1A000, 0x19E00, 7.77, cd5c785899d849f9877cc3922888131d
.rsrc, 0x22000, 0x2000, 0x1A00, 5.60, 582112947afc6eb227668b4d5f7bdca2

[[ 4 import(s) ]]
KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
advapi32.dll: RegDeleteKeyA
gdi32.dll: GetPath
user32.dll: GetDC
Prevx Info:
hxxp://info.prevx.com/aboutprogramtext.asp?PX5=E1337269008E3014BCCE01F009D6C5009DE3D90A
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 106496
CompanyName: Trend Micro Inc.
EntryPoint: 0x21b70
FileDescription: HijackThis
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 111 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 9.3.9.6
FileVersionNumber: 9.3.9.6
ImageVersion: 0.0
InitializedDataSize: 8192
InternalName: HijackThis
LanguageCode: Neutral
LegalCopyright: (c) 2007 Trend Micro Inc
LegalTrademarks:
LinkerVersion: 5.8
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Dynamic link library
PEType: PE32
ProductName: HijackThis
ProductVersion: 9.3.9.6
ProductVersionNumber: 9.3.9.6
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 1996:04:23 12:50:18+02:00
UninitializedDataSize: 28672
Symantec reputation:Suspicious.Insight

VT Community

Log von Avenger:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.1 (build 7600)
Wed Oct 13 17:00:08 2010

17:00:08: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
hxxp://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Users\König\AppData\Roaming\Telez\kuga.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Log von Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4811

Windows 6.1.7600
Internet Explorer 9.0.7930.16406

13.10.2010 18:08:05
mbam-log-2010-10-13 (18-08-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 230919
Laufzeit: 49 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\EA GAMES\Die Schlacht um Mittelerde(tm)\LotR BfME 1.03 NoDVD.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

No DVD Crack für Der Heer der Ringe hab ich mal runtergeladen da wir 3 pcs haben und jedes mal ist die DVD woanders drin nur nicht da wo man grad dran is. Ist jetzt aber gelöscht.

Und zu guter letzt Logfile von OTL:die OTL.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10/13/2010 6:19:07 PM - Run 1
OTL by OldTimer - Version 3.2.15.1     Folder = C:\Users\König\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 31.87 Gb Free Space | 22.52% Space Free | Partition Type: NTFS
Drive D: | 141.50 Gb Total Space | 72.36 Gb Free Space | 51.14% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOPWINDOWS7 | User Name: König | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\König\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\König\AppData\Local\Apps\2.0\QNJPYG18.L5A\0DN02096.RX8\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\fritzbox-usb-fernanschluss.exe (AVM Berlin)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe ()
PRC - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
PRC - C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe (NVIDIA)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\AnyPC Client\APLanMgrC.exe (DoctorSoft)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\König\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (nTuneService) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UpdateCenterService) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe (NVIDIA)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (cpuz132) -- C:\Users\KNIG~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (avmaura) -- C:\Windows\System32\drivers\avmaura.sys (AVM Berlin)
DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH)
DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (nvoclock) -- C:\Windows\System32\drivers\nvoclock.sys (NVIDIA Corp.)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation                                            )
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (SABI) -- C:\Windows\System32\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/21 20:24:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/21 20:24:18 | 000,000,000 | ---D | M]
 
