Facebook Virus!

Indersuppe · 07.03.2011, 22:23

Hallo Leute,

Ich hab bei Facebook einen Link bekommen und den direkt angeklickt, da er von einem Freund kam. Ein Kumpel der dann von mir die gleiche Nachricht bekommen hat, hat gemeint ich hab mir einen Trojaner eingefangen. Er hat mir auch gleich den Link von dem Board hier geschickt. Hab den MFT ordner runter geladen. Hab die Anleitung befolgt und nun 3 .txt files bekommen.

MBAM Log

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

17.11.2010 23:13:37
mbam-log-2010-11-17 (23-13-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 56206
Laufzeit: 13 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files (x86)\Cheat Engine\Systemcallretriever.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\Anno1404_Crack.exe (Trojan.Bancos) -> Quarantined and deleted successfully.

OTL.txt

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 07.03.2011 21:54:17 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Matze\Desktop\MFTools
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69,77 Gb Total Space | 16,31 Gb Free Space | 23,37% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 112,77 Gb Free Space | 75,66% Space Free | Partition Type: NTFS
Drive E: | 69,52 Gb Total Space | 9,61 Gb Free Space | 13,82% Space Free | Partition Type: NTFS
Drive F: | 625,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MATZE-PC | User Name: Matze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.03.07 21:19:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Matze\Desktop\MFTools\OTL.exe
PRC - [2011.01.05 22:19:02 | 003,370,296 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2010.12.06 08:31:52 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010.11.02 15:26:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.02 15:26:40 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.02 15:26:40 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.06.24 15:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009.10.27 08:26:36 | 000,657,408 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009.10.27 08:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.10.27 08:14:22 | 000,128,000 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2009.09.05 16:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.03.07 21:19:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Matze\Desktop\MFTools\OTL.exe
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.02.25 18:37:16 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010.12.06 08:31:50 | 002,101,640 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.11.02 15:26:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.02 15:26:40 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.06.24 15:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.07 13:26:36 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.02.25 18:42:00 | 001,398,088 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.02.25 18:37:08 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.10.27 08:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- E:\Programme\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.01.04 16:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.11.28 23:47:09 | 000,508,472 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.11.02 15:26:41 | 000,081,584 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.05.01 07:51:14 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.04.27 03:25:22 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm)
DRV:64bit: - [2010.04.27 03:25:22 | 000,129,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM)
DRV:64bit: - [2010.04.27 03:25:22 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV:64bit: - [2010.04.27 03:25:22 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl)
DRV:64bit: - [2010.03.02 11:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.01.24 16:44:17 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.01.24 16:44:17 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.10.06 10:53:56 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2009.10.06 10:53:54 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 02:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.08.28 10:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2006.11.18 13:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV - [2011.01.04 16:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.10.14 07:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 09 37 0F 7C 6C CA 01 [binary data]
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {64e8cc5b-20db-4212-8320-178fc5ae71f7}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.25 10:49:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.26 21:22:25 | 000,000,000 | ---D | M]
 
