Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: ISUSPM.exe-Ungültiges Bild - Trojaner?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 31.03.2011, 23:47   #1
PonK
 
ISUSPM.exe-Ungültiges Bild - Trojaner? - Standard

ISUSPM.exe-Ungültiges Bild - Trojaner?



Hi,

ich musste leider Vista dank eines Trojaners neu aufspielen.
Als ich grad dabei war, wieder ein paar Programme zu installieren, ist der PC leider abgeschmiert. Nach dem Neustart, kam dann folgende Fehlermeldung:


Da ich gelesen habe, dass es schon wieder ein Trojaner sein könnte habe ich gehofft das ihr mir helfen könnt.

Ich hoffe mal das "nur" etwas beschädigt wurde und es nicht wieder ein Schädling ist.

Habe das mit HijackThis zu spät gelesen, andere Logfiles folgen!

Sorry für den Doppelpost!

Hier die Logfiles

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.04.2011 15:09:58 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Admin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 63,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 270,66 Gb Total Space | 236,58 Gb Free Space | 87,41% Space Free | Partition Type: NTFS
Drive S: | 27,30 Gb Total Space | 17,52 Gb Free Space | 64,19% Space Free | Partition Type: NTFS
 
Computer Name: HOME-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.01 15:01:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2011.03.31 21:39:35 | 003,318,784 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2011.03.31 21:39:33 | 002,557,440 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2011.03.18 19:56:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2008.07.11 19:00:06 | 000,080,392 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.01 15:01:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010.05.04 21:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msshsq.dll
MOD - [2008.01.21 04:51:11 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\duser.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.11.11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010.11.11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008.12.01 22:45:16 | 000,932,864 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2011.03.31 21:39:34 | 000,948,775 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.07.11 19:00:06 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.02.18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.10.24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010.07.07 11:26:46 | 000,050,696 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.12.02 00:15:02 | 005,000,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008.04.21 08:16:18 | 000,050,688 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0)
DRV:64bit: - [2008.04.21 08:16:18 | 000,050,688 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0)
DRV:64bit: - [2008.02.14 08:56:14 | 000,160,768 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008.01.19 00:10:30 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr)
DRV:64bit: - [2007.12.11 04:49:54 | 000,026,624 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2007.12.03 04:20:54 | 000,024,064 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.0)
DRV:64bit: - [2006.09.18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2011.04.01 15:03:58 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011.03.31 18:51:47 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.konsolengrill.de/forum/index.php"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\firefox\ [2011.03.31 21:44:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.31 19:26:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.03.31 17:40:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2011.03.31 22:52:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\tsrge8x5.default\extensions
[2011.03.31 22:51:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\tsrge8x5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.03.31 20:16:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.03.31 20:16:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- 
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TSRGE8X5.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TSRGE8X5.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI
[2011.03.31 16:32:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\ctbr.dll (Crawler.com)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ISUSPM Startup]  File not found
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - Reg Error: Key error. File not found
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\ctbr.dll (Crawler.com)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fa39534a-5b31-11e0-b13d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fa39534a-5b31-11e0-b13d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpFolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpReg: EasyTuneVI - hkey= - key= - C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe ()
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.01 15:08:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.01 15:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.04.01 15:07:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011.04.01 15:00:54 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\Admin\Desktop\Erunt-setup.exe
[2011.04.01 15:00:54 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2011.04.01 15:00:54 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\TFC.exe
[2011.04.01 00:37:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\.thumbnails
[2011.04.01 00:36:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\gegl-0.0
[2011.04.01 00:36:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\.gimp-2.6
[2011.03.31 23:21:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.03.31 23:21:35 | 000,000,000 | ---D | C] -- C:\PS3ThemeCreator
[2011.03.31 22:51:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Google
[2011.03.31 22:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011.03.31 22:41:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2011.03.31 22:41:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011.03.31 22:29:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\FUSSBALL MANAGER 11
[2011.03.31 22:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2011.03.31 21:50:47 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.03.31 21:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar
[2011.03.31 21:44:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crawler
[2011.03.31 21:39:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Spyware Terminator
[2011.03.31 21:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator
[2011.03.31 21:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2011.03.31 21:39:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2011.03.31 20:47:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\WinRAR
[2011.03.31 20:47:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.03.31 20:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.03.31 20:47:47 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2011.03.31 20:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011.03.31 20:44:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2011.03.31 20:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