[2010/09/21 20:26:03 | 000,000,000 | ---D | M] -- C:\Users\König\AppData\Roaming\mozilla\Extensions
[2010/02/17 21:17:14 | 000,000,000 | ---D | M] -- C:\Users\König\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010/09/21 20:26:03 | 000,000,000 | ---D | M] -- C:\Users\König\AppData\Roaming\mozilla\Firefox\Profiles\ziekxy2w.default\extensions
[2010/09/21 20:24:18 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/09/14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/09/14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/09/14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/09/14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/09/14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {D6E0063B-7B09-45C9-A51D-1FB51840EBE0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\König\AppData\Local\Apps\2.0\QNJPYG18.L5A\0DN02096.RX8\frit..tion_8488884cfbcefd60_0002.0001_383382c5c60b72bd\AVMAutoStart.exe (AVM Berlin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{08bf02d3-0177-11df-af76-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{08bf02d3-0177-11df-af76-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/10/13 17:14:41 | 000,000,000 | ---D | C] -- C:\Users\König\AppData\Roaming\Malwarebytes
[2010/10/13 17:14:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/10/13 17:14:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/10/13 17:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/13 17:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/10 00:26:52 | 000,000,000 | ---D | C] -- C:\Users\König\AppData\Roaming\TwonkyMedia
[2010/10/10 00:16:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/02 18:10:09 | 000,000,000 | ---D | C] -- C:\Users\König\AppData\Roaming\SmartFTP
[2010/10/02 18:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client 4.0 Setup Files
[2010/10/02 14:59:06 | 000,000,000 | ---D | C] -- C:\Users\König\Desktop\Robin.Hood.German.DL.1080p.BluRay.x264-DEFUSED
[2010/09/30 21:33:54 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2010/09/30 21:33:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2010/09/30 21:33:53 | 001,355,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2010/09/30 21:33:53 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript.dll
[2010/09/30 21:33:53 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2010/09/30 21:33:53 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2010/09/30 21:33:53 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2010/09/30 21:33:52 | 002,381,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2010/09/30 21:33:52 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll
[2010/09/30 21:33:52 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2010/09/30 21:33:52 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2010/09/30 21:33:52 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2010/09/30 21:33:52 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2010/09/30 21:33:52 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2010/09/30 21:33:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2010/09/30 21:33:52 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2010/09/30 21:33:51 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2010/09/30 21:33:51 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2010/09/30 21:33:51 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2010/09/30 21:33:50 | 003,695,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2010/09/30 21:33:50 | 000,460,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2010/09/30 21:33:50 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2010/09/30 21:33:50 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2010/09/30 21:33:50 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2010/09/30 21:33:50 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2010/09/30 21:33:49 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2010/09/30 21:33:49 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2010/09/30 21:33:48 | 000,353,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2010/09/30 21:33:47 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2010/09/30 21:33:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2010/09/30 21:33:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2010/09/30 21:33:44 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2010/09/30 21:33:44 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2010/09/30 21:33:44 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2010/09/30 21:33:44 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2010/09/30 21:33:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2010/09/30 21:33:43 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2010/09/30 21:33:43 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2010/09/30 21:33:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2010/09/30 21:33:05 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfreadwrite.dll
[2010/09/30 21:33:04 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mf.dll
[2010/09/30 21:33:04 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL
[2010/09/30 21:32:35 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2010/09/30 21:32:35 | 001,076,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2010/09/30 21:32:35 | 000,804,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FntCache.dll
[2010/09/30 21:32:35 | 000,737,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll
[2010/09/30 21:32:35 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2010/09/30 21:32:07 | 000,279,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2010/09/30 21:32:07 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsRasterService.dll
[2010/09/30 21:31:35 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ExplorerFrame.dll
[2010/09/30 21:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Feedback Tool
[2010/09/26 16:45:50 | 000,000,000 | ---D | C] -- C:\Users\König\Documents\FFOutput
[2010/09/26 16:45:49 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\windows\System32\pncrt.dll
[2010/09/26 16:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\FreeTime
[2010/09/26 15:21:57 | 000,000,000 | ---D | C] -- C:\Users\König\Desktop\Rennspiel
[2010/09/26 13:40:11 | 000,101,248 | ---- | C] (AVM Berlin) -- C:\windows\System32\drivers\avmaura.sys
[2010/09/26 13:39:48 | 000,000,000 | ---D | C] -- C:\Users\König\AppData\Local\Apps
[2010/09/26 13:39:47 | 000,000,000 | ---D | C] -- C:\Users\König\AppData\Local\Deployment
[2010/09/26 12:46:10 | 000,000,000 | ---D | C] -- C:\Users\König\AppData\Roaming\1&1
[2010/09/26 12:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\1&1
[2010/09/25 12:45:14 | 000,000,000 | ---D | C] -- C:\Users\König\Desktop\Mods
[2010/09/25 00:16:03 | 000,000,000 | ---D | C] -- C:\Users\König\Documents\German Truck Simulator
[2010/09/24 23:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\GTS ModManager v1.0 Beta
[2010/09/24 17:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\ZModeler