[2010.05.29 15:00:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Extensions
[2010.05.29 15:00:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.03.06 22:52:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\ys8ja0id.default\extensions
[2010.05.09 12:12:35 | 000,000,000 | ---D | M] (FaceMod Dislike Button) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\ys8ja0id.default\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7}
[2011.02.01 17:54:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\ys8ja0id.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.08 10:29:10 | 000,000,927 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\ys8ja0id.default\searchplugins\conduit.xml
[2011.03.06 10:51:16 | 000,000,950 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\ys8ja0id.default\searchplugins\icqplugin-1.xml
[2010.06.26 13:25:46 | 000,000,950 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\ys8ja0id.default\searchplugins\icqplugin-2.xml
[2010.06.30 22:36:55 | 000,000,950 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\ys8ja0id.default\searchplugins\icqplugin-3.xml
[2010.07.22 17:15:08 | 000,000,950 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\ys8ja0id.default\searchplugins\icqplugin-4.xml
[2010.07.25 08:51:06 | 000,000,950 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\ys8ja0id.default\searchplugins\icqplugin-5.xml
[2010.09.15 20:33:38 | 000,000,950 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\ys8ja0id.default\searchplugins\icqplugin-6.xml
[2010.09.28 20:32:59 | 000,000,950 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\ys8ja0id.default\searchplugins\icqplugin-7.xml
[2010.06.21 16:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\ys8ja0id.default\searchplugins\icqplugin.xml
[2011.03.06 22:52:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.01.26 21:22:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.01.26 21:22:17 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2006.09.26 12:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010.06.26 13:25:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.26 13:25:34 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.26 13:25:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.26 13:25:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.26 13:25:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [TrayServer] E:\Programme\Magix\Trayserver.exe (MAGIX AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - File not found
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.08.28 15:53:21 | 000,000,067 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{541addcc-d86c-11de-a499-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{541addcc-d86c-11de-a499-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Starter.exe -- [2003.08.28 16:23:46 | 000,237,568 | R--- | M] (Spellbound Entertainment AG)
O33 - MountPoints2\{a93bc078-e5cc-11de-8815-001b38583493}\Shell - "" = AutoRun
O33 - MountPoints2\{a93bc078-e5cc-11de-8815-001b38583493}\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.07 21:37:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.03.07 21:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\ERUNT
[2011.03.07 21:36:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011.03.07 21:19:35 | 000,000,000 | ---D | C] -- C:\Users\Matze\Desktop\MFTools
[2011.03.07 19:51:11 | 000,000,000 | ---D | C] -- C:\Users\Matze\Citrix
[2011.03.03 23:22:19 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\.minecraft
[2011.03.01 17:23:53 | 000,000,000 | ---D | C] -- C:\Temp
[2011.03.01 17:16:30 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\Samsung
[2011.03.01 16:27:40 | 000,025,960 | ---- | C] (Teruten Inc) -- C:\Windows\SysNative\FsExService64.exe
[2011.03.01 16:27:32 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2011.03.01 16:27:25 | 000,820,560 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2011.02.08 18:08:05 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.07 21:38:27 | 000,019,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.07 21:38:27 | 000,019,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.07 21:36:46 | 000,001,068 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.03.07 21:36:39 | 000,000,888 | ---- | M] () -- C:\Users\Matze\Desktop\NTREGOPT.lnk
[2011.03.07 21:36:39 | 000,000,869 | ---- | M] () -- C:\Users\Matze\Desktop\ERUNT.lnk
[2011.03.07 21:34:35 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.07 21:30:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.07 21:30:50 | 3220,377,600 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.07 21:08:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.07 18:27:53 | 000,046,830 | ---- | M] () -- C:\Users\Matze\Desktop\frühlingsfest2011_beck.pdf
[2011.03.05 22:35:56 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.03.05 22:35:56 | 000,698,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.03.05 22:35:56 | 000,652,284 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.03.05 22:35:56 | 000,148,366 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.03.05 22:35:56 | 000,121,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.03.03 23:22:45 | 000,001,290 | ---- | M] () -- C:\Users\Matze\Desktop\MinecraftSP.jar - Verknüpfung.lnk
[2011.03.02 21:45:00 | 007,981,419 | ---- | M] () -- C:\Users\Matze\Desktop\frühlingsfest2011.rar
[2011.03.01 23:25:51 | 000,001,941 | ---- | M] () -- C:\Users\Matze\Desktop\Samsung Kies.lnk
[2011.02.22 20:11:08 | 000,269,421 | ---- | M] () -- C:\Users\Matze\Desktop\Minecraft.exe
[2011.02.17 21:43:30 | 000,162,407 | ---- | M] () -- C:\Users\Matze\Desktop\Unbenannt.jpg
[2011.02.12 16:27:00 | 000,988,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.02.08 17:59:17 | 059,225,167 | ---- | M] () -- C:\Users\Matze\Documents\MCGame_2011-02-08_17-59-04_Backup.mcgame
 
