Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Wer kann helfen bei dem Prob? x44.dll was not found. (https://www.trojaner-board.de/100943-helfen-prob-x44-dll-not-found.html)

plinius12 01.07.2011 14:14
Wer kann helfen bei dem Prob? x44.dll was not found.
 
Hallo, bei mir kommt immer die oben genannte Meldung zusammen mit Net Framework usw. Wie bekomme ich das weg? Ist auf einmal aufgetaucht.:headbang:

cosinus 01.07.2011 14:20
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

plinius12 01.07.2011 14:35
Ich hoffe ich mache es richtig. Habe mit OTL gescannt. Hier das LogfileOTL Logfile:
Code:
OTL logfile created on: 01.07.2011 15:33:00 - Run 1
OTL by OldTimer - Version 3.2.25.0    Folder = D:\Win 7
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 61,53% Memory free
6,00 Gb Paging File | 4,79 Gb Available in Paging File | 79,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 458,27 Gb Total Space | 377,14 Gb Free Space | 82,30% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 139,43 Gb Free Space | 29,94% Space Free | Partition Type: NTFS
Drive E: | 7,49 Gb Total Space | 1,31 Gb Free Space | 17,43% Space Free | Partition Type: NTFS
Drive G: | 5,62 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 74,52 Gb Total Space | 73,58 Gb Free Space | 98,73% Space Free | Partition Type: NTFS
Drive I: | 465,76 Gb Total Space | 195,97 Gb Free Space | 42,08% Space Free | Partition Type: NTFS
Drive J: | 931,51 Gb Total Space | 472,90 Gb Free Space | 50,77% Space Free | Partition Type: NTFS
 