[2010/09/24 17:51:08 | 001,208,320 | ---- | C] (Zanoza SDT) -- C:\Users\König\Desktop\ZModeler2.exe
[2010/09/24 17:31:23 | 000,237,056 | ---- | C] (MW Publishing) -- C:\windows\System32\mwgfx24.dll
[2010/09/24 17:31:23 | 000,191,488 | ---- | C] (MW Graphics) -- C:\windows\System32\mwgfx.dll
[2010/09/24 17:31:23 | 000,104,960 | ---- | C] (MW Graphics) -- C:\windows\System32\mwdds.dll
[2010/09/24 17:31:23 | 000,056,832 | ---- | C] (MW Graphics) -- C:\windows\System32\mwace.dll
[2010/09/24 17:31:23 | 000,028,672 | ---- | C] (MW Graphics) -- C:\windows\System32\mwgfxcopy.exe
[2010/09/24 17:31:23 | 000,000,000 | ---D | C] -- C:\Graphics
[2010/09/23 20:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\German Truck Simulator
[2010/09/18 20:04:21 | 008,368,928 | ---- | C] (Mozilla) -- C:\Users\König\Desktop\Firefox Setup 3.6.10.exe
[2010/09/18 19:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/09/13 20:54:06 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2010/09/13 20:54:06 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2010/09/13 20:54:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2010/09/13 20:54:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[4 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010/10/13 18:18:03 | 000,020,400 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/13 18:18:03 | 000,020,400 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/13 18:10:36 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/13 18:10:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/10/13 18:10:11 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/13 17:40:01 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/13 17:14:34 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/12 21:59:32 | 000,009,399 | ---- | M] () -- C:\Users\König\Desktop\Unbenannt.png
[2010/10/12 21:03:52 | 000,007,645 | ---- | M] () -- C:\Users\König\AppData\Local\resmon.resmoncfg
[2010/10/12 21:02:07 | 000,042,765 | ---- | M] () -- C:\Users\König\AppData\Local\Perfmon.PerfmonCfg
[2010/10/10 12:42:11 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2010/10/10 12:42:11 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/10/10 12:42:11 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2010/10/10 12:42:11 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/09/26 16:45:30 | 000,001,160 | ---- | M] () -- C:\Users\König\Desktop\Format Factory.lnk
[2010/09/26 13:40:01 | 000,101,248 | ---- | M] (AVM Berlin) -- C:\windows\System32\drivers\avmaura.sys
[2010/09/26 12:44:41 | 000,001,193 | ---- | M] () -- C:\Users\Public\Desktop\1&1 HomeNet-Client.lnk
[2010/09/24 23:37:24 | 000,002,072 | ---- | M] () -- C:\Users\König\Desktop\GTS ModManager v1.0 Beta 2.lnk
[2010/09/24 17:37:27 | 000,131,163 | ---- | M] () -- C:\Users\König\Desktop\audi_rs6.jpg
[2010/09/24 17:32:12 | 000,001,686 | ---- | M] () -- C:\Users\König\Desktop\DXTBmp.lnk
[2010/09/23 20:59:18 | 000,331,288 | ---- | M] () -- C:\windows\System32\drivers\iaStor.sys
[2010/09/23 20:12:53 | 000,001,337 | ---- | M] () -- C:\Users\König\Desktop\German Truck Simulator.lnk
[2010/09/21 20:24:20 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/18 23:25:26 | 000,000,000 | ---- | M] () -- C:\Users\König\Desktop\ccsetup235.exe
[2010/09/18 23:13:02 | 011,237,857 | ---- | M] () -- C:\Users\König\Desktop\hlm-bfme.rar
[2010/09/18 22:59:22 | 000,007,514 | ---- | M] () -- C:\Users\König\Desktop\LotR BfME 1.03 NoDVD.rar
[2010/09/18 20:04:22 | 008,368,928 | ---- | M] (Mozilla) -- C:\Users\König\Desktop\Firefox Setup 3.6.10.exe
[2010/09/18 19:43:00 | 005,507,991 | ---- | M] () -- C:\Users\König\Desktop\flash1018276.zip
[2010/09/18 19:34:24 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/16 20:27:46 | 032,959,849 | ---- | M] () -- C:\Users\König\Desktop\GT-S8500 Disassembly_20100430_English.rar
[2010/09/16 17:31:26 | 019,657,194 | ---- | M] () -- C:\Users\König\Desktop\vlc-1.1.4-win32.exe
[4 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/10/13 17:14:34 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/12 21:59:32 | 000,009,399 | ---- | C] () -- C:\Users\König\Desktop\Unbenannt.png
[2010/10/12 21:02:07 | 000,042,765 | ---- | C] () -- C:\Users\König\AppData\Local\Perfmon.PerfmonCfg
[2010/09/30 21:33:45 | 000,072,533 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2010/09/26 16:45:30 | 000,001,160 | ---- | C] () -- C:\Users\König\Desktop\Format Factory.lnk
[2010/09/26 12:44:41 | 000,001,193 | ---- | C] () -- C:\Users\Public\Desktop\1&1 HomeNet-Client.lnk
[2010/09/24 23:37:24 | 000,002,072 | ---- | C] () -- C:\Users\König\Desktop\GTS ModManager v1.0 Beta 2.lnk
[2010/09/24 17:37:27 | 000,131,163 | ---- | C] () -- C:\Users\König\Desktop\audi_rs6.jpg
[2010/09/24 17:31:23 | 000,001,686 | ---- | C] () -- C:\Users\König\Desktop\DXTBmp.lnk
[2010/09/23 20:12:53 | 000,001,337 | ---- | C] () -- C:\Users\König\Desktop\German Truck Simulator.lnk
[2010/09/21 20:24:20 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/18 23:25:26 | 000,000,000 | ---- | C] () -- C:\Users\König\Desktop\ccsetup235.exe
[2010/09/18 23:12:56 | 011,237,857 | ---- | C] () -- C:\Users\König\Desktop\hlm-bfme.rar
[2010/09/18 22:59:01 | 000,007,514 | ---- | C] () -- C:\Users\König\Desktop\LotR BfME 1.03 NoDVD.rar
[2010/09/18 19:42:36 | 005,507,991 | ---- | C] () -- C:\Users\König\Desktop\flash1018276.zip
[2010/09/18 19:33:51 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/17 17:11:26 | 540,988,625 | ---- | C] () -- C:\Users\König\Desktop\sow-avatar.1080p.mkv
[2010/09/16 20:27:45 | 032,959,849 | ---- | C] () -- C:\Users\König\Desktop\GT-S8500 Disassembly_20100430_English.rar
[2010/09/16 17:30:51 | 019,657,194 | ---- | C] () -- C:\Users\König\Desktop\vlc-1.1.4-win32.exe
[2010/08/29 15:45:55 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6
[2010/03/06 16:52:25 | 000,007,680 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2010/03/01 19:33:57 | 000,007,645 | ---- | C] () -- C:\Users\König\AppData\Local\resmon.resmoncfg
[2010/02/15 23:49:47 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/02/15 23:31:41 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/12/05 02:03:10 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/12/05 02:02:05 | 000,000,110 | ---- | C] () -- C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
[2009/12/05 02:01:10 | 000,000,106 | ---- | C] () -- C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
[2009/12/05 01:58:43 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/12/05 01:57:40 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/12/05 01:57:13 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/12/05 01:50:49 | 000,331,288 | ---- | C] () -- C:\windows\System32\drivers\iaStor.sys
[2009/09/28 11:22:00 | 000,315,392 | ---- | C] () -- C:\windows\System32\drivers\yk62x86.sys
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[1996/04/03 21:33:26 | 000,005,248 | ---- | C] () -- C:\windows\System32\giveio.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:1D32EC29
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E1F04E8D