========== Files Created - No Company Name ==========
 
[2011.03.07 21:36:46 | 000,001,068 | ---- | C] () -- C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.03.07 21:36:39 | 000,000,888 | ---- | C] () -- C:\Users\Matze\Desktop\NTREGOPT.lnk
[2011.03.07 21:36:39 | 000,000,869 | ---- | C] () -- C:\Users\Matze\Desktop\ERUNT.lnk
[2011.03.06 22:46:25 | 000,046,830 | ---- | C] () -- C:\Users\Matze\Desktop\frühlingsfest2011_beck.pdf
[2011.03.03 23:22:45 | 000,001,290 | ---- | C] () -- C:\Users\Matze\Desktop\MinecraftSP.jar - Verknüpfung.lnk
[2011.03.02 21:44:54 | 007,981,419 | ---- | C] () -- C:\Users\Matze\Desktop\frühlingsfest2011.rar
[2011.03.01 23:25:51 | 000,001,941 | ---- | C] () -- C:\Users\Matze\Desktop\Samsung Kies.lnk
[2011.02.22 20:11:11 | 000,269,421 | ---- | C] () -- C:\Users\Matze\Desktop\Minecraft.exe
[2011.02.17 21:43:30 | 000,162,407 | ---- | C] () -- C:\Users\Matze\Desktop\Unbenannt.jpg
[2011.02.08 17:59:06 | 059,225,167 | ---- | C] () -- C:\Users\Matze\Documents\MCGame_2011-02-08_17-59-04_Backup.mcgame
[2011.01.04 16:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.04 16:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.01.04 16:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.01.04 16:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.01.04 16:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.12.26 16:37:12 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2010.12.26 16:14:55 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2010.11.29 22:45:56 | 001,592,846 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.17 22:21:09 | 000,659,968 | ---- | C] () -- C:\Users\Matze\AppData\Local\syssvc.exe
[2010.10.21 17:23:45 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.08.14 10:08:15 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010.08.08 09:50:45 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.04.12 21:36:52 | 000,041,123 | ---- | C] () -- C:\Windows\SysWow64\uninstall.exe
[2010.02.26 12:46:37 | 000,000,089 | ---- | C] () -- C:\Windows\PLX4017.DAT
[2010.01.31 22:16:05 | 000,000,070 | ---- | C] () -- C:\Windows\cryavitowmv.ini
[2010.01.31 22:15:01 | 000,000,005 | ---- | C] () -- C:\Windows\SysWow64\SySavitowmv.dat
[2010.01.31 22:04:23 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.01.12 21:18:20 | 001,409,890 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2010.01.12 21:18:18 | 000,882,688 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.01.12 21:18:18 | 000,556,491 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2010.01.12 21:18:16 | 004,507,983 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2010.01.12 21:18:10 | 000,877,385 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2010.01.12 21:18:10 | 000,336,384 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2010.01.12 21:18:10 | 000,216,576 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2010.01.12 21:18:10 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2010.01.12 21:18:10 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2010.01.12 21:18:10 | 000,121,856 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2010.01.12 21:18:08 | 000,169,984 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2010.01.12 21:18:08 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2010.01.12 21:18:08 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2010.01.12 21:18:08 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2010.01.12 21:12:36 | 000,006,144 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.01.08 20:34:16 | 000,005,052 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
[2010.01.02 19:44:40 | 019,858,592 | ---- | C] () -- C:\Windows\Monopoly Deluxe 2009.exe
[2010.01.01 01:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2010.01.01 01:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2009.12.10 21:54:22 | 000,003,385 | ---- | C] () -- C:\Windows\wininit.ini
[2009.12.10 21:52:42 | 000,000,366 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.12.07 20:10:43 | 000,007,605 | ---- | C] () -- C:\Users\Matze\AppData\Local\Resmon.ResmonCfg
