Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Virus,Malware auf PC

Virus,Malware auf PC


Log-Analyse und Auswertung: Virus,Malware auf PC

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 31.03.2011, 17:48   #1
Schlag
 
Virus,Malware auf PC - Standard

Virus,Malware auf PC


Hallo Zusammen,


Ich und mein PC brauchen Hilfe. Nach GData TotalCare2011/AVIRA Meldungen das ein TB/... und so weiter auf meinem Rechner ist habe ich versch. Programme wie: Malwarebytes / Spywarefighter / Trojan Remover versucht. Diese haben keine Viren mehr gefunden aber ein grosses Problem bleibt nach wievor. Und zwar kann ich den InternetExplorer nicht mehr öffnen und mein PC is sau langsam und so anders.

Ich habe natürlich: Für alle Hilfesuchenden- gelesen und Load.exe ausgeführt.

Ging alles promt und gut.

So hier nun mein LOGFile

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.03.2011 18:04:49 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\DS\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596,07 Gb Total Space | 353,77 Gb Free Space | 59,35% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 232,79 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
 
Computer Name: DS-PC | User Name: DS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.03.31 17:57:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\DS\Desktop\OTL.exe
PRC - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.12.24 14:45:07 | 000,797,848 | ---- | M] (Preventon Technologies Limited) -- C:\Programme\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
PRC - [2010.12.24 14:45:07 | 000,093,328 | ---- | M] (Preventon Technologies Limited) -- C:\Programme\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe
PRC - [2010.08.27 07:40:00 | 001,178,184 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2010.08.26 12:25:16 | 001,538,120 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\Firewall\GDFirewallTray.exe
PRC - [2010.08.26 00:41:56 | 001,607,344 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\Firewall\GDFwSvc.exe
PRC - [2010.08.26 00:28:20 | 001,330,792 | ---- | M] () -- C:\Programme\G Data\TotalCare\AVK\AVKWCtl.exe
PRC - [2010.08.25 23:51:44 | 000,340,552 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G Data\GDScan\GDScan.exe
PRC - [2010.03.31 16:06:48 | 000,410,696 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\AVK\AVKService.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.03.31 17:57:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\DS\Desktop\OTL.exe
MOD - [2011.03.27 20:21:03 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\msvcr90.dll
MOD - [2011.03.27 20:21:03 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb\msvcp90.dll
MOD - [2011.03.27 20:20:56 | 000,159,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4974_none_51cdc180bbe4500f\ATL90.dll
MOD - [2011.03.27 10:36:16 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieproxy.dll
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010.03.25 11:25:22 | 004,222,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL
MOD - [2010.03.25 04:45:24 | 008,945,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\1031\GrooveIntlResource.dll
MOD - [2010.03.03 02:24:24 | 000,467,768 | ---- | M] (SmartSoft Ltd.) -- C:\Programme\SmartFTP Client\sfShellTools.dll
MOD - [2010.01.30 03:41:12 | 004,254,560 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.07.14 03:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.03.05 17:15:28 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.12.24 15:01:28 | 001,141,896 | ---- | M] (SPAMfighter ApS) [Disabled | Stopped] -- C:\Programme\Fighters\FighterSuiteService.exe -- (Suite Service)
SRV - [2010.12.24 14:45:07 | 000,797,848 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe -- (AV Engine Scanning Service)
SRV - [2010.12.24 14:45:07 | 000,093,328 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe -- (AV Watch Service)
SRV - [2010.08.27 07:40:00 | 001,178,184 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2010.08.26 00:41:56 | 001,607,344 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\G Data\TotalCare\Firewall\GDFwSvc.exe -- (GDFwSvc)
SRV - [2010.08.26 00:28:20 | 001,330,792 | ---- | M] () [Auto | Running] -- C:\Programme\G Data\TotalCare\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2010.08.25 23:51:44 | 000,340,552 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2010.06.15 21:54:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.06.14 16:07:14 | 000,615,936 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.05.05 08:26:22 | 000,901,192 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Programme\G Data\TotalCare\AVKBackup\AVKBackupService.exe -- (GDBackupSvc)
SRV - [2010.03.31 16:06:48 | 000,410,696 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\TotalCare\AVK\AVKService.exe -- (AVKService)
SRV - [2010.03.25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.03.10 18:06:12 | 000,867,080 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.08 02:17:54 | 000,934,984 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Programme\G Data\TotalCare\AVKTuner\AVKTunerService.exe -- (GDTunerSvc)
SRV - [2009.12.16 19:26:00 | 003,453,712 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.09.06 07:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009.07.30 22:20:04 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.27 22:36:25 | 000,047,560 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV - [2011.03.27 22:34:06 | 000,062,024 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2011.03.27 22:34:06 | 000,038,856 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2011.03.27 22:34:06 | 000,033,480 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2011.03.27 22:22:27 | 000,029,992 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\GRD.sys -- (GRD)
DRV - [2011.03.27 21:39:30 | 000,040,904 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd)
DRV - [2011.01.08 05:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.12.24 14:45:10 | 000,010,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfsfilter.sys -- (AVFSFilter)
DRV - [2010.05.01 00:52:53 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.05.01 00:52:52 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.02.26 15:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 15:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 15:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 15:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.07.28 21:01:26 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009.07.28 19:38:00 | 000,049,016 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009.07.27 21:09:28 | 000,055,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009.07.24 12:31:58 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009.07.07 22:38:34 | 000,168,936 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009.06.19 10:57:20 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009.06.19 10:56:48 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009.06.17 12:59:46 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2009.02.03 17:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.02.08 19:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006.07.10 18:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.08.13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003.04.19 01:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tandpl.sys -- (tandpl)
DRV - [2003.03.02 18:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\enodpl.sys -- (enodpl)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/ig?hl=de&source=iglk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 E0 63 42 39 5A CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.11.17 23:17:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.11.17 23:17:42 | 000,000,000 | ---D | M]
 