< End of report >
         
--- --- ---

Und jetzt die Extras.txtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10/13/2010 6:19:07 PM - Run 1
OTL by OldTimer - Version 3.2.15.1     Folder = C:\Users\König\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 31.87 Gb Free Space | 22.52% Space Free | Partition Type: NTFS
Drive D: | 141.50 Gb Total Space | 72.36 Gb Free Space | 51.14% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOPWINDOWS7 | User Name: König | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{022F6097-A053-4B1B-BE50-3AADE4116B92}" = Opera 10.50
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{491DD6C9-AAD5-4688-92DC-EF441EB1EEAB}" = Yellometer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B74DF3F-B937-4733-98DD-F57D6D7D6A00}_is1" = My Program version 1.5
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5675A9E-F073-414A-9A04-F9BCD50459D7}" = Easy Network Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"1&1 HomeNet-Client" = 1&1 HomeNet-Client
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Premium Security Suite
"CCleaner" = CCleaner
"EPSON BX600FW Series" = Druckerdeinstallation für EPSON BX600FW Series
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"FormatFactory" = FormatFactory 2.50
"German Truck Simulator" = German Truck Simulator 1.00
"GTS ModManager v1.0 Beta 2" = GTS ModManager v1.0 Beta 2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Star Defender 4 1.00" = Star Defender 4 1.00
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---


Puh endlich geshchafft. Hoffe blickt jemand durch.
__________________

Alt 14.10.2010, 06:51   #4
Chris4You
 
Verdächtigte Datei kuga.exe? - Standard

Verdächtigte Datei kuga.exe?