[2011.03.31 20:43:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2011.03.31 20:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2011.03.31 20:29:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Sachen
[2011.03.31 20:28:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2011.03.31 20:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.03.31 20:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011.03.31 20:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011.03.31 20:19:18 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011.03.31 20:17:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2011.03.31 20:16:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.03.31 20:16:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.03.31 20:16:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011.03.31 19:27:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Apple Computer
[2011.03.31 19:27:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apple Computer
[2011.03.31 19:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.03.31 19:27:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011.03.31 19:27:03 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.03.31 19:27:02 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.03.31 19:27:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011.03.31 19:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011.03.31 19:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.03.31 19:26:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011.03.31 19:26:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.03.31 19:25:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apple
[2011.03.31 19:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011.03.31 19:24:18 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2011.03.31 19:24:08 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.03.31 19:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011.03.31 19:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011.03.31 19:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011.03.31 18:52:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\AdobeUM
[2011.03.31 18:52:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Adobe
[2011.03.31 18:52:21 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\My eBooks
[2011.03.31 18:52:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Adobe
[2011.03.31 18:46:58 | 000,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices
[2011.03.31 18:46:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2011.03.31 18:46:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2011.03.31 18:44:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.03.31 18:44:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011.03.31 18:32:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Secunia PSI
[2011.03.31 18:32:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2011.03.31 18:09:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011.03.31 18:09:02 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client
[2011.03.31 17:39:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2011.03.31 17:39:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Mozilla
[2011.03.31 17:39:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Symantec
[2011.03.31 17:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011.03.31 17:30:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011.03.31 17:18:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2011.03.31 17:18:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2011.03.31 17:18:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2011.03.31 17:18:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2011.03.31 17:18:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2011.03.31 17:18:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2011.03.31 17:09:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011.03.31 06:21:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Programme
[2011.03.31 06:11:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011.03.31 05:33:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011.03.31 05:26:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2011.03.31 05:26:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2011.03.31 04:15:06 | 000,069,120 | R--- | C] (AVM Berlin) -- C:\Windows\SysWow64\avmadd32.dll
[2011.03.31 04:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
[2011.03.31 04:15:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FRITZ!Box
[2011.03.31 04:10:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\ATI
[2011.03.31 04:10:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\ATI
[2011.03.31 04:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.03.31 04:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.03.31 04:07:06 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ATI Technologies
[2011.03.31 04:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011.03.31 04:05:16 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies
[2011.03.31 04:05:13 | 000,000,000 | ---D | C] -- C:\Programme\ATI
[2011.03.31 04:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2011.03.31 04:01:50 | 000,050,688 | R--- | C] (Realtek Corporation) -- C:\Windows\SysNative\drivers\RtTeam60.sys
[2011.03.31 04:01:27 | 000,024,064 | R--- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\RtVlan60.sys
[2011.03.31 04:01:08 | 000,026,624 | R--- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\RtNdPt60.sys
[2011.03.31 04:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
[2011.03.31 03:59:30 | 000,000,000 | ---D | C] -- C:\Windows\Cache
[2011.03.31 03:59:03 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2011.03.31 03:57:35 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011.03.31 03:57:19 | 000,000,000 | -HSD | C] -- C:\Boot
[2011.03.31 03:46:21 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2011.03.31 03:46:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011.03.31 03:46:15 | 000,000,000 | ---D | C] -- C:\Intel
[2011.03.31 03:46:00 | 000,146,528 | ---- | C] (DeviceVM Inc.) -- C:\Windows\SysWow64\dvmurl.dll
[2011.03.31 03:45:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browser Configuration Utility
[2011.03.31 03:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
[2011.03.31 03:45:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIGABYTE
[2011.03.31 03:44:57 | 000,160,768 | ---- | C] (Realtek Corporation                                            ) -- C:\Windows\SysNative\drivers\Rtlh64.sys
[2011.03.31 03:44:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\InstallShield
[2011.03.31 03:44:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2011.03.31 03:44:00 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2011.03.31 03:44:00 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2011.03.31 03:44:00 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2011.03.31 03:44:00 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2011.03.31 03:43:56 | 006,453,760 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RAVCpl64.exe