Computer Name: JOHANNES-PC | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.01 15:29:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\Win 7\OTL.exe
PRC - [2011.06.16 06:32:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.10.16 13:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.04.14 17:08:12 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeccoms.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.06.18 16:19:30 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.07.01 15:29:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\Win 7\OTL.exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.06.28 11:03:08 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010.12.04 16:29:42 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.10.28 12:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.04.14 17:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeccoms.exe -- (lxec_device)
SRV - [2010.04.14 17:08:05 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2010.03.25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.18 16:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.06.28 14:26:31 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110630.038\NAVEX15.SYS -- (NAVEX15)
DRV - [2011.06.28 14:26:31 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110630.038\NAVENG.SYS -- (NAVENG)
DRV - [2011.06.16 01:56:18 | 000,810,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011.06.10 23:52:50 | 000,367,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110630.050\IDSvix86.sys -- (IDSVix86)
DRV - [2011.05.12 06:30:47 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.05.10 09:42:18 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011.05.10 09:42:18 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.04.03 12:33:04 | 000,029,184 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV52.sys -- (SSHDRV52)
DRV - [2011.03.31 05:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011.03.31 05:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011.03.22 02:39:49 | 000,296,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SYMNETS.SYS -- (SymNetS)
DRV - [2011.03.15 04:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011.01.27 08:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011.01.27 07:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010.12.23 13:50:58 | 000,016,000 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw95rc.sys -- (hcw95rc)
DRV - [2010.12.23 13:50:00 | 000,573,952 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw95bda.sys -- (hcw95bda)
DRV - [2010.10.22 08:23:05 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.09.07 22:08:56 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.08.24 19:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010.08.24 19:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010.08.24 19:30:40 | 000,040,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2010.08.24 19:30:40 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009.09.11 21:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009.09.11 21:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009.09.11 21:47:42 | 000,031,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2009.09.11 21:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009.09.11 21:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:54:15 | 001,311,232 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2009.07.14 00:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009.07.14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2009.06.30 22:24:04 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Windows Live Startseite
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Windows Live Startseite
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8D 26 63 5F 3A 95 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.arcor.de"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
FF - prefs.js..extensions.enabledItems: {BAEBEF65-9289-47c5-8524-C345CC5D860D}:1.4.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011.06.28 15:12:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011.06.28 15:12:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.04.28 12:20:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.04.28 12:20:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.28 15:12:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.03.28 11:12:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions
[2011.03.22 11:56:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\munw071f.default\extensions
[2011.03.22 11:56:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\munw071f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.06.29 09:59:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\uof9q1og.default\extensions
[2011.06.28 15:12:39 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\uof9q1og.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011.05.13 11:29:37 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\uof9q1og.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.06.28 11:06:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Message Faces for Internet Explorer) - {E3758FC2-BB95-4B86-84BF-D91F4748EC75} - C:\Program Files\Message Faces for Internet Explorer\x86\messagefaces-ie.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Winservice] C:\Windows\winservice.exe (pTJ57965LI9wox6)
O4 - HKCU..\Run: [Winservice] C:\Windows\winservice.exe (pTJ57965LI9wox6)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.08.15 19:46:05 | 000,000,000 | ---D | M] - D:\Auto Corsa -- [ NTFS ]
O32 - AutoRun File - [2010.08.30 11:53:32 | 000,377,470 | R--- | M] () - G:\autorun.ico -- [ UDF ]
O32 - AutoRun File - [2010.08.18 17:10:14 | 000,000,070 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2010.08.18 17:10:14 | 005,543,296 | R--- | M] (Codemasters Software Co.) - G:\Autorun.exe -- [ UDF ]
O33 - MountPoints2\{d7904384-ffa3-11df-a9a3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d7904384-ffa3-11df-a9a3-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2010.08.18 17:10:14 | 005,543,296 | R--- | M] (Codemasters Software Co.)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.01 14:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011.07.01 12:53:07 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Reviversoft
[2011.07.01 12:52:54 | 000,016,704 | ---- | C] (ReviverSoft) -- C:\Windows\System32\roboot.exe
[2011.06.28 10:57:03 | 000,197,120 | ---- | C] (pTJ57965LI9wox6) -- C:\Windows\winservice.exe
[2011.06.28 10:00:20 | 000,000,000 | -H-D | C] -- C:\Program Files\RunDll
[2011.06.26 10:38:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.06.20 21:52:54 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Microsoft Games
[2011.06.14 14:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
[2011.06.14 14:12:08 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Chromium
[2011.06.14 14:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\SRWare Iron
[2011.06.06 21:08:34 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Unity
[2011.06.04 11:45:11 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Logitech
[2010.12.04 17:05:15 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeccoin.dll
[2010.12.04 17:02:48 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxecserv.dll
[2010.12.04 17:02:48 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxecusb1.dll
[2010.12.04 17:02:48 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeccomc.dll
[2010.12.04 17:02:48 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxechbn3.dll
[2010.12.04 17:02:48 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxecpmui.dll
[2010.12.04 17:02:48 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeccoms.exe
[2010.12.04 17:02:48 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeccoms(54).exe
[2010.12.04 17:02:48 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeclmpm.dll
[2010.12.04 17:02:48 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeccfg.exe
[2010.12.04 17:02:48 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeccomm.dll
[2010.12.04 17:02:48 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxecinpa.dll
[2010.12.04 17:02:48 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEChcp.dll
[2010.12.04 17:02:48 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeciesc.dll
[2010.12.04 17:02:48 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxecih.exe
[2010.12.04 15:23:07 | 004,322,304 | ---- | C] (HUGO @ Underground-Economy.biz) -- C:\Users\Johannes\AppData\Local\506134.exe
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[14 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.01 15:06:13 | 000,019,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.01 15:06:13 | 000,019,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.01 15:05:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.01 14:59:10 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.01 14:58:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.01 14:58:37 | 000,852,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.01 14:58:33 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.01 14:18:29 | 000,699,642 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.01 14:18:29 | 000,654,354 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.01 14:18:29 | 000,148,438 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.01 14:18:29 | 000,121,226 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.29 18:05:58 | 000,002,250 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.06.28 13:31:23 | 000,699,642 | ---- | M] () -- C:\Windows\System32\perfh007(885).dat
[2011.06.28 13:31:23 | 000,654,354 | ---- | M] () -- C:\Windows\System32\perfh009(886).dat
[2011.06.28 13:31:23 | 000,148,438 | ---- | M] () -- C:\Windows\System32\perfc007(883).dat
[2011.06.28 13:31:23 | 000,121,226 | ---- | M] () -- C:\Windows\System32\perfc009(884).dat
[2011.06.28 11:06:52 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.06.28 11:03:08 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
[2011.06.28 10:57:03 | 000,000,014 | ---- | M] () -- C:\Windows\wins.src
[2011.06.28 10:00:20 | 000,022,040 | -H-- | M] () -- C:\Users\Johannes\AppData\Roaming\addons.dat
[2011.06.13 15:51:00 | 000,000,578 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Johannes - Vollständiger Systemscan.job
[2011.06.13 15:07:58 | 000,000,806 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Johannes - c Platte.job
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[14 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.28 10:57:03 | 000,000,014 | ---- | C] () -- C:\Windows\wins.src
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.04.03 12:33:04 | 000,029,184 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV52.sys
[2011.02.18 16:07:46 | 000,000,136 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.02.18 16:07:45 | 000,000,373 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.02.18 16:04:40 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL
[2010.12.29 21:05:06 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2010.12.16 18:22:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.16 17:18:02 | 000,004,096 | -H-- | C] () -- C:\Users\Johannes\AppData\Local\keyfile3.drm
[2010.12.08 19:06:20 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.12.08 16:19:00 | 000,000,023 | ---- | C] () -- C:\Windows\SWFDecompiler.INI
[2010.12.07 18:44:31 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.12.06 15:09:42 | 000,007,605 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Resmon.ResmonCfg
[2010.12.05 09:54:50 | 000,022,040 | -H-- | C] () -- C:\Users\Johannes\AppData\Roaming\addons.dat
[2010.12.04 17:05:15 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxecvs.dll
[2010.12.04 17:05:14 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeccui.dll
[2010.12.04 17:05:14 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeccuir.dll
[2010.12.04 17:05:14 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxecgcfg.dll
[2010.12.04 17:03:12 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxecrwrd.ini
[2010.12.04 17:02:48 | 000,327,680 | ---- | C] () -- C:\Windows\System32\LXECinst.dll
[2010.12.04 17:02:48 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxecins.dll
[2010.12.04 17:02:48 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxecinsb.dll
[2010.12.04 17:02:48 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeccu.dll
[2010.12.04 17:02:48 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxecgrd.dll
[2010.12.04 17:02:48 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxecinsr.dll
[2010.12.04 17:02:48 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeccub.dll
[2010.12.04 17:02:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxecjswr.dll
[2010.12.04 17:02:48 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeccur.dll
[2010.12.04 16:56:33 | 000,024,064 | ---- | C] () -- C:\Windows\System32\LXECsmr.dll
[2010.12.04 16:56:32 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXECsm.dll
[2009.07.14 10:47:43 | 000,699,642 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,699,642 | ---- | C] () -- C:\Windows\System32\perfh007(885).dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,148,438 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,148,438 | ---- | C] () -- C:\Windows\System32\perfc007(883).dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,852,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,654,354 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,654,354 | ---- | C] () -- C:\Windows\System32\perfh009(886).dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,121,226 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,121,226 | ---- | C] () -- C:\Windows\System32\perfc009(884).dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.26 18:21:02 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
 