Hi,

bei Verwendung von illegaler SW (Cracks etc.) dürfen wir hier nicht weiter helfen, beim schnell-drüber-scahuen ist mir nichts aufgefallen...

chris&out
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 14.10.2010, 11:58   #5
AntiVir Prem
 
Verdächtigte Datei kuga.exe? - Standard

Verdächtigte Datei kuga.exe?



hi, heißt das ich uber dieses board keine hilfe mehr erhalte? Ist etz ja gelöscht. Was man von der ganzen Software erfärt die ganze sw was man deinytalliert hat ist ja wahnsinn


Antwort

Themen zu Verdächtigte Datei kuga.exe?
antivir, antivir guard, avg, avira, bho, blockiert, desktop, encrypted, firefox, google, hijack, hijackthis, internet, internet explorer, logfile, monitor, mozilla, performance, problem, realtek, rundll, script virus, senden, software, system, virus, windows



Ähnliche Themen: Verdächtigte Datei kuga.exe?


  1. scr. Datei heruntergeladen, Link war als png. Datei angegeben
    Plagegeister aller Art und deren Bekämpfung - 05.01.2015 (3)
  2. Windows7 X64: Antivir Fund: "TR/Spy.ZBot.aaop" Meldung: Zugriff auf Datei wurde blockiert. Datei war in E-Mail- Anhang.
    Log-Analyse und Auswertung - 28.11.2013 (9)
  3. Mahnung von www.wahlbusch.de zip-Datei und darin enthaltene Datei geöffnet
    Log-Analyse und Auswertung - 18.04.2013 (7)
  4. OTL erzeugt keine Extra.txt-Datei, nur die OTL.txt-Datei
    Plagegeister aller Art und deren Bekämpfung - 28.02.2013 (27)
  5. Photshop datei von Adebo geladen und TROJ_GEN.RC1H1AV in der Datei gefunden
    Log-Analyse und Auswertung - 11.02.2013 (1)
  6. H1N1 Datei fehlt in meiner rundll Datei, was tun?
    Log-Analyse und Auswertung - 19.01.2013 (13)
  7. Avira findet TR/ATRAPS.gen kann die Datei aber nicht löschen. Wie bekomme ich die Datei vom System?
    Plagegeister aller Art und deren Bekämpfung - 25.06.2012 (1)
  8. Datei: Postetikett#1485-245DE.zip Datei herunterladen
    Log-Analyse und Auswertung - 14.06.2012 (1)
  9. Glaube Verschlüsslungstrojaner(vor Datei locked nach datei pffp und andere änderungen)
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  10. BKA Trojaner - habe mit OTLpe txt Datei erstellt - benötige nun eine "FIX-Datei"?
    Log-Analyse und Auswertung - 11.10.2011 (1)
  11. ICQ- SCR Datei
    Plagegeister aller Art und deren Bekämpfung - 29.12.2009 (1)
  12. Trojaner in .rar Datei! Bitte um Analyse dieser Datei!!!
    Plagegeister aller Art und deren Bekämpfung - 23.08.2009 (12)
  13. Datei T.COM ?
    Mülltonne - 30.11.2008 (1)
  14. SPYBOT LOG DATEI mysteriös. bitte um auswertung der HIJACKTHIS LOG DATEI
    Log-Analyse und Auswertung - 29.01.2008 (0)
  15. 3 MB große Datei test.txt-Datei auf C:
    Plagegeister aller Art und deren Bekämpfung - 21.01.2007 (11)
  16. datei
    Antiviren-, Firewall- und andere Schutzprogramme - 27.12.2004 (4)
  17. Trojaner in datei gefunden (datei aber nicht vorhanden)
    Plagegeister aller Art und deren Bekämpfung - 29.11.2004 (2)

Zum Thema Verdächtigte Datei kuga.exe? - Guten Abend, bin neu im Forum und hab ein Problem mit Firefox und zwar der öffnet immer von alleine Seiten dann blockiert die Firewall die Seite. Firewall ist die von - Verdächtigte Datei kuga.exe?...
Archiv
Du betrachtest: Verdächtigte Datei kuga.exe? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.