Zurück   Trojaner-Board > Archiv - Kein Posten möglich > Mülltonne
CyberGate\install\server.exe

CyberGate\install\server.exe


Mülltonne: CyberGate\install\server.exe

Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne...

 
Alt 08.01.2011, 14:36   #1
sven77
 
CyberGate\install\server.exe - Standard

CyberGate\install\server.exe


hallo ,

habe gestern abend ein tolles erlebniss, rechner an und nebenbei telefoniert auf einmal öffnet sich ein fenster ,

client sent : du kannst aber schön telefonieren, das was es fahre jetzt dein pc runter, darauf würde der pc ferngesteuert herunter gefahren

daraufhin hab ich erstmal internet getrennt und norten drüber laufen lassen ,leider nix ,dann stellte ich durch zufall fest das ein ordner namens :

C:\directory\CyberGate\install\server.exe

auf der festplatte war, hab den ordner gelöscht (weis nicht ok das jetzt ok war), dann hier auf dem board schon mal eine kleine anleitung gefunden wie man handeln sollte ,hab Malwarebytes und otl mal drüber laufen lassen ,vieleicht kann mal jemand schauen ob ich den warscheinlichen virus oder trojaner los bin oder der mir rat geben was ich noch machen kann.

danke schonmal im vorraus,schön das es so ein board gibt


also das MBAM logfile:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5481

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08.01.2011 12:22:40
mbam-log-2011-01-08 (12-22-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 267272
Laufzeit: 8 Stunde(n), 37 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:

c:\Users\Caroline\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.


OTL.txt:

OTL logfile created on: 08.01.2011 12:30:51 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Caroline\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 210,83 Gb Total Space | 139,36 Gb Free Space | 66,10% Space Free | Partition Type: NTFS
Drive D: | 122,79 Gb Total Space | 37,99 Gb Free Space | 30,94% Space Free | Partition Type: NTFS
Drive E: | 117,19 Gb Total Space | 75,48 Gb Free Space | 64,41% Space Free | Partition Type: NTFS

Computer Name: CAROLINE-PC | User Name: Caroline | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Caroline\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Wi-Fi Sync\wifisync.exe ()
PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
PRC - C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Program Files\CONEXANT\SAII\SmartAudio.exe (Conexant Systems, Inc)
PRC - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
PRC - \\?\C:\windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)


========== Modules (SafeList) ==========

MOD - C:\Users\Caroline\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (Lenovo ReadyComm ConnSvc) -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
SRV - (Lenovo ReadyComm AppSvc) -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
SRV - (IGRS) -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (ReadyComm.DirectRouter) -- C:\windows\System32\IgrsSvcs.exe (Microsoft Corporation)
SRV - (PS_MDP) -- C:\windows\System32\IgrsSvcs.exe (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)