[2009.11.28 21:04:59 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2009.11.24 21:16:58 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.11.14 19:37:08 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2009.11.14 19:33:40 | 000,357,888 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2009.11.14 19:33:38 | 000,160,768 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2009.11.14 19:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2009.11.14 19:11:42 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2009.11.14 19:11:42 | 000,066,048 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2009.11.14 19:11:40 | 000,057,856 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2009.11.14 19:11:40 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2009.11.14 19:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2009.11.14 19:11:36 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2009.11.14 19:11:36 | 000,083,456 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2009.11.14 19:11:32 | 000,045,568 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2009.11.14 19:11:32 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2009.08.11 21:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.01.10 23:15:44 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2008.12.03 23:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007.10.13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011.03.06 14:21:01 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\.minecraft
[2010.12.26 16:43:22 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Atari
[2010.04.28 20:14:36 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\CadSoft
[2009.12.26 12:40:49 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DAEMON Tools
[2010.12.17 17:52:35 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DAEMON Tools Lite
[2009.12.10 21:49:27 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DAEMON Tools Pro
[2010.08.11 06:56:43 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\FreeMoviesToDVD
[2011.03.06 21:29:07 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\ICQ
[2010.07.23 17:59:06 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\LucasArts
[2010.08.08 10:14:38 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\MAGIX
[2010.08.05 17:18:58 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Mp3tag
[2010.12.11 11:47:54 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Nokia
[2010.04.04 10:25:06 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\PC Suite
[2010.08.26 18:42:01 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\PMS
[2009.11.29 16:23:56 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Red Alert 3
[2010.12.22 13:02:14 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\RedDotGames
[2010.12.30 18:52:01 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Samsung
[2010.05.29 15:00:35 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\TomTom
[2009.11.27 18:57:34 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\TuneUp Software
[2010.09.28 19:30:29 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\UDC Profiles
[2009.11.28 21:05:00 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Win7codecs
[2010.09.28 19:19:42 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\WordToPDF
[2011.02.06 19:06:19 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\XnView
[2010.01.02 18:22:01 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Zylom
[2009.07.14 06:08:49 | 000,026,082 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.02.01 19:25:58 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.04.11 20:53:55 | 000,000,000 | ---D | M] -- C:\AllDupBackup
[2011.01.25 23:23:32 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.11.23 21:26:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.11.17 23:08:21 | 000,000,000 | ---D | M] -- C:\ICQ6.5
[2010.01.08 20:35:58 | 000,000,000 | ---D | M] -- C:\Need4Video files
[2010.02.09 20:33:40 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2010.05.03 19:09:28 | 000,000,000 | R--D | M] -- C:\Programme
[2011.03.07 21:36:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2011.01.26 21:22:58 | 000,000,000 | ---D | M] -- C:\ProgramData
[2009.11.23 21:26:30 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.11.23 21:26:31 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.03.07 21:55:30 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.03.01 17:23:53 | 000,000,000 | ---D | M] -- C:\Temp
[2009.11.23 21:26:42 | 000,000,000 | R--D | M] -- C:\Users
[2010.01.31 21:57:38 | 000,000,000 | ---D | M] -- C:\VideoOutput
[2011.03.07 21:37:13 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
[2010.11.17 22:21:09 | 000,659,968 | ---- | M] () -- C:\Users\Matze\AppData\Local\syssvc.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
< End of report >