[2009.11.20 19:00:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DS\AppData\Roaming\mozilla\Extensions
[2009.11.20 19:00:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DS\AppData\Roaming\mozilla\Firefox\Profiles\iublh5t2.default\extensions
[2009.11.20 18:58:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.11.03 04:14:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.11.03 04:14:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.11.03 04:14:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.11.03 04:14:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.11.03 04:14:39 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\TotalCare\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\TotalCare\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKCU..\Run: [] File not found
O4 - Startup: C:\Users\DS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-ch/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4cb418c1-c628-11de-9e4c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4cb418c1-c628-11de-9e4c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{dc925883-efe1-11de-8978-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dc925883-efe1-11de-8978-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e99aa60a-1a67-11df-b67f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e99aa60a-1a67-11df-b67f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{e99aa60a-1a67-11df-b67f-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{e99aa60a-1a67-11df-b67f-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe - (TOSHIBA CORPORATION.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: CAHeadless - hkey= - key= - C:\Programme\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ITSecMng - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: SWPROguard - hkey= - key= - C:\Programme\Fighters\SPYWAREfighter\swproTray.exe (SPAMfighter)
MsConfig - State: "bootini" - 2
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.31 18:00:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.03.31 17:59:44 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.03.31 17:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.03.31 17:57:24 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\DS\Desktop\Erunt-setup.exe
[2011.03.31 17:57:21 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\DS\Desktop\OTL.exe
[2011.03.31 17:57:21 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\DS\Desktop\TFC.exe
[2011.03.29 22:09:57 | 000,000,000 | ---D | C] -- C:\Users\DS\AppData\Local\G DATA
[2011.03.27 22:22:27 | 000,029,992 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2011.03.27 21:40:09 | 000,047,560 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2011.03.27 21:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data TotalCare 2011
[2011.03.27 21:39:58 | 000,038,856 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2011.03.27 21:39:33 | 000,062,024 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2011.03.27 21:39:33 | 000,033,480 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2011.03.27 21:39:30 | 000,040,904 | ---- | C] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2011.03.27 21:38:27 | 000,000,000 | ---D | C] -- C:\Programme\G Data
[2011.03.27 21:38:27 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\G Data
[2011.03.27 21:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2011.03.27 21:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\clp
[2011.03.27 21:23:24 | 000,000,000 | ---D | C] -- C:\Programme\Fighters
[2011.03.27 21:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
[2011.03.27 21:23:24 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Common Toolkit Suite
[2011.03.27 21:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Toolkit Suite
[2011.03.27 21:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2011.03.27 21:21:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D81057B4-29EC-41EB-A123-4E4E49873404}
[2011.03.27 21:21:15 | 000,000,000 | ---D | C] -- C:\Users\DS\AppData\Roaming\Fighters
[2011.03.27 21:21:14 | 000,000,000 | ---D | C] -- C:\Users\DS\AppData\Local\PackageAware
[2011.03.27 20:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.03.27 20:36:02 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server
[2011.03.27 20:32:50 | 000,000,000 | ---D | C] -- C:\Users\DS\Documents\Visual Studio 2010
[2011.03.27 20:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2011.03.27 20:30:05 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 10.0