========== Driver Services (SafeList) ==========

DRV - (WinRing0_1_2_0) -- D:\test\ECECECEC\WinRing0.sys File not found
DRV - (USBCCID) -- C:\windows\System32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- C:\windows\System32\DRIVERS\Rts516xIR.sys File not found
DRV - (RSUSBSTOR) -- C:\windows\System32\Drivers\RtsUStor.sys File not found
DRV - (hwdatacard) -- C:\windows\System32\DRIVERS\ewusbmdm.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110107.037\navex15.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110107.037\naveng.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101123.003\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110107.002\IDSvix86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\windows\system32\drivers\NIS\1201000.025\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS (Symantec Corporation)
DRV - (SymNetS) -- C:\windows\system32\drivers\NIS\1201000.025\SYMNETS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\windows\system32\drivers\NIS\1201000.025\Ironx86.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\windows\system32\drivers\NIS\1201000.025\SYMDS.SYS (Symantec Corporation)
DRV - (funfrm) -- C:\windows\System32\drivers\funfrm.sys ()
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (usbsmi) -- C:\Windows\System32\drivers\SMIksdrv.sys (SMI)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Bridge0) -- C:\Windows\System32\drivers\wdbridge.sys (Lenovo)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
DRV - (wdmirror) -- C:\Windows\System32\drivers\WDMirror.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.king.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:1.0.2
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011.01.08 01:40:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011.01.08 01:39:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.10 17:12:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.15 23:22:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.01.01 18:48:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2010.08.02 06:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caroline\AppData\Roaming\mozilla\Extensions
[2010.08.01 19:09:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caroline\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.02 06:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caroline\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.01.08 02:09:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caroline\AppData\Roaming\mozilla\Firefox\Profiles\6t4kdac6.default\extensions
[2010.07.31 13:09:31 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Caroline\AppData\Roaming\mozilla\Firefox\Profiles\6t4kdac6.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010.12.13 23:45:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Caroline\AppData\Roaming\mozilla\Firefox\Profiles\6t4kdac6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.14 23:09:02 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\Users\Caroline\AppData\Roaming\mozilla\Firefox\Profiles\6t4kdac6.default\extensions\finder@meingu tscheincode.de
[2010.07.31 13:09:42 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\Caroline\AppData\Roaming\mozilla\Firefox\Profiles\6t4kdac6.default\extensions\noia2_option@ kk.noia
[2010.08.01 07:23:29 | 000,001,819 | ---- | M] () -- C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\6t4kdac6.default\searchplugins\bing.xml
[2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\6t4kdac6.default\searchplugins\conduit.xm l
[2010.08.08 11:06:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.08 11:06:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.08 11:02:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.08.08 11:02:33 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.09.25 08:41:02 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.25 08:41:02 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.25 08:41:02 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.25 08:41:02 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.25 08:41:02 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.11.05 22:50:38 | 000,000,877 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wi-Fi Sync] C:\Program Files\Wi-Fi Sync\wifisync.exe ()
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9370a121-e05c-11df-b766-88ae1d2327b5}\Shell - "" = AutoRun
O33 - MountPoints2\{a920121b-b071-11df-baf4-88ae1d2327b5}\Shell - "" = AutoRun
O33 - MountPoints2\{a920121b-b071-11df-baf4-88ae1d2327b5}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{a920123a-b071-11df-baf4-88ae1d2327b5}\Shell - "" = AutoRun
O33 - MountPoints2\{a920123a-b071-11df-baf4-88ae1d2327b5}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.01.08 12:28:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Caroline\Desktop\OTL.exe
[2011.01.08 03:43:15 | 000,000,000 | ---D | C] -- C:\Users\Caroline\AppData\Roaming\Malwarebytes
[2011.01.08 03:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.08 03:42:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011.01.08 03:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.08 03:42:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011.01.08 03:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.01.08 02:20:36 | 000,000,000 | ---D | C] -- C:\Users\Caroline\AppData\Roaming\Tific
[2011.01.08 02:20:32 | 000,000,000 | ---D | C] -- C:\Users\Caroline\AppData\Local\Symantec
[2011.01.08 01:57:57 | 000,295,032 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1205000.07D\symnets.sys
[2011.01.08 01:57:56 | 000,652,336 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1205000.07D\symefa.sys
[2011.01.08 01:57:56 | 000,509,560 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1205000.07D\srtsp.sys
[2011.01.08 01:57:56 | 000,340,016 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1205000.07D\symds.sys
[2011.01.08 01:57:56 | 000,136,312 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1205000.07D\ironx86.sys
[2011.01.08 01:57:56 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1205000.07D\srtspx.sys
[2011.01.08 01:57:25 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS\1205000.07D
[2011.01.08 01:40:32 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2011.01.08 01:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011.01.08 01:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011.01.08 01:40:18 | 000,666,672 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\SymEFA.sys
[2011.01.08 01:40:18 | 000,294,448 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\symnets.sys
[2011.01.08 01:40:17 | 000,489,008 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\srtsp.sys
[2011.01.08 01:40:17 | 000,339,504 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\SymDS.sys
[2011.01.08 01:40:17 | 000,134,704 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\Ironx86.sys
[2011.01.08 01:40:17 | 000,050,096 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1201000.025\srtspx.sys
[2011.01.08 01:39:48 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS
[2011.01.08 01:39:48 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS\1201000.025
[2011.01.08 01:39:44 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011.01.08 01:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011.01.08 01:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011.01.08 01:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011.01.08 01:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011.01.08 01:28:54 | 000,000,000 | ---D | C] -- C:\Users\Caroline\AppData\Local\ESET
[2011.01.08 00:34:24 | 000,000,000 | ---D | C] -- C:\Users\Caroline\AppData\Roaming\ESET
[2010.12.19 19:32:24 | 000,000,000 | ---D | C] -- C:\Users\Caroline\Desktop\Kinderlieder
[2010.12.15 07:22:57 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2010.12.15 07:22:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2010.12.15 07:21:20 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2010.12.15 07:21:18 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2010.12.15 07:21:18 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2010.12.15 07:21:18 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2010.12.15 07:21:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2010.12.15 07:21:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2010.12.15 07:21:17 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2010.12.15 07:21:17 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2010.12.15 07:21:17 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2010.12.15 07:21:17 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2010.12.15 07:21:17 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2010.12.15 07:20:37 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskschd.dll
[2010.12.15 07:20:37 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmicmiplugin.dll
[2010.12.15 07:20:36 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskcomp.dll
[2010.12.15 07:20:36 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schtasks.exe
[2010.12.15 07:20:15 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2010.12.15 07:20:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2010.12.15 07:19:35 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webio.dll
[2010.12.15 07:19:15 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\consent.exe
[2010.12.09 19:15:41 | 000,000,000 | ---D | C] -- C:\Users\Caroline\Desktop\Golf

