Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Virtumonde.prx kann nicht entfernt werden (https://www.trojaner-board.de/101963-virtumonde-prx-entfernt.html)

Anubiss 07.08.2011 19:32
Okay, hier das OTL:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Nfitoba deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Max
->Temp folder emptied: 405198 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 7003332 bytes
->Flash cache emptied: 456 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 46616 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7,00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08072011_201934

Files\Folders moved on Reboot...
File\Folder C:\Users\Max\AppData\Local\Temp\~DF22D3.tmp not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DF3FEA.tmp not found!
C:\Windows\temp\kvsqsb\setup.exe moved successfully.

Registry entries deleted on Reboot...

Anubiss 07.08.2011 19:36
Und hier das Bitdefender File:

QuickScan Beta 32-bit v0.9.9.99
-------------------------------
Überprüfungsdatum: Sun Aug 07 20:27:53 2011
Computer ID: A8F31D43

C:\Windows\temp\kvsqsb\setup.exe - zugriff nicht möglich
--> Vorgang setup.exe (1820)


Keine Infizierungen gefunden.
-----------------------------



Prozesse
--------
AntiVir Desktop 2604 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
AntiVir Desktop 1860 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
AntiVir Desktop 1588 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
AVM AVMWlanService 1888 C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
AVM FRITZ!WLAN 2592 C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
Betriebssystem Microsoft® Windows® 3924 C:\Windows\SysWOW64\PING.EXE
Device Error Recovery SDK 1952 C:\Windows\SysWOW64\dgdersvc.exe
DivX Download Manager Service 2956 C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
DivX Update 3016 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
Firefox 4052 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Firefox 3300 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Kies TrayAgent 2076 C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
KiesPDLR 2324 C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
Microsoft Office 2003 2368 C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
Pando Media Booster 1200 C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PnkBstrA.exe 2044 C:\Windows\SysWOW64\PnkBstrA.exe


Netzwerkaktivität
-----------------
Vorgang setup.exe (1820) verbunden mit Anschluss 3000 --> **.***.***.***
Vorgang plugin-container.exe (3300) verbunden mit Anschluss 80 (HTTP) --> **.**.***.**
Vorgang firefox.exe (4052) verbunden mit Anschluss 80 (HTTP) --> ***.**.***.***
Vorgang firefox.exe (4052) verbunden mit Anschluss 80 (HTTP) --> ***.**.***.***
Vorgang firefox.exe (4052) verbunden mit Anschluss 80 (HTTP) --> **.***.***.***
Vorgang firefox.exe (4052) verbunden mit Anschluss 80 (HTTP) --> ***.**.***.***

Vorgang PMB.exe (1200) kontrolliert die Anschlüsse: 443 (HTTP over SSL), 563 (NNTP over SSL), 56735


Autoruns und kritische Dateien
------------------------------
AntiVir Desktop C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
AVM FRITZ!WLAN C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
Betriebssystem Microsoft® Windows® c:\windows\system32\browseui.dll
Betriebssystem Microsoft® Windows® C:\Windows\system32\ssText3d.scr
Catalyst® Control Center C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
DivX Download Manager Service C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
DivX Update C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
Kies C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe
Kies TrayAgent C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
KiesPDLR C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
Pando Media Booster C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
Windows® Internet Explorer c:\windows\syswow64\webcheck.dll
(verifiziert) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe
(verifiziert) Betriebssystem Microsoft® Windows® c:\windows\system32\userinit.exe
(verifiziert) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