[2011.03.27 20:30:05 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SDKs
[2011.03.27 20:30:05 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Help Viewer
[2011.03.27 20:09:02 | 000,000,000 | ---D | C] -- C:\Users\DS\Documents\Simply Super Software
[2011.03.27 20:08:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2011.03.27 20:08:54 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover
[2011.03.27 20:08:54 | 000,000,000 | ---D | C] -- C:\Users\DS\AppData\Roaming\Simply Super Software
[2011.03.27 20:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2011.03.27 19:56:47 | 000,000,000 | ---D | C] -- C:\Users\DS\Pavark
[2011.03.27 19:54:08 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live Safety Center
[2011.03.27 19:25:09 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2011.03.27 19:25:09 | 000,000,000 | ---D | C] -- C:\Users\DS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.03.26 22:46:16 | 000,000,000 | ---D | C] -- C:\Users\DS\AppData\Roaming\Malwarebytes
[2011.03.26 22:46:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.26 22:46:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.26 22:46:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.26 22:45:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.26 22:45:56 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.26 21:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011.03.26 21:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.03.26 21:46:42 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services
[2011.03.26 21:46:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2011.03.26 21:46:18 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2011.03.26 21:46:18 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Sync Framework
[2011.03.26 21:45:30 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 8
[2011.03.26 21:44:45 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Analysis Services
[2011.03.26 21:44:07 | 000,000,000 | ---D | C] -- C:\Users\DS\AppData\Local\Microsoft Help
[2011.03.26 21:43:40 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2011.03.26 21:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.03.26 21:42:20 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011.03.26 19:01:31 | 000,000,000 | ---D | C] -- C:\Users\DS\AppData\Local\LAG
[2011.03.26 19:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\LAG
[2011.03.26 12:20:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.03.24 20:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2011.03.24 20:24:04 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\Othello
[2011.03.24 20:23:50 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\System Programme
[2011.03.24 20:22:29 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\Dokumente
[2011.03.24 20:21:12 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\Ferien
[2011.03.24 20:19:42 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\CAD & Zeichnen
[2011.03.24 20:19:22 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\Steuern
[2011.03.24 20:18:48 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\Install Dateien
[2011.03.24 20:18:34 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\Musik
[2011.03.24 20:18:12 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\Handy
[2011.03.24 20:16:57 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\Games
[2011.03.24 20:16:52 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\Aquarium
[2011.03.24 20:16:49 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\Moto & Sport
[2011.03.24 20:16:46 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\Video
[2011.03.24 20:16:44 | 000,000,000 | ---D | C] -- C:\Users\DS\Desktop\Bilder
[2011.03.24 20:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TOSHIBA
[2011.03.24 20:12:23 | 000,000,000 | ---D | C] -- C:\Users\DS\Documents\Bluetooth
[2011.03.24 20:11:43 | 000,000,000 | ---D | C] -- C:\Users\DS\AppData\Local\Toshiba
[2011.03.24 20:07:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth
[2011.03.24 20:06:51 | 000,000,000 | ---D | C] -- C:\Programme\Toshiba
[2011.03.19 10:18:08 | 000,000,000 | ---D | C] -- C:\Users\DS\Documents\Architecture CAD
[2011.03.18 19:45:48 | 000,000,000 | ---D | C] -- C:\Users\DS\AppData\Local\Apple Computer
[2011.03.18 19:45:47 | 000,000,000 | ---D | C] -- C:\Users\DS\AppData\Roaming\Apple Computer