[2011.03.31 03:43:56 | 000,245,248 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2011.03.31 03:43:56 | 000,160,768 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\FMAPO64.dll
[2011.03.31 03:43:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2011.03.31 03:43:55 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011.03.31 03:43:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011.03.31 03:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows OPK
[2011.03.31 03:37:27 | 000,000,000 | ---D | C] -- C:\Programme\Windows Imaging
[2011.03.31 03:36:14 | 000,000,000 | ---D | C] -- C:\Programme\Windows OPK
[2011.03.31 03:35:44 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011.03.31 03:13:28 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.03.31 03:13:28 | 000,000,000 | R--D | C] -- C:\Users\Admin\Searches
[2011.03.31 03:13:28 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.03.31 03:13:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Identities
[2011.03.31 03:13:18 | 000,000,000 | R--D | C] -- C:\Users\Admin\Contacts
[2011.03.31 03:13:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\VirtualStore
[2011.03.31 03:13:14 | 000,000,000 | --SD | C] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2011.03.31 03:13:14 | 000,000,000 | R--D | C] -- C:\Users\Admin\Videos
[2011.03.31 03:13:14 | 000,000,000 | R--D | C] -- C:\Users\Admin\Saved Games
[2011.03.31 03:13:14 | 000,000,000 | R--D | C] -- C:\Users\Admin\Pictures
[2011.03.31 03:13:14 | 000,000,000 | R--D | C] -- C:\Users\Admin\Music
[2011.03.31 03:13:14 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.03.31 03:13:14 | 000,000,000 | R--D | C] -- C:\Users\Admin\Links
[2011.03.31 03:13:14 | 000,000,000 | R--D | C] -- C:\Users\Admin\Favorites
[2011.03.31 03:13:14 | 000,000,000 | R--D | C] -- C:\Users\Admin\Downloads
[2011.03.31 03:13:14 | 000,000,000 | R--D | C] -- C:\Users\Admin\Documents
[2011.03.31 03:13:14 | 000,000,000 | R--D | C] -- C:\Users\Admin\Desktop
[2011.03.31 03:13:14 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Vorlagen
[2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Verlauf
[2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Temporary Internet Files
[2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Startmenü
[2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\SendTo
[2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Recent
[2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Netzwerkumgebung
[2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Lokale Einstellungen
[2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Documents\Eigene Videos
[2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Documents\Eigene Musik
[2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Eigene Dateien
[2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Documents\Eigene Bilder
[2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Druckumgebung
[2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Cookies
[2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Anwendungsdaten
[2011.03.31 03:13:14 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Anwendungsdaten
[2011.03.31 03:13:14 | 000,000,000 | -H-D | C] -- C:\Users\Admin\AppData
[2011.03.31 03:13:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Temp
[2011.03.31 03:13:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft
[2011.03.31 03:13:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2011.03.31 03:09:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.03.31 03:09:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.03.31 03:09:53 | 000,000,000 | -HSD | C] -- C:\Programme
[2011.03.31 03:09:53 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2011.03.31 03:09:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.03.31 03:09:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.03.31 03:09:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.03.31 03:09:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.03.31 03:09:53 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011.03.31 03:09:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.03.31 03:09:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011.03.31 03:09:20 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2011.03.31 03:03:28 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011.03.31 02:58:43 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011.03.31 02:58:28 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.01 15:09:41 | 001,451,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.01 15:09:41 | 000,630,604 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.01 15:09:41 | 000,597,898 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.01 15:09:41 | 000,127,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.01 15:09:41 | 000,104,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.01 15:07:36 | 000,000,763 | ---- | M] () -- C:\Users\Admin\Desktop\NTREGOPT.lnk
[2011.04.01 15:07:35 | 000,000,744 | ---- | M] () -- C:\Users\Admin\Desktop\ERUNT.lnk
[2011.04.01 15:03:50 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.01 15:03:50 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.01 15:03:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.01 15:01:05 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\Admin\Desktop\Erunt-setup.exe
[2011.04.01 15:01:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2011.04.01 15:01:02 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\TFC.exe
[2011.04.01 00:37:47 | 000,031,352 | ---- | M] () -- C:\Users\Admin\Desktop\Unbenannt.jpg
[2011.04.01 00:37:47 | 000,000,838 | ---- | M] () -- C:\Users\Admin\.recently-used.xbel
[2011.03.31 23:47:19 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011.03.31 23:47:19 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2011.03.31 21:53:02 | 000,255,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.03.31 19:30:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.03.31 18:51:47 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2011.03.31 18:10:23 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.03.31 18:10:02 | 001,474,912 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.31 17:39:52 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011.03.31 17:26:52 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini
[2011.03.31 06:21:39 | 000,000,104 | ---- | M] () -- C:\Users\Admin\Desktop\Computer.lnk
[2011.03.31 05:33:28 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.03.31 04:08:58 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011.03.31 03:57:20 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011.03.31 03:53:35 | 000,000,732 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps64.dat
[2011.03.31 03:04:47 | 000,060,826 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011.03.30 13:06:09 | 093,901,005 | ---- | M] () -- C:\Users\Admin\Desktop\quicksave 09.ea
[2011.03.30 04:28:41 | 094,047,076 | ---- | M] () -- C:\Users\Admin\Desktop\kevin-sascha.ea
[2011.03.13 13:40:23 | 000,005,701 | ---- | M] () -- C:\Users\Admin\Desktop\Anleitung.html
 