========== Files - Modified Within 30 Days ==========

[2011.01.08 12:34:08 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.08 12:34:08 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.08 12:30:46 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011.01.08 12:30:46 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011.01.08 12:30:46 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011.01.08 12:30:46 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011.01.08 12:26:23 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2011.01.08 12:26:13 | 1579,626,496 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.08 03:42:55 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.08 03:10:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Caroline\Desktop\OTL.exe
[2011.01.08 01:41:15 | 001,053,804 | ---- | M] () -- C:\windows\System32\drivers\NIS\1201000.025\Cat.DB
[2011.01.08 01:40:32 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2011.01.08 01:40:32 | 000,007,456 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2011.01.08 01:40:32 | 000,000,805 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2011.01.08 01:40:25 | 000,002,495 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011.01.07 21:09:57 | 000,020,274 | -H-- | M] () -- C:\Users\Caroline\AppData\Roaming\Carolinelog.dat
[2011.01.07 12:18:50 | 000,000,600 | ---- | M] () -- C:\Users\Caroline\AppData\Roaming\winscp.rnd
[2011.01.01 20:02:11 | 000,024,576 | ---- | M] () -- C:\Users\Caroline\Desktop\Urlaub 2011.doc
[2010.12.22 09:34:18 | 000,013,824 | ---- | M] () -- C:\Users\Caroline\Desktop\Kopie von Telefonnummern.xls
[2010.12.20 19:30:13 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010.12.17 09:36:44 | 000,025,600 | ---- | M] () -- C:\Users\Caroline\Desktop\Liste Babysachen.doc
[2010.12.16 12:38:23 | 000,029,696 | ---- | M] () -- C:\Users\Caroline\Desktop\mama rechnungen zum überweisen.doc
[2010.12.16 00:37:36 | 000,427,224 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010.12.14 13:08:46 | 195,597,311 | ---- | M] () -- C:\windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2011.01.08 03:42:55 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.08 01:57:56 | 000,007,458 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\symnet.cat
[2011.01.08 01:57:56 | 000,007,456 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\symefa.cat
[2011.01.08 01:57:56 | 000,007,454 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\srtspx.cat
[2011.01.08 01:57:56 | 000,007,450 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\symds.cat
[2011.01.08 01:57:56 | 000,007,450 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\srtsp.cat
[2011.01.08 01:57:56 | 000,003,374 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\symefa.inf
[2011.01.08 01:57:56 | 000,002,792 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\symds.inf
[2011.01.08 01:57:56 | 000,001,446 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\symnet.inf
[2011.01.08 01:57:56 | 000,001,389 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\srtspx.inf
[2011.01.08 01:57:56 | 000,001,383 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\srtsp.inf
[2011.01.08 01:57:55 | 000,007,528 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\iron.cat
[2011.01.08 01:57:55 | 000,000,742 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\iron.inf
[2011.01.08 01:57:25 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\NIS\1205000.07D\isolate.ini
[2011.01.08 01:40:34 | 001,053,804 | ---- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\Cat.DB
[2011.01.08 01:40:32 | 000,007,456 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2011.01.08 01:40:32 | 000,000,805 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2011.01.08 01:40:25 | 000,002,495 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011.01.08 01:39:56 | 000,003,373 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymEFA.inf
[2011.01.08 01:39:56 | 000,002,792 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymDS.inf
[2011.01.08 01:39:56 | 000,001,445 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymNet.inf
[2011.01.08 01:39:56 | 000,001,389 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\srtspx.inf
[2011.01.08 01:39:56 | 000,001,383 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\srtsp.inf
[2011.01.08 01:39:56 | 000,000,741 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\Iron.inf
[2011.01.08 01:39:48 | 000,007,446 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymNet.cat
[2011.01.08 01:39:48 | 000,007,444 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymEFA.cat
[2011.01.08 01:39:48 | 000,007,442 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\srtspx.cat
[2011.01.08 01:39:48 | 000,007,438 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\SymDS.cat
[2011.01.08 01:39:48 | 000,007,438 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\srtsp.cat
[2011.01.08 01:39:48 | 000,007,438 | R--- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\iron.cat
[2011.01.08 01:39:48 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\NIS\1201000.025\isolate.ini
[2011.01.01 20:02:11 | 000,024,576 | ---- | C] () -- C:\Users\Caroline\Desktop\Urlaub 2011.doc
[2010.12.22 09:34:18 | 000,013,824 | ---- | C] () -- C:\Users\Caroline\Desktop\Kopie von Telefonnummern.xls
[2010.12.17 09:36:44 | 000,025,600 | ---- | C] () -- C:\Users\Caroline\Desktop\Liste Babysachen.doc
[2010.12.16 12:38:23 | 000,029,696 | ---- | C] () -- C:\Users\Caroline\Desktop\mama rechnungen zum überweisen.doc
[2010.11.04 00:03:37 | 000,003,584 | ---- | C] () -- C:\Users\Caroline\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.26 14:48:49 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll
[2010.10.26 14:48:49 | 000,036,608 | ---- | C] () -- C:\windows\System32\FsUsbExDisk.Sys
[2010.10.05 18:11:16 | 000,000,600 | ---- | C] () -- C:\Users\Caroline\AppData\Roaming\winscp.rnd
[2010.08.01 18:37:42 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
[2010.07.31 12:42:28 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2010.05.13 19:40:02 | 001,410,312 | ---- | C] () -- C:\windows\System32\IcnOvrly.dll
[2010.05.13 19:40:02 | 000,660,744 | ---- | C] () -- C:\windows\System32\EncIcons.dll
[2010.05.13 19:40:02 | 000,513,288 | ---- | C] () -- C:\windows\System32\SimpleExt.dll
[2010.05.13 19:40:01 | 002,110,728 | ---- | C] () -- C:\windows\System32\Apblend.dll
[2010.05.13 19:40:01 | 001,171,456 | ---- | C] () -- C:\windows\System32\PicNotify.dll
[2010.05.13 19:39:46 | 001,044,480 | ---- | C] () -- C:\windows\System32\3DImageRenderer.dll
[2010.05.13 19:39:14 | 000,057,344 | ---- | C] () -- C:\windows\AsfHelper.dll
[2010.05.13 19:39:14 | 000,054,800 | ---- | C] () -- C:\windows\System32\drivers\funfrm.sys
[2010.05.13 19:38:59 | 000,163,840 | ---- | C] () -- C:\windows\System32\SM37XCoInst.dll
[2010.05.13 19:37:23 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll
[2010.05.13 19:33:04 | 000,016,648 | R--- | C] () -- C:\windows\System32\LogAPI.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\windows\System32\drivers\StarOpen.sys
[2005.04.08 03:16:43 | 000,020,274 | -H-- | C] () -- C:\Users\Caroline\AppData\Roaming\Carolinelog.dat
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI

< End of report >


und Extras.txt:


OTL Extras logfile created on: 08.01.2011 12:30:51 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Caroline\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 210,83 Gb Total Space | 139,36 Gb Free Space | 66,10% Space Free | Partition Type: NTFS
Drive D: | 122,79 Gb Total Space | 37,99 Gb Free Space | 30,94% Space Free | Partition Type: NTFS
Drive E: | 117,19 Gb Total Space | 75,48 Gb Free Space | 64,41% Space Free | Partition Type: NTFS

Computer Name: CAROLINE-PC | User Name: Caroline | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{11C88EEC-23FC-4181-B6E4-22247E2ABD28}" = Microsoft Expression Web 3
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3516C69A-024D-42A8-B948-FFAA7B9CC49A}" = Windows SideShow Managed Runtime 1.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{49F3D04B-B849-4C89-AB31-2366A004EA28}" = Broadcom Gigabit Integrated Controller
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit June 2009 (Version 3.5.40619.1)
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7AA5E78D-BE64-4EA2-9CA7-DE37DCB3009A}" = Microsoft Expression Blend 3 SDK
"{7C668763-D786-460C-8921-079B8954C352}" = Microsoft Expression Studio 3
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{850C957B-9E1C-4B19-9B66-0013E9B50879}" = Live Messenger Gadget for SideShow
"{857DA860-472D-483E-AC6E-B9D7DDCDB0BA}" = Microsoft Expression Design 3
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1C4F4F3-067B-4E16-87AB-1DF79D287126}" = Microsoft Expression Blend 3
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{E8FC40D9-D7E5-49FC-B58C-D366A3F35874}" = Microsoft Expression Encoder 3
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Lenovo EasyCamera
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Blend_3.0.1938.0" = Microsoft Expression Blend 3
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Design_6.0.1739.0" = Microsoft Expression Design 3
"EasyCapture4.0" = EasyCapture
"Encoder_3.0.1332.0" = Microsoft Expression Encoder 3
"ExpressionStudio_3.0.1064.0" = Microsoft Expression Studio 3
"FileZilla Client" = FileZilla Client 3.3.3
"Grewe Scanner-Interface_is1" = Grewe Scanner-Interface 3.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"NIS" = Norton Internet Security
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"TomTom HOME" = TomTom HOME 2.7.6.2056
"TuneUp Utilities" = TuneUp Utilities
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.1.2
"Web_3.0.3813.0" = Microsoft Expression Web 3
"Wi-Fi Sync" = Wi-Fi Sync
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.9
"XMedia Recode" = XMedia Recode 2.2.7.7