Browser Plugins
---------------
AcroIEHelper Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelper.dll
Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
BitDefender QuickScan C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\sjrc5bed.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
DivX OVS Helper Plug-in C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
DivX Web Player c:\program files (x86)\divx\divx plus web player\npdivx32.dll
Flash® Player Installer/Uninstaller C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
Google Earth Plugin C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
Google Update C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
ICQ C:\Program Files (x86)\ICQ7.2\ICQ.exe
Microsoft Office 2003 C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
nppdf32.DEU C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.DEU
NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
Pando Web Plugin C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
Skype Toolbars c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
Widgi Toolbar c:\program files (x86)\youtube downloader toolbar\ie\4.5\youtubedownloadertoolbarie.dll
Windows Presentation Foundation C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer c:\windows\syswow64\ieframe.dll
(verifiziert) Betriebssystem Microsoft® Windows® C:\Windows\system32\mswsock.dll
(verifiziert) Betriebssystem Microsoft® Windows® C:\Windows\system32\napinsp.dll
(verifiziert) Betriebssystem Microsoft® Windows® C:\Windows\system32\pnrpnsp.dll
(verifiziert) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
(verifiziert) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll


Überprüfen
----------
MD5: 3912f8e7a48a1446e054d1e79da355bc C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MD5: 6159c95aa16e8b2a01b7a001b8c134c3 C:\Program Files (x86)\Avira\AntiVir Desktop\aecore.dll
MD5: ee0477f95aaf614c5cb14f324ca48c3d C:\Program Files (x86)\Avira\AntiVir Desktop\aeemu.dll
MD5: 99fc44836c9faa66d3dd7f6264c2996b C:\Program Files (x86)\Avira\AntiVir Desktop\aegen.dll
MD5: e1805cf3f4739be2311a50966ebe0ce7 C:\Program Files (x86)\Avira\AntiVir Desktop\aehelp.dll
MD5: 5d6d771cd7478365926dfe609824b060 C:\Program Files (x86)\Avira\AntiVir Desktop\aeheur.dll
MD5: 24af31feed98a2ba8f0649045c05c3bc C:\Program Files (x86)\Avira\AntiVir Desktop\aeoffice.dll
MD5: 1ca8605d69c9d53c837bd6ab57c9294b C:\Program Files (x86)\Avira\AntiVir Desktop\aepack.dll
MD5: 6510790b36f61d75948e9e001b6775ab C:\Program Files (x86)\Avira\AntiVir Desktop\aerdl.dll
MD5: ea8d2dcbadb11928df166a5683d7b524 C:\Program Files (x86)\Avira\AntiVir Desktop\aesbx.dll
MD5: 864e4cec9f60c25a8a93ad3784da2e64 C:\Program Files (x86)\Avira\AntiVir Desktop\aescn.dll
MD5: 3a0638167d746bcbe06494945943ad30 C:\Program Files (x86)\Avira\AntiVir Desktop\aescript.dll
MD5: 100caaf3542fb51feca9c09db1cb940d C:\Program Files (x86)\Avira\AntiVir Desktop\aevdf.dll
MD5: c55ee924474044ca64b473b356e9d080 C:\Program Files (x86)\Avira\AntiVir Desktop\avesvc.dll
MD5: 77cf51df00905f2312f41d181056cdcd C:\Program Files (x86)\Avira\AntiVir Desktop\avesvcr.dll
MD5: 4c3eed40c3f2a9fc9956b0511d431304 C:\Program Files (x86)\Avira\AntiVir Desktop\avevtlog.dll
MD5: 5ee5c132d47ba6f331099bff1d1db539 C:\Program Files (x86)\Avira\AntiVir Desktop\AVGIO.DLL
MD5: 61941d4566c3b09f377e0e1a97bd0d9a C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