========== Files Created - No Company Name ==========
 
[2011.04.01 15:07:36 | 000,000,763 | ---- | C] () -- C:\Users\Admin\Desktop\NTREGOPT.lnk
[2011.04.01 15:07:35 | 000,000,744 | ---- | C] () -- C:\Users\Admin\Desktop\ERUNT.lnk
[2011.04.01 00:37:47 | 000,000,838 | ---- | C] () -- C:\Users\Admin\.recently-used.xbel
[2011.04.01 00:36:01 | 000,031,352 | ---- | C] () -- C:\Users\Admin\Desktop\Unbenannt.jpg
[2011.03.31 23:46:57 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011.03.31 23:46:57 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2011.03.31 20:25:59 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.03.31 19:30:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.03.31 19:25:48 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.03.31 18:10:23 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.03.31 18:10:02 | 001,474,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.31 18:09:29 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011.03.31 17:39:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.03.31 17:08:27 | 000,121,856 | ---- | C] () -- C:\Windows\SysNative\EhStorAuthn.dll
[2011.03.31 17:08:27 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011.03.31 17:08:21 | 000,262,552 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011.03.31 17:08:10 | 000,471,992 | ---- | C] () -- C:\Windows\SysNative\dot3.tmf
[2011.03.31 17:08:09 | 000,700,507 | ---- | C] () -- C:\Windows\SysNative\eaphost.tmf
[2011.03.31 17:08:08 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011.03.31 17:08:08 | 000,107,612 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin
[2011.03.31 17:08:06 | 000,395,723 | ---- | C] () -- C:\Windows\SysNative\onex.tmf
[2011.03.31 17:07:56 | 000,207,968 | ---- | C] () -- C:\Windows\SysNative\WFP.TMF
[2011.03.31 17:07:55 | 000,092,918 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs
[2011.03.31 17:07:55 | 000,092,918 | ---- | C] () -- C:\Windows\SysNative\slmgr.vbs
[2011.03.31 17:07:53 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011.03.31 17:07:45 | 000,009,239 | ---- | C] () -- C:\Windows\SysWow64\spcinstrumentation.man
[2011.03.31 17:07:45 | 000,009,239 | ---- | C] () -- C:\Windows\SysNative\spcinstrumentation.man
[2011.03.31 17:07:41 | 000,009,212 | ---- | C] () -- C:\Windows\SysWow64\RacUR.xml
[2011.03.31 17:07:41 | 000,009,212 | ---- | C] () -- C:\Windows\SysNative\RacUR.xml
[2011.03.31 17:07:39 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\RacUREx.xml
[2011.03.31 17:07:39 | 000,000,153 | ---- | C] () -- C:\Windows\SysNative\RacUREx.xml
[2011.03.31 06:21:39 | 000,000,104 | ---- | C] () -- C:\Users\Admin\Desktop\Computer.lnk
[2011.03.31 05:55:26 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011.03.31 05:55:26 | 000,018,904 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchemaTrivial.bin
[2011.03.31 05:55:25 | 011,967,524 | ---- | C] () -- C:\Windows\SysWow64\korwbrkr.lex
[2011.03.31 05:55:25 | 011,967,524 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.lex