--- --- ---

Extras.txt

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 07.03.2011 21:38:42 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Matze\Desktop\MFTools
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 67,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69,77 Gb Total Space | 15,90 Gb Free Space | 22,79% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 112,77 Gb Free Space | 75,66% Space Free | Partition Type: NTFS
Drive E: | 69,52 Gb Total Space | 9,61 Gb Free Space | 13,82% Space Free | Partition Type: NTFS
Drive F: | 625,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MATZE-PC | User Name: Matze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %* File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Win7x64 Components_is1" = Win7x64 Components v1.2.3
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0536BCDF-7EF6-48F6-8765-A3C065A065A5}" = Microsoft Expression Blend SDK for .NET 4
"{109D28DA-E555-4896-BF22-E312F764562C}_is1" = Lowrider Simulator
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{3FF8E8A7-5BA8-4D9E-B976-B05B2B00B0AE}" = Microsoft Expression Web 4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{555FCEF2-0541-418D-BB9A-2DA9C72FACBD}" = Microsoft Expression Encoder 4 Pro
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FD0F94D-4594-48A0-BE99-5265367603D8}" = Microsoft Expression Design 4
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{a958c2b3-ee3b-4770-b619-34d7769397cd}" = Nero 9
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B006B9E9-41DD-4479-9177-3743A53B7735}" = Microsoft Expression Blend 3 SDK
"{B0682940-6FFB-4850-80BA-B2FEF0D64BA8}" = Microsoft Expression Blend SDK for Silverlight 4
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4F08198-5C84-4CDE-AE58-65506600C130}" = WinFunktion Mathematik plus 18
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C270BC04-1540-4673-960F-A546B2C860CD}" = Commandos 3 - Destination Berlin
"{C3F6EF04-8292-482D-9A2B-47CF5758C8FC}" = Microsoft Expression Studio 4
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21D2032-60FE-4729-9C87-46F1615FB965}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F7800FC1-6948-4D64-A9BC-3EEDDA408D25}" = Microsoft Expression Blend 4
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Airline Tycoon - Deluxe" = Airline Tycoon - Deluxe
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Blend_4.0.20621.0" = Microsoft Expression Blend 4
"Caesar 3" = Caesar 3
"Cheat Engine 5.4_is1" = Cheat Engine 5.4
"Design_7.0.20516.0" = Microsoft Expression Design 4
"Dr. House" = Dr. House
"eMule" = eMule
"Encoder_4.0.1651.0" = Microsoft Expression Encoder 4 Pro
"ERUNT_is1" = ERUNT 1.1j
"ExpressionStudio_4.0.20705.0" = Microsoft Expression Studio 4
"FFdshow_is1" = FFdshow [2006-08-21 | rev 2546]
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"HaaliMkx" = Haali Media Splitter
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"JDownloader" = JDownloader
"Liberty Praxis" = Liberty Praxis
"LogMeIn Hamachi" = LogMeIn Hamachi
"MAGIX Foto Manager 2007 D" = MAGIX Foto Manager 2007 4.1.1.75 (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR 2.3.1.3 (D)
"MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.1.1.108 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX Video deluxe 2007 2008 D" = MAGIX Video deluxe 2007 2008 7.0.0.26 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.2
"Microsoft DirectX SDK (August 2009)" = Microsoft DirectX SDK (August 2009)
"MKV Player_is1" = MKV Player 1.0
"Monopoly Star Wars" = Monopoly Star Wars
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"Mp3tag" = Mp3tag v2.46a
"MyFreeCodec" = MyFreeCodec
"Nokia PC Suite" = Nokia PC Suite
"OilTycoon2" = Oil Tycoon 2
"ProfiLab-Expert_40_is1" = ProfiLab-Expert 4.0
"Sierra-Dienstprogramme" = Sierra-Dienstprogramme
"SystemRequirementsLab" = System Requirements Lab
"The KMPlayer" = The KMPlayer (remove only)
"TomTom HOME" = TomTom HOME 2.7.5.2014
"TuneUp Utilities" = TuneUp Utilities
"Web_4.0.1166.0" = Microsoft Expression Web 4
"Winamp" = Winamp
"XnView_is1" = XnView 1.97.4
"Youda Camper" = Youda Camper
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

Ist der bzw die Trojaner weg? Ich hoffe Ihr könnt mir helfen.

Larusso · 07.03.2011, 22:31

C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 1404\Anno1404_Crack.exe (Trojan.Bancos) -> Quarantined and deleted successfully.

http://www.trojaner-board.de/95393-c...-software.html

Dateien, die crack.exe, keygen.exe oder patch.exe sind zu 99,9% gefährliche Schädlinge, mit denen man nicht Spaßen sollte.
Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf
Anleitung zum Neu aufsetzten

Facebook Virus!

Log-Analyse und Auswertung: Facebook Virus!

Facebook Virus!

Facebook Virus!

Ähnliche Themen: Facebook Virus!