MD5: 72d90e56563165984224493069c69ed4 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
MD5: 5252bb49a0b35e1127d3771e21c7af6d C:\Program Files (x86)\Avira\AntiVir Desktop\AVPREF.DLL
MD5: f7263b4e58e0346178cad70eac7f35e6 c:\program files (x86)\avira\antivir desktop\ccgen.dll
MD5: 99fadefb3e0cfe592c4cdaccdbae12e5 c:\program files (x86)\avira\antivir desktop\ccgenrc.dll
MD5: 86e162677d131e5fa32fb2bff60cfd05 c:\program files (x86)\avira\antivir desktop\ccgrdrc.dll
MD5: 4b3a4639dd281b709162a2120b3daefc c:\program files (x86)\avira\antivir desktop\ccguard.dll
MD5: c0245ed1f48397d41632cab0afa842ce c:\program files (x86)\avira\antivir desktop\cclic.dll
MD5: d17e73d08d3f9bf86778ca32bafea292 c:\program files (x86)\avira\antivir desktop\cclicrc.dll
MD5: 05be6a994e936dc58ee3940e0bb46e70 c:\program files (x86)\avira\antivir desktop\ccmainrc.dll
MD5: 98d551a16398529f181570a001843231 c:\program files (x86)\avira\antivir desktop\ccmsg.dll
MD5: d201762816e297d0eed3b7cf00d64c93 c:\program files (x86)\avira\antivir desktop\ccmsgrc.dll
MD5: bd655a8ecaf694c48684b89c745f52fa c:\program files (x86)\avira\antivir desktop\ccupdate.dll
MD5: 6bb82348cc5c8d0ac51090f2bf7e0a92 c:\program files (x86)\avira\antivir desktop\ccupdrc.dll
MD5: a0ef10de0d455e33adffc39948660899 c:\program files (x86)\avira\antivir desktop\ccupdw.dll
MD5: 0014339814c89abf148f49976146941c c:\program files (x86)\avira\antivir desktop\ccwgrd.dll
MD5: 3defa178843b7d2cd67f63c1e2119857 c:\program files (x86)\avira\antivir desktop\ccwgrdrc.dll
MD5: d41a02871f992a2c47b84a95c2a78b40 c:\program files (x86)\avira\antivir desktop\ccwgrdw.dll
MD5: 47766f6b79a25af04ed3f6f2b02aa4cb C:\Program Files (x86)\Avira\AntiVir Desktop\ccwkrlib.dll
MD5: d710a6d072bfb305ec0a92b9c79b7a32 C:\Program Files (x86)\Avira\AntiVir Desktop\guardmsg.dll
MD5: b54557b71a82e1f9bc914991328cef16 C:\Program Files (x86)\Avira\AntiVir Desktop\onlcfg.dll
MD5: befda36cc978316a4b31495364b7e786 C:\Program Files (x86)\Avira\AntiVir Desktop\rcimage.dll
MD5: c27d46b06d340293670450fce9dfb166 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
MD5: 11f5a7193b32e6d7d8efe0c17271916c C:\Program Files (x86)\Avira\AntiVir Desktop\schedr.dll
MD5: 86fa1ecde6424cf93befd20ba4f2bc55 C:\Program Files (x86)\Avira\AntiVir Desktop\webcat.dll
MD5: 8d61c508ea68f9b032d21cc48adfaa8d C:\Program Files (x86)\avmwlanstick\avmsysnet.dll
MD5: 99d317ac2ba35b63a50aaafee4c760ed C:\Program Files (x86)\avmwlanstick\avmwlapi.dll
MD5: aaa66f4d2b2a0382926f306c5a99440a C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
MD5: 9bd46c1d2f33a890b7226edf543f18aa C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
MD5: c11f6a1f61481e24be3fdc06ea6f7d2a c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelper.dll
MD5: 251c11444f614de5fa47ecf7275e7bf1 C:\Program Files (x86)\Common Files\Microsoft Shared\office11\mso.dll
MD5: 8caf5c1748401032efabb3d52e27c1be C:\Program Files (x86)\Common Files\Microsoft Shared\office11\riched20.dll
MD5: 89175c7a2984459c0f0b0778f85a2251 C:\Program Files (x86)\Common Files\Microsoft Shared\PROOF\1031\MSGR3EN.DLL
MD5: 971ffaf1206d101f2b7875698124ccbf C:\Program Files (x86)\Common Files\Microsoft Shared\PROOF\mslid.dll
MD5: 4ad532426cea90f59b5364f7be5f2a86 C:\Program Files (x86)\Common Files\Microsoft Shared\PROOF\MSSP3GE.DLL
MD5: f29a80f607703ca1fc5d25993cc7feda C:\Program Files (x86)\Common Files\Microsoft Shared\PROOF\MSSPELL3.DLL