[2011.03.31 05:44:08 | 000,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011.03.31 05:44:08 | 000,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011.03.31 05:33:28 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.03.31 05:33:28 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.03.31 05:01:36 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2011.03.31 05:01:36 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2011.03.31 05:01:36 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2011.03.31 05:01:36 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2011.03.31 05:01:36 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2011.03.31 05:01:36 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2011.03.31 04:38:50 | 002,608,861 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2011.03.31 04:10:25 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011.03.31 04:08:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.31 04:06:37 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2011.03.31 04:06:37 | 003,107,788 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.dat
[2011.03.31 04:06:37 | 000,655,825 | ---- | C] () -- C:\Windows\SysNative\drivers\ativcaxx.cpa
[2011.03.31 04:06:37 | 000,019,392 | ---- | C] () -- C:\Windows\SysNative\drivers\ativvpxx.vp
[2011.03.31 04:06:37 | 000,015,079 | ---- | C] () -- C:\Windows\atiogl.xml
[2011.03.31 04:06:37 | 000,002,096 | ---- | C] () -- C:\Windows\SysNative\drivers\ativpkxx.vp
[2011.03.31 04:06:37 | 000,002,096 | ---- | C] () -- C:\Windows\SysNative\drivers\ativokxx.vp
[2011.03.31 04:06:37 | 000,002,096 | ---- | C] () -- C:\Windows\SysNative\drivers\ativdkxx.vp
[2011.03.31 04:06:37 | 000,000,929 | ---- | C] () -- C:\Windows\SysNative\drivers\ativcaxx.vp
[2011.03.31 03:57:20 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2011.03.31 03:57:19 | 000,333,257 | RHS- | C] () -- C:\bootmgr
[2011.03.31 03:44:36 | 000,000,553 | R--- | C] () -- C:\Windows\USetup.iss
[2011.03.31 03:43:59 | 000,666,112 | ---- | C] () -- C:\Windows\SysNative\RTCOM64.dll
[2011.03.31 03:42:59 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.03.31 03:13:33 | 000,000,949 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011.03.31 03:13:30 | 000,000,979 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.03.31 03:13:28 | 000,000,974 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011.03.31 03:13:18 | 000,000,915 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011.03.31 03:13:15 | 000,000,732 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps64.dat
[2011.03.31 03:04:27 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2011.03.30 13:06:09 | 093,901,005 | ---- | C] () -- C:\Users\Admin\Desktop\quicksave 09.ea
[2011.03.30 04:28:41 | 094,047,076 | ---- | C] () -- C:\Users\Admin\Desktop\kevin-sascha.ea
[2011.03.13 13:41:14 | 000,005,701 | ---- | C] () -- C:\Users\Admin\Desktop\Anleitung.html
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.06.21 08:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== LOP Check ==========
 