[2011.03.18 19:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.03.18 19:45:10 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.03.18 19:45:09 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.03.18 19:45:09 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.03.18 19:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.03.18 19:44:43 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2011.03.18 19:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.03.18 19:44:37 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2011.03.18 19:44:37 | 000,000,000 | ---D | C] -- C:\Users\DS\AppData\Local\Apple
[2011.03.18 19:44:04 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.03.18 19:43:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2011.03.18 19:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011.03.06 10:55:46 | 000,000,000 | ---D | C] -- C:\Users\DS\Documents\SpellForce2
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.31 18:00:01 | 000,001,078 | ---- | M] () -- C:\Users\DS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.03.31 17:59:45 | 000,000,898 | ---- | M] () -- C:\Users\DS\Desktop\NTREGOPT.lnk
[2011.03.31 17:59:45 | 000,000,879 | ---- | M] () -- C:\Users\DS\Desktop\ERUNT.lnk
[2011.03.31 17:57:24 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\DS\Desktop\Erunt-setup.exe
[2011.03.31 17:57:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\DS\Desktop\OTL.exe
[2011.03.31 17:57:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\DS\Desktop\TFC.exe
[2011.03.31 17:57:20 | 000,301,568 | ---- | M] () -- C:\Users\DS\Desktop\g2m3e4r.exe
[2011.03.31 17:54:44 | 000,699,642 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.31 17:54:44 | 000,654,354 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.31 17:54:44 | 000,148,438 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.31 17:54:44 | 000,121,226 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.31 17:48:54 | 000,377,280 | ---- | M] () -- C:\Users\DS\Desktop\Load.exe
[2011.03.31 17:46:55 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.31 17:46:55 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.31 17:39:43 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.31 17:39:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.31 17:39:24 | 2408,882,176 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.31 17:39:23 | 288,030,969 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.03.30 20:39:03 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.29 22:14:13 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.03.27 22:36:25 | 000,047,560 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2011.03.27 22:34:06 | 000,062,024 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2011.03.27 22:34:06 | 000,038,856 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2011.03.27 22:34:06 | 000,033,480 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2011.03.27 22:22:27 | 000,029,992 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2011.03.27 21:39:59 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\G Data TotalCare 2011.lnk
[2011.03.27 21:39:30 | 000,040,904 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2011.03.27 21:23:26 | 000,001,860 | ---- | M] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk
[2011.03.27 20:08:58 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011.03.27 19:25:09 | 000,002,949 | ---- | M] () -- C:\Users\DS\Desktop\HiJackThis.lnk
[2011.03.27 10:36:16 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.03.26 22:46:01 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.26 22:14:59 | 000,415,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.03.26 22:03:21 | 002,027,520 | ---- | M] () -- C:\Users\DS\Documents\Posten.accdb
[2011.03.26 21:47:27 | 000,003,231 | ---- | M] () -- C:\Users\DS\Desktop\Microsoft Outlook 2010.lnk
[2011.03.26 21:47:27 | 000,003,095 | ---- | M] () -- C:\Users\DS\Desktop\Microsoft PowerPoint 2010.lnk
[2011.03.26 21:47:27 | 000,003,029 | ---- | M] () -- C:\Users\DS\Desktop\Microsoft Word 2010.lnk
[2011.03.26 21:47:27 | 000,002,981 | ---- | M] () -- C:\Users\DS\Desktop\Microsoft OneNote 2010.lnk
[2011.03.26 21:47:26 | 000,003,047 | ---- | M] () -- C:\Users\DS\Desktop\Microsoft Excel 2010.lnk
[2011.03.26 21:47:26 | 000,002,965 | ---- | M] () -- C:\Users\DS\Desktop\Microsoft Access 2010.lnk
[2011.03.24 20:28:37 | 000,003,120 | ---- | M] () -- C:\Windows\System32\ALLFSAF8a.ocx
[2011.03.24 20:16:01 | 000,000,982 | ---- | M] () -- C:\Users\DS\Desktop\Bluetooth-Informationsaustausch.lnk
[2011.03.24 20:12:46 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.03.13 13:36:01 | 000,009,241 | ---- | M] () -- C:\Users\DS\Desktop\Anleitung.html
 