========== LOP Check ==========
 
[2011.04.22 10:19:55 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DAEMON Tools Pro
[2011.01.10 12:21:56 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\GetRightToGo
[2010.12.04 16:52:56 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Leadertech
[2011.04.28 18:31:08 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\MAGIX
[2010.12.27 17:14:08 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Opera
[2010.12.06 11:49:42 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\phonostar GmbH
[2011.07.01 12:53:07 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Reviversoft
[2011.05.16 13:04:01 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\scriptocean
[2010.12.13 21:03:27 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Tific
[2010.12.23 19:19:34 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TuneUp Software
[2010.12.04 19:12:47 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Uniblue
[2011.05.30 09:54:28 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\uTorrent
[2009.07.14 06:53:46 | 000,010,708 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(56).TXT
[2011.05.22 10:17:43 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(60).TXT
[2011.05.22 10:17:43 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(64).TXT
[2011.05.22 10:17:43 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

cosinus 01.07.2011 14:44
Was ist mit Malwarebytes?

plinius12 01.07.2011 14:52
Das läuft noch. Ich denke es dauert, weil ich Komplette Scane oder langt nur C
Meinst du nicht es ist sicherer win7 neu zu installieren? Ich mache viel mit Online Banking und Bezahlung per Master Card

plinius12 01.07.2011 18:05
Endlich, war eine schlimme Geburt.
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6993

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

01.07.2011 19:04:56
mbam-log-2011-07-01 (19-04-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|I:\|J:\|)
Durchsuchte Objekte: 984428
Laufzeit: 3 Stunde(n), 22 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 28