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Alt 09.01.2011, 16:35   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
CyberGate\install\server.exe - Standard

CyberGate\install\server.exe


Hier gehts weiter => http://www.trojaner-board.de/94586-c...tml#post607943
__________________

__________________
 

Themen zu CyberGate\install\server.exe
adblock, antivir, autorun, avgntflt.sys, avira, bho, bonjour, conhost.exe, corp./icp, defender, error, eset smart security, extras.txt, ferngesteuert, festplatte, firefox, firefox.exe, flash player, fontcache, format, helper, iastor.sys, install.exe, internet, intrusion prevention, jdownloader, lenovo, libusb0.sys, location, logfile, mozilla, mozilla thunderbird, nvstor.sys, oldtimer, otl.exe, plug-in, programdata, realtek, registry, rundll, saver, scan, sched.exe, searchplugins, security, shell32.dll, software, start menu, studio, symantec, taskhost.exe, telefonnummer, temp, trojaner, usb 2.0, virus, visual studio, vlc media player, webcheck


« Wie kann man in den Port 139? | TR/Crypt.XPACK.Gen3 in imezezoc.dll OTL-File ist da! »


Ähnliche Themen: CyberGate\install\server.exe


  1. Cybergate für Internet-Surf-Stick
    Diskussionsforum - 10.08.2014 (15)
  2. Verdacht auf Cybergate
    Plagegeister aller Art und deren Bekämpfung - 30.11.2012 (11)
  3. C:\Windows\install\server.exe startet beim start? CMD Fenster? Trojaner, Virus?
    Plagegeister aller Art und deren Bekämpfung - 29.11.2012 (5)
  4. C:\dir\install\install\Windows Update.exe
    Log-Analyse und Auswertung - 23.11.2011 (36)
  5. C:/directory/cybergate/install/server.exe
    Plagegeister aller Art und deren Bekämpfung - 10.06.2011 (1)
  6. Trojaner C:\windows\system32\install\server.exe
    Plagegeister aller Art und deren Bekämpfung - 28.05.2011 (1)
  7. Fieser Trojaner C:\Windows\install\server.exe
    Plagegeister aller Art und deren Bekämpfung - 07.03.2011 (10)
  8. CyberGate Trojaner
    Plagegeister aller Art und deren Bekämpfung - 01.02.2011 (1)
  9. C:\directory\CyberGate\install\server.exe
    Log-Analyse und Auswertung - 12.01.2011 (20)
  10. C:\directory\CyberGate\install\server.exe
    Plagegeister aller Art und deren Bekämpfung - 23.12.2010 (5)
  11. c:/directory/cybergate/install/server
    Plagegeister aller Art und deren Bekämpfung - 04.12.2010 (18)
  12. CyberGate RAT Trojaner, entlich entfernt ?
    Log-Analyse und Auswertung - 07.09.2010 (10)
  13. C:\Windows\install\server.exe entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.05.2010 (2)
  14. HKCU/HKLM - C:\dir\install\server.exe
    Log-Analyse und Auswertung - 10.03.2010 (7)
  15. dir\install\server.exe - Windows langsam, Firewall aus?!
    Plagegeister aller Art und deren Bekämpfung - 09.03.2010 (4)
  16. Ftp server (Filezilla / Quick n´easy FTP server lite)
    Alles rund um Windows - 10.01.2009 (7)
  17. ist es möglich über ein 2.install.windows die daten der 1. windows install.zu retten?
    Alles rund um Windows - 11.11.2007 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema CyberGate\install\server.exe - hallo , habe gestern abend ein tolles erlebniss, rechner an und nebenbei telefoniert auf einmal öffnet sich ein fenster , client sent : du kannst aber schön telefonieren, das was - CyberGate\install\server.exe...
Archiv
Du betrachtest: CyberGate\install\server.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129