========== Files Created - No Company Name ==========
 
[2011.03.31 18:00:01 | 000,001,078 | ---- | C] () -- C:\Users\DS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.03.31 17:59:45 | 000,000,898 | ---- | C] () -- C:\Users\DS\Desktop\NTREGOPT.lnk
[2011.03.31 17:59:45 | 000,000,879 | ---- | C] () -- C:\Users\DS\Desktop\ERUNT.lnk
[2011.03.31 17:57:20 | 000,301,568 | ---- | C] () -- C:\Users\DS\Desktop\g2m3e4r.exe
[2011.03.31 17:52:24 | 000,377,280 | ---- | C] () -- C:\Users\DS\Desktop\Load.exe
[2011.03.27 21:39:59 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\G Data TotalCare 2011.lnk
[2011.03.27 21:23:26 | 000,001,860 | ---- | C] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk
[2011.03.27 20:45:49 | 288,030,969 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.03.27 20:08:58 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011.03.27 20:08:56 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2011.03.27 20:08:56 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2011.03.27 20:08:56 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2011.03.27 20:08:56 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2011.03.27 19:25:09 | 000,002,949 | ---- | C] () -- C:\Users\DS\Desktop\HiJackThis.lnk
[2011.03.27 10:36:16 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.03.26 22:46:01 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.26 22:03:04 | 002,027,520 | ---- | C] () -- C:\Users\DS\Documents\Posten.accdb
[2011.03.26 21:47:27 | 000,003,231 | ---- | C] () -- C:\Users\DS\Desktop\Microsoft Outlook 2010.lnk
[2011.03.26 21:47:27 | 000,003,095 | ---- | C] () -- C:\Users\DS\Desktop\Microsoft PowerPoint 2010.lnk
[2011.03.26 21:47:27 | 000,003,029 | ---- | C] () -- C:\Users\DS\Desktop\Microsoft Word 2010.lnk
[2011.03.26 21:47:27 | 000,002,981 | ---- | C] () -- C:\Users\DS\Desktop\Microsoft OneNote 2010.lnk
[2011.03.26 21:47:26 | 000,003,047 | ---- | C] () -- C:\Users\DS\Desktop\Microsoft Excel 2010.lnk
[2011.03.26 21:47:26 | 000,002,965 | ---- | C] () -- C:\Users\DS\Desktop\Microsoft Access 2010.lnk
[2011.03.26 19:48:30 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.03.24 20:28:37 | 000,003,120 | ---- | C] () -- C:\Windows\System32\ALLFSAF8a.ocx
[2011.03.24 20:16:00 | 000,000,982 | ---- | C] () -- C:\Users\DS\Desktop\Bluetooth-Informationsaustausch.lnk
[2011.03.18 19:44:37 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.03.13 13:41:20 | 000,009,241 | ---- | C] () -- C:\Users\DS\Desktop\Anleitung.html
[2011.01.01 00:11:00 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.12.24 14:45:10 | 000,010,264 | ---- | C] () -- C:\Windows\System32\drivers\avfsfilter.sys
[2010.11.07 20:37:51 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys
[2010.11.07 20:37:51 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys
[2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.05.01 00:52:53 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.05.01 00:52:52 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.03.10 18:33:13 | 000,005,632 | ---- | C] () -- C:\Users\DS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.27 21:08:11 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2009.12.26 15:25:21 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2009.12.25 09:02:34 | 000,036,432 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2009.12.03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.07.14 10:47:43 | 000,699,642 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,148,438 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,415,280 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,654,354 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,121,226 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:55:09 | 001,332,736 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.10.10 18:30:10 | 000,372,736 | ---- | C] () -- C:\Windows\System32\Mss32.dll
[2004.08.13 10:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
 