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Winservice (Backdoor.Bot) -> Value: Winservice -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Winservice (Backdoor.Bot) -> Value: Winservice -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
d:\$RECYCLE.BIN\s-1-5-21-4220340088-1335120291-3950648042-1001\$r531pvx.keymaker-core\registry.first.aid.platinum.v7.0.0.1648.multilingual.incl.keymaker-core\cr-rfap7\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
d:\$RECYCLE.BIN\s-1-5-21-4220340088-1335120291-3950648042-1001\$r531pvx.keymaker-core\registry.first.aid.platinum.v7.0.0.1648.multilingual.incl.keymaker-core\cr-rfap7\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
d:\$RECYCLE.BIN\s-1-5-21-3346653103-1036417328-3146454902-1001\$rkfwkew.keymaker-core\CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
d:\$RECYCLE.BIN\s-1-5-21-3346653103-1036417328-3146454902-1001\$RCJLWQT\o&o defrag v10.0 professional edition german build 1634 + kegen\keygen.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
d:\$RECYCLE.BIN\s-1-5-21-3346653103-1036417328-3146454902-1001\$r5lrelv.keymaker-core\CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
d:\$RECYCLE.BIN\s-1-5-21-3346653103-1036417328-3146454902-1001\$R1MNDX9\CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
d:\$RECYCLE.BIN\s-1-5-21-3346653103-1036417328-3146454902-1001\$RZXO49E\CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
d:\Download\[nero.8.ultra.edition].nero.8x.keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\Download\isobuster.pro.v1.5.final.multilanguage-ror-pleasuredome101\isobuster pro v1.5 final multilanguage-ror-pleasuredome101\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\progifhomepage\winrar_v.4.00_final\winrar v.4.00 final\FFF\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
i:\Progi\[nero.8.ultra.edition].nero.8x.keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
i:\$RECYCLE.BIN\s-1-5-21-2331967478-509128521-3312472474-1001\$r2xv2wu.keymaker-core\CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
i:\$RECYCLE.BIN\s-1-5-21-2331967478-509128521-3312472474-1001\$rw6tol3.keymaker-core\CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
i:\$RECYCLE.BIN\s-1-5-21-2877835072-4272404522-3963899454-1001\$r5v1wwj.german-zwt\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
i:\$RECYCLE.BIN\s-1-5-21-2877835072-4272404522-3963899454-1001\$rqmlpx7.keymaker-core\CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
i:\$RECYCLE.BIN\s-1-5-21-3072119754-3254629910-2677362856-1001\$r0xi5op.keymaker-core\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
i:\$RECYCLE.BIN\s-1-5-21-3072119754-3254629910-2677362856-1001\$r0xi5op.keymaker-core\adobe.photoshop.cs5.extended.v12.0.multilingual.incl.keymaker-core\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
i:\$RECYCLE.BIN\s-1-5-21-4052353829-1968728879-3685528482-1001\$rrve8h0.keymaker-core\CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
i:\$RECYCLE.BIN\s-1-5-21-794367107-3664228406-1905016010-1001\$rgjfq9j.multilanguage-ror\isobuster pro v1.5 final multilanguage-ror-pleasuredome101\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
i:\$RECYCLE.BIN\s-1-5-21-794367107-3664228406-1905016010-1001\$rdukl6y.keymaker-core\CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
i:\$RECYCLE.BIN\s-1-5-21-794367107-3664228406-1905016010-1001\$rrl81mr.keymaker-core\CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
i:\$RECYCLE.BIN\s-1-5-21-794367107-3664228406-1905016010-1001\$rs9jkzc.keymaker-core\CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
i:\Mod\emule-0.50a-bin\eMule0.50a\Incoming\[nero.8.ultra.edition].nero.8x.keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
i:\Mod\emule-0.50a-bin\eMule0.50a\Incoming\office_professional_plus_2010_(x86)-(german)\aktivieren\mini-kms_activator_v1.052.exe (Riskware.Keygen) -> Quarantined and deleted successfully.
i:\Mod\Torrent\adobe.photoshop.cs5.extended.v12.0.multilingual.incl.keymaker-core\adobe.photoshop.cs5.extended.v12.0.multilingual.incl.keymaker-core\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
i:\Mod\Torrent\aktuelle photoshop+keymaker\adobe.photoshop.cs5.extended.v12.0.multilingual.incl.keymaker-core\adobe.photoshop.cs5.extended.v12.0.multilingual.incl.keymaker-core\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
c:\Users\Johannes\AppData\Roaming\addons.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
c:\Windows\winservice.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Larusso 01.07.2011 18:09
i:\$RECYCLE.BIN\s-1-5-21-794367107-3664228406-1905016010-1001\$rgjfq9j.multilanguage-ror\isobuster pro v1.5 final multilanguage-ror-pleasuredome101\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