MD5: 5252198cf3f45114c6ca27bad1635da0 C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1031\STINTL.DLL
MD5: deaa0f5ff041981e34ca79257ba44414 C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\FNAME.DLL
MD5: b5003cb6d91829e33997d7056a534872 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
MD5: f4d62a129aaee4a619fce0c03b15e94c C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
MD5: 57d8c4ed26dfd7ef0e2cb196fb8bfb54 C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
MD5: 4b988e3393789572cdb143ddac3a2fc0 C:\Program Files (x86)\DivX\DivX Plus Web Player\DivXDownloadManager.dll
MD5: abb7a668b5d11bff77dd00cc2b6c8db0 c:\program files (x86)\divx\divx plus web player\npdivx32.dll
MD5: a58e05767687e1e636d160ecea9bc8ed C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MD5: 6031368292d5e8909fb088b31e183ec8 C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MD5: 0f445b821549f9ff471bba56c69953d4 C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
MD5: b226054bfa3d3a1920f7b95e54f3e87d C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
MD5: 83ebccc27098b1d1f20f72e10d6bf309 C:\Program Files (x86)\ICQ7.2\ICQ.exe
MD5: 63397ff71c1bc450e3d07782dd0c2e0d C:\Program Files (x86)\Microsoft Office\OFFICE11\msostyle.dll
MD5: 1eea7dd2f1ea6efef380b99a90228d2f C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
MD5: b957b30090889aa4f887277916f76fe7 C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
MD5: 6c9cd3ecba6732661c8bbe37a877a2bd C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MD5: cc5b1a70daa7a04fe15e6d7c54b55d02 C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
MD5: ff4040da11ae0d13a0a7778e6022e728 C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
MD5: 96397535f6e4ca499dd659ce76c50746 C:\Program Files (x86)\Mozilla Firefox\MOZCPP19.dll
MD5: 411f23aaf331da8b9f0cfd1cada4b8b5 C:\Program Files (x86)\Mozilla Firefox\MOZCRT19.dll
MD5: 1919d815996470088d20a59e992a9695 C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MD5: fcd1d9ccc7096dc2210d3096fbdf92cc C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
MD5: c1bf9c9244996aa0607766199d226183 C:\Program Files (x86)\Mozilla Firefox\nspr4.dll
MD5: f030ff40b6afb777b9992525800de3ea C:\Program Files (x86)\Mozilla Firefox\nss3.dll
MD5: 6689b655ea803be040d95b8ea913249f C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
MD5: 079155b0a7579652dcc2ec7908d9502a C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
MD5: fb4fc7ee2e516063e25887c2e170d893 C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll
MD5: 4dfdfb82c4f60beaf88e3c13c01f124a C:\Program Files (x86)\Mozilla Firefox\plc4.dll
MD5: 5bff0a2260ab6bf8d9b829d947c5ef6c C:\Program Files (x86)\Mozilla Firefox\plds4.dll
MD5: 4486ad32bb05628967695fca1badd46e C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
MD5: 8b07628e389e72b83473383914333ad6 C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
MD5: 1972e3168b6ba0a968a6a4b86e390b38 C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.DEU
MD5: 04af8bc83a89d9b71f7e0bcaf9fdd768 C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
MD5: cb2e646a69d347eb0437ab50785cf3bb C:\Program Files (x86)\Mozilla Firefox\smime3.dll
MD5: 363f20b791469048b0878dbdfd60e41b C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
MD5: b6a4cb50c2c0d7821a604c64a5058ed1 C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