========== LOP Check ==========
 
[2009.11.03 17:42:06 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\BlackBean
[2010.01.02 19:05:49 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\Capcom
[2009.11.20 18:52:42 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\Daoisoft
[2010.02.05 19:35:45 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\EasyTax
[2011.03.27 21:21:20 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\Fighters
[2009.11.03 22:15:53 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\Leadertech
[2010.08.30 16:48:02 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\No Company Name
[2010.11.17 23:36:32 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\Nokia
[2010.11.17 23:36:33 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\Nokia Ovi Suite
[2010.11.17 23:31:23 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\PC Suite
[2009.12.26 19:10:53 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\Red Alert 3
[2011.03.27 20:08:54 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\Simply Super Software
[2010.05.01 12:15:51 | 000,000,000 | ---D | M] -- C:\Users\DS\AppData\Roaming\Ubisoft
[2011.01.25 20:05:10 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.10.31 16:39:42 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.05.01 12:14:38 | 000,000,000 | ---D | M] -- C:\ANNO 1404
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.10.16 13:51:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.10.16 14:35:14 | 000,000,000 | ---D | M] -- C:\Intel
[2010.12.07 18:14:51 | 000,000,000 | ---D | M] -- C:\Landwirtschafts Simulator 2011
[2010.10.24 16:05:48 | 000,000,000 | ---D | M] -- C:\mafia
[2011.03.26 21:42:20 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.10.16 14:23:57 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2011.03.31 17:59:44 | 000,000,000 | R--D | M] -- C:\Programme
[2009.10.27 22:48:33 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.03.29 22:40:34 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.10.16 13:51:30 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.10.31 16:39:26 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.03.30 18:47:46 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.10.31 16:39:34 | 000,000,000 | R--D | M] -- C:\Users
[2011.03.31 18:00:29 | 000,000,000 | ---D | M] -- C:\Windows
[2011.03.29 22:52:34 | 000,000,000 | ---D | M] -- C:\Windows.old
[2011.01.26 19:24:19 | 000,000,000 | ---D | M] -- C:\World of Warcraft
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-25 16:44:22
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9
 
< End of report >
--- --- ---



--------------------------------------------------------------------------
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-31 18:28:19
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort2 WDC_WD6401AALS-00L3B2 rev.01.03B01
Running: g2m3e4r.exe; Driver: C:\Users\DS\AppData\Local\Temp\pxldapoc.sys
 
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C85589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CAA092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA3A3B300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA3A80300, 0x1BEE, 0xE8000020]
PAGE peauth.sys A3A90E20 101 Bytes JMP 60DA9B04 
 
---- User code sections - GMER 1.0.15 ----
 
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtProtectVirtualMemory 770551C0 5 Bytes JMP 0021000A 
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!NtWriteVirtualMemory 77055D40 5 Bytes JMP 0022000A 
.text C:\Windows\system32\svchost.exe[1100] ntdll.dll!KiUserExceptionDispatcher 77056298 5 Bytes JMP 001F000A 
.text C:\Windows\system32\svchost.exe[1100] ole32.dll!CoCreateInstance 7577590C 5 Bytes JMP 0047000A 
.text C:\Windows\system32\svchost.exe[1100] USER32.dll!GetCursorPos 7588C198 5 Bytes JMP 00E7000A 
.text C:\Windows\system32\svchost.exe[1100] USER32.dll!GetForegroundWindow 7589565D 5 Bytes JMP 00EA000A 
.text C:\Windows\system32\svchost.exe[1100] USER32.dll!WindowFromPoint 758B6D0C 5 Bytes JMP 00E9000A 
.text C:\Windows\explorer.exe[5032] ntdll.dll!NtProtectVirtualMemory 770551C0 5 Bytes JMP 0029000A 
.text C:\Windows\explorer.exe[5032] ntdll.dll!NtWriteVirtualMemory 77055D40 5 Bytes JMP 002A000A 
.text C:\Windows\explorer.exe[5032] ntdll.dll!KiUserExceptionDispatcher 77056298 5 Bytes JMP 0017000A 
 
---- Devices - GMER 1.0.15 ----
 
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 
Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 
Device \Device\Ide\IdeDeviceP2T0L0-2 -> \??\IDE#DiskWDC_WD6401AALS-00L3B2___________________01.03B01#5&7555648&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
 
---- Registry - GMER 1.0.15 ----
 
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f95dd 
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f95dd (not active ControlSet) 
 
---- Disk sectors - GMER 1.0.15 ----
 
Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
 
---- EOF - GMER 1.0.15 ----[/QUOTE]
--- --- ---


Ich habe nicht viel Ahnung von Viren und dessen löschungen.