Bitte lesen


Anleitung zum Neu aufsetzten

plinius12 01.07.2011 18:12
Und jetzt? was komisch ist, seitdem ich die Inf. Dateien gelöscht habe so wie beschrieben n eu gestartet ist der fehler weg. Muss ich das System trotzdem neu installieren?

Larusso 01.07.2011 18:16
Alleine wenn ich das schon lese
Zitat:
[2010.12.23 19:19:34 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TuneUp Software
[2010.12.04 19:12:47 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Uniblue
Ich sehe das Du sogenannte Registry Cleaner am System hast.
In deinem Fall Tune Up, Uniblue.

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle Dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.


Ja, du sollst dein System neu aufsetzen. OB du es machst oder nicht kann ich dann nicht entscheiden. Ich lege es dir nur ans Herz.

Das Verschwinden der Symptome bedeutet nicht das dein Rechner schon sauber ist.

cosinus 01.07.2011 18:23
Zitat:
d:\Download\[nero.8.ultra.edition].nero.8x.keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\Download\isobuster.pro.v1.5.final.multilanguage-ror-pleasuredome101\isobuster pro v1.5 final multilanguage-ror-pleasuredome101\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\progifhomepage\winrar_v.4.00_final\winrar v.4.00 final\FFF\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
i:\Progi\[nero.8.ultra.edition].nero.8x.keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
i:\$RECYCLE.BIN\s-1-5-21-2331967478-509128521-3312472474-1001\$r2xv2wu.keymaker-core\CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
i:\$RECYCLE.BIN\s-1-5-21-2331967478-509128521-3312472474-1001\$rw6tol3.keymaker-core\CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
i:\$RECYCLE.BIN\s-1-5-21-2877835072-4272404522-3963899454-1001\$r5v1wwj.german-zwt\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

Und ich seh illegale Software! :mad: :pfui:


Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

Beachte dazu auch unsere Forenrichtlinie => http://www.trojaner-board.de/95394-c...-software.html

plinius12 01.07.2011 18:35
Ich werde das Sys neu aufsetzten. Warum so streng. Ich suchte nur Hilfe die sehr gut ist hier. Ich denke, dass ich nicht der einzige bin mit solcher Software. Kann man doch huet nicht mehr bezahlen ,wenn man was braucht.

cosinus 01.07.2011 18:44
Zitat:
Kann man doch huet nicht mehr bezahlen ,wenn man was braucht.
Und wenn du das Benzin nicht mehr bezahlen kannst verschwindest du auch auch so nach dem Tanken?
Mit der Ausrede kann ich jeden Diebstahl rechtfertigen.

Nur kann man sich bei Software auch nach kostenlosen Alternativen umschauen
Was willst du mit Nero, WinRAR und dem anderen Kram. Gibt genug OpenSource die das meistens genauso gut und oft besser kann.

plinius12 01.07.2011 18:48
Ich kenne keine anderen Programme. Nenne sie mir

cosinus 01.07.2011 18:52
Ach du willst zwar nicht dich auf die Suche von Alternativen begeben, aber für die Suche nach illegalen Cracks/Keygens mit Schädlingen reicht es.

Nero => CDBurnerXP oder ImgBurn
WinRAR => 7zip

Für was zum Geier braucht man unbedingt ISOBuster?
Die Packprogramme beherrschen alle das ISO-Format! ISOs im Nachhinein bearbeiten etc. ist eine sehr spezielle Aufgabe, wofür musst du das tun?

plinius12 01.07.2011 18:59
Das war noch drauf. Brauche ich nicht mehr. Werde mich dann einmal daran machen neu zu install.

cosinus 01.07.2011 19:13
Ja wenn du neu installierst ist eh alles weg. Dann installierst du nur das was du brauchst und nicht einfach irgendwas oder alles was dir zwischen die Finger kommt. Erst recht keine gecrackte Software. Es sei denn du willst wieder Viren haben :lach:


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:03 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131