[2011.03.31 20:43:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2011.03.31 20:28:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2011.03.31 21:40:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Spyware Terminator
[2011.04.01 15:02:13 | 000,011,170 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.03.31 21:55:11 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.03.31 17:23:46 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.03.31 23:21:41 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.03.31 03:09:53 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.03.31 03:46:15 | 000,000,000 | ---D | M] -- C:\Intel
[2008.01.21 05:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.03.31 20:47:47 | 000,000,000 | R--D | M] -- C:\Programme
[2011.04.01 15:07:34 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.03.31 22:51:37 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.03.31 03:09:53 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.03.31 23:21:39 | 000,000,000 | ---D | M] -- C:\PS3ThemeCreator
[2011.04.01 15:10:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.03.31 21:53:42 | 000,000,000 | R--D | M] -- C:\Users
[2011.04.01 15:08:44 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 04:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 04:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 01.04.2011 15:09:58 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Admin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 63,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 270,66 Gb Total Space | 236,58 Gb Free Space | 87,41% Space Free | Partition Type: NTFS
Drive S: | 27,30 Gb Total Space | 17,52 Gb Free Space | 64,19% Space Free | Partition Type: NTFS
 
Computer Name: HOME-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 55 63 68 A6 B7 EF CB 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1EBFA7B4-B4DD-4460-86FE-CADC9F0DBBAA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{687F38B7-D01E-489D-93EC-F557B7C28443}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{74A2C3CA-BA5B-4A11-A971-81CDF45C13BB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"TCP Query User{07086891-F1CB-49BF-BF0D-211ECD39DC32}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | 
"TCP Query User{E2EFF8CD-D2C2-47DC-8105-A49770A72798}C:\users\alle\appdata\roaming\icq\application\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\users\alle\appdata\roaming\icq\application\icq7.4\icq.exe | 
"TCP Query User{F992588D-EBA9-408D-AF59-5B6627B1F2F1}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe | 
"UDP Query User{236F4216-74DF-4D4A-A524-263D135D99B2}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe | 
"UDP Query User{2DC9B57F-08DA-4EB8-8393-52FB83F10C8F}C:\users\alle\appdata\roaming\icq\application\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\users\alle\appdata\roaming\icq\application\icq7.4\icq.exe | 
"UDP Query User{4FEE5F8B-DB43-4CC8-AB7B-BE1F97A2BED6}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{266CCC48-9AA1-404E-A1CB-558E8CC46F69}" = Windows OEM Preinstallation Kit
"{2805B86E-A87B-3C28-F177-83F797AEA53F}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{ECB23A16-9586-D6AD-64B2-6CDCC275D8D5}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}" = Microsoft Security Client DE-DE Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1102B81E-73F2-339C-E299-C48D7CA32441}" = Catalyst Control Center Graphics Full Existing
"{14CF71FD-281E-91AD-941C-BFAA649C1E12}" = CCC Help German
"{15422767-809D-8D9C-140D-99B39C9683DA}" = Catalyst Control Center Graphics Full New
"{186DB7E2-1C55-0715-12E1-7FC473D30A4C}" = Catalyst Control Center Graphics Previews Common
"{1DE0F8B5-763F-395F-56F3-98F8D9E0492D}" = HydraVision
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3A1BBC38-2602-B555-24D3-942F01D8DC39}" = CCC Help English
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.0708.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.0515.1
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6419FBF5-2DB7-FF43-EE67-5448F868D080}" = Catalyst Control Center Core Implementation
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0711.1
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9FA7B446-0DE0-C883-9DB4-AC9A35D60735}" = Catalyst Control Center HydraVision Full
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{ACB91656-A3D1-4E5F-82F0-D3E5200F1D06}" = Skins
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.01
"{C3F7C6EB-B6AD-CE5E-46BD-E6DE8EBB6E5A}" = Catalyst Control Center Graphics Previews Vista
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8E9FBF9-6CBE-AE9B-C8AB-2C8F5E32140C}" = ccc-core-static
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{DDACB061-0C85-8A15-45C9-28415476762B}" = Catalyst Control Center Graphics Light
"{E182BF0C-B1C9-655A-0F65-1E511E8687AD}" = Catalyst Control Center Localization German
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC5A7E9B-2CAC-6261-7F34-817C6547ABF3}" = Catalyst Control Center InstallProxy
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVMFBox" = AVM FRITZ!Box Dokumentation
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"ERUNT_is1" = ERUNT 1.1j
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.0708.2
"InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.0515.1
"IrfanView" = IrfanView (remove only)
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Spyware Terminator_is1" = Spyware Terminator
"WinGimp-2.0_is1" = GIMP 2.6.11
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 31.03.2011 16:30:09 | Computer Name = Home-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 31.03.2011 16:32:14 | Computer Name = Home-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 31.03.2011 16:50:01 | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GSvr.exe, Version 0.0.0.0, Zeitstempel 0x48773c29,
 fehlerhaftes Modul GSvr.exe, Version 0.0.0.0, Zeitstempel 0x48773c29, Ausnahmecode
 0xc0000005, Fehleroffset 0x000025e5,  Prozess-ID 0x4f4, Anwendungsstartzeit 01cbefdd5323d3f0.
 