Ich hoffe ich habe nichts vergessen.

Ihr seid meine letzte Chance.
jetzt schon für eure Bemühungen!!

Gruss der Schlag

 

Themen zu Virus,Malware auf PC
alternate, analysis, antivirus, autorun, bho, bonjour, browser, conduit, document, error, excel.exe, firefox, helper, hijack, home, keine viren, langsam, load.exe, location, locker, logfile, malware, mozilla, nicht mehr öffnen, ntdll.dll, nvlddmkm.sys, object, oldtimer, plug-in, problem, registry, scan, searchplugins, senden, sketchup, software, start menu, studio, suite/avengine/avscanningservice.exe, suite/avengine/avwatchservice.exe, super, svchost.exe, trojan, viren, virus, visual studio, webcheck, windows


« Rootkit Patched TDSS GEn entfernt? | WIN XP (Kein Desktophintergrund mehr+Datenverlust) »


Ähnliche Themen: Virus,Malware auf PC


  1. Virus/Malware/Trojaner?!?!
    Plagegeister aller Art und deren Bekämpfung - 05.11.2015 (15)
  2. pua/DownProt.I - Virus/Malware
    Log-Analyse und Auswertung - 26.08.2015 (25)
  3. Virus/Trojaner/Malware/PUP ?
    Plagegeister aller Art und deren Bekämpfung - 15.04.2015 (47)
  4. Virus/Malware Problem
    Plagegeister aller Art und deren Bekämpfung - 15.02.2015 (9)
  5. http://www.avgthreatlabs.com/virus-and-malware-information/content/generic-virus/?name=@Rootkit_Hidden_Driver&utm_source=TDPU&utm_medium=SCA
    Log-Analyse und Auswertung - 10.09.2014 (11)
  6. Virus oder Malware
    Log-Analyse und Auswertung - 23.07.2014 (35)
  7. Malware Trovigoo Virus
    Plagegeister aller Art und deren Bekämpfung - 15.07.2014 (11)
  8. Unistall-Vo-package (Malware/Virus?) bei Win7 64 bit /Malware-Adware gelöscht -Danke!
    Lob, Kritik und Wünsche - 06.07.2014 (1)
  9. Malware/Virus entfernen
    Log-Analyse und Auswertung - 09.04.2014 (19)
  10. email link Malware Funde Heur.PE@4294967295, Malware@#nwdk01o66rpro, Malware@#2x6qrvr63cjrw
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (10)
  11. Virus: Java:Malware-gen [Trj]
    Log-Analyse und Auswertung - 17.10.2012 (1)
  12. BundesPolizei Malware Virus
    Log-Analyse und Auswertung - 29.08.2012 (11)
  13. Virus/Malware verhindert Installation/Start jeglicher Anti-Malware/Virusprogramme
    Plagegeister aller Art und deren Bekämpfung - 03.02.2012 (17)
  14. Welcher Virus? Anti-Virus startet nicht mehr, MalWare Go
    Plagegeister aller Art und deren Bekämpfung - 07.03.2011 (1)
  15. Unbekannter Virus/Malware
    Plagegeister aller Art und deren Bekämpfung - 27.10.2010 (1)
  16. Virus und Malware auf dem Rechner?
    Log-Analyse und Auswertung - 28.11.2009 (1)
  17. Virus/Malware - SVCHOST.exe versucht virus zu laden
    Plagegeister aller Art und deren Bekämpfung - 22.11.2009 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Virus,Malware auf PC - Hallo Zusammen, Ich und mein PC brauchen Hilfe. Nach GData TotalCare2011/AVIRA Meldungen das ein TB/... und so weiter auf meinem Rechner ist habe ich versch. Programme wie: Malwarebytes / Spywarefighter - Virus,Malware auf PC...
Archiv
Du betrachtest: Virus,Malware auf PC auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131