Error - 31.03.2011 17:32:46 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.03.2011 17:43:28 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.03.2011 17:47:21 | Computer Name = Home-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 31.03.2011 18:13:45 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.04.2011 08:55:08 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.04.2011 09:02:09 | Computer Name = Home-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 01.04.2011 09:04:57 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 30.03.2011 23:17:01 | Computer Name = Home-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 30.03.2011 23:22:32 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 30.03.2011 23:29:02 | Computer Name = Home-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 31.03.2011 00:01:39 | Computer Name = Home-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 31.03.2011 00:19:43 | Computer Name = Home-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 31.03.2011 10:13:49 | Computer Name = Home-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 31.03.2011 10:18:19 | Computer Name = Home-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 31.03.2011 10:45:51 | Computer Name = Home-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 31.03.2011 12:10:30 | Computer Name = Home-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 0.0.0.0     Aktualisierungsquelle: %%859     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803
 
    Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 0.0.0.0     Fehlercode:
 0x8024001e     Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
 Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
 unter "Hilfe und Support". 
 
 
< End of report >
         
--- --- ---

Alt 03.04.2011, 14:45   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ISUSPM.exe-Ungültiges Bild - Trojaner? - Standard

ISUSPM.exe-Ungültiges Bild - Trojaner?



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Antwort

Themen zu ISUSPM.exe-Ungültiges Bild - Trojaner?
64-bit, adobe, bho, c:\windows\system32\rundll32.exe, explorer, fehlermeldung, firefox, hijack, hijackthis, install.exe, internet, internet explorer, intranet, location, lsass.exe, media center, micro, microsoft, microsoft security, mozilla, neu, neustart, oldtimer, problembehandlung, programme, rundll, schädling, searchplugins, shell32.dll, shortcut, software, spyware, spyware terminator, start menu, syswow64, trojaner, trojaner?, vista, windows, wlan., wmp



Ähnliche Themen: ISUSPM.exe-Ungültiges Bild - Trojaner?


  1. CCC.exe Ungültiges Bild
    Plagegeister aller Art und deren Bekämpfung - 18.10.2015 (17)
  2. Windows7: Excel.EXE ungültiges Bild
    Log-Analyse und Auswertung - 31.07.2015 (13)
  3. NvBackend.exe Ungültiges Bild
    Plagegeister aller Art und deren Bekämpfung - 01.07.2015 (28)
  4. ... .exe - Ungültiges Bild
    Log-Analyse und Auswertung - 25.04.2015 (3)
  5. WIN 7: NvBackend.exe - Ungültiges Bild
    Log-Analyse und Auswertung - 14.04.2015 (6)
  6. Meldung ...EXE - Ungültiges Bild
    Log-Analyse und Auswertung - 31.03.2015 (4)
  7. Windows 7: .exe ungültiges Bild
    Log-Analyse und Auswertung - 31.03.2015 (9)
  8. .exe - ungültiges Bild
    Plagegeister aller Art und deren Bekämpfung - 30.03.2015 (20)
  9. DHL Trojaner eingefangen (Fehlermeldung ungültiges bild)
    Plagegeister aller Art und deren Bekämpfung - 30.03.2015 (11)
  10. Windows-Fehlermeldung: ...\...\..dll: Ungültiges Bild
    Log-Analyse und Auswertung - 21.03.2015 (16)
  11. Windows 7 / Fehlermeldung - Ungültiges Bild
    Plagegeister aller Art und deren Bekämpfung - 19.03.2015 (5)
  12. xxx.exe ungültiges Bild
    Plagegeister aller Art und deren Bekämpfung - 03.02.2015 (9)
  13. Ungültiges Bild (Fehlermeldung)
    Log-Analyse und Auswertung - 03.02.2015 (1)
  14. Ungültiges Bild
    Log-Analyse und Auswertung - 24.12.2014 (3)
  15. Die Meldung ungültiges Bild und Wsys
    Plagegeister aller Art und deren Bekämpfung - 18.11.2013 (13)
  16. Ungültiges Bild - Win7
    Plagegeister aller Art und deren Bekämpfung - 09.08.2013 (23)
  17. Ungültiges Bild - Windows 7
    Plagegeister aller Art und deren Bekämpfung - 16.02.2013 (12)

Zum Thema ISUSPM.exe-Ungültiges Bild - Trojaner? - Hi, ich musste leider Vista dank eines Trojaners neu aufspielen. Als ich grad dabei war, wieder ein paar Programme zu installieren, ist der PC leider abgeschmiert. Nach dem Neustart, kam - ISUSPM.exe-Ungültiges Bild - Trojaner?...
Archiv
Du betrachtest: ISUSPM.exe-Ungültiges Bild - Trojaner? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.