MD5: cd05ba08fd35ec561b82f6d1c905a445 C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
MD5: 840e1ad2fdeedf482927d4369fb03dac C:\Program Files (x86)\Mozilla Firefox\xul.dll
MD5: 904f19d9b38895bd92b67738d8a1facf C:\Program Files (x86)\Pando Networks\Media Booster\BugSplat.dll
MD5: 244c2be6546609ee0a627b507ed57699 C:\Program Files (x86)\Pando Networks\Media Booster\freebl3.dll
MD5: 0ca99c5acf7d36b6ec8f504a1f11902b C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
MD5: 64f8d5047147c54fc5d524e4513ca327 C:\Program Files (x86)\Pando Networks\Media Booster\nspr4.dll
MD5: ac3e2a5b33a035827cb73a6e76d0fe96 C:\Program Files (x86)\Pando Networks\Media Booster\nss3.dll
MD5: 84ea29214303fecbae4fbd249d43c54d C:\Program Files (x86)\Pando Networks\Media Booster\plc4.dll
MD5: dcf946d365991221dfdd5db29c4bfdf7 C:\Program Files (x86)\Pando Networks\Media Booster\plds4.dll
MD5: ad58699da72fff9d87b7cae78964d127 C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MD5: 8a07ac5a1ec46972288dbd3dffb00cc4 C:\Program Files (x86)\Pando Networks\Media Booster\smime3.dll
MD5: 5bd6b446e028af843d9f01eea2185000 C:\Program Files (x86)\Pando Networks\Media Booster\softokn3.dll
MD5: 7392461e219cd8384ba07119b17a768c C:\Program Files (x86)\Pando Networks\Media Booster\ssl3.dll
MD5: 8793bea49c0aa4afa7800f3c3b3fefc8 C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\UPNPDevice_Kies.dll
MD5: 0b8834334450ee1371ee824173af6c41 C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MD5: a40a9388c4dd9a6d7ffe1b2901612761 C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe
MD5: ef44b359e520b5b9528ac0b3de9f7dd5 C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MD5: 590c4454a1d36f76da1f636fad139771 c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
MD5: 808ca0e4d7b62e5b3b2d5ac278d3bf8e c:\program files (x86)\youtube downloader toolbar\ie\4.5\youtubedownloadertoolbarie.dll
MD5: ab26aa5f24fa96fec4a7b0c70df5af27 C:\Users\Max\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
MD5: f4a569f89a90205a095965ae628625e1 C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\sjrc5bed.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: fd647ca82acf232dbe5f20345647b948 C:\Windows\AppPatch\AcGenral.DLL
MD5: 5a5dec75f662fbb8e48dd29b2d929473 C:\Windows\AppPatch\AcSpecfc.DLL
MD5: 2ce97833ba80e7c319390c4b071bda00 C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\74353039393f68f4c068cc37f759e5be\mscorlib.ni.dll
MD5: 2d7617d3143493eb8bd38290e9d2e51a C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\ca8307311e87b234b2faa5ee08332722\PresentationCore.ni.dll
MD5: ed51ca800645080bbfdda92c1b172742 C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\2250ddb1626087da27fb00f46a679ff5\PresentationFramework.ni.dll
MD5: 30a6abfdafc89976c52400665105e805 C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b61b31d1f518e9663fc204e7de21215a\PresentationFramework.Aero.ni.dll
MD5: f61faa6504ef9939867bc4ca5f50f2c0 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\0d4cdd1b911d6e28b4fd5c43ab39f7ea\System.Core.ni.dll
MD5: 63c13a88fb0520a8e2d46fd529680f16 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\53591520988a6ee49924e1efc911df30\System.Drawing.ni.dll
MD5: 647c58aa860262ab06c75fec8e3de286 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\76d7e84f5dca7908b45edba58bd12f48\System.Management.ni.dll
MD5: db5ea8b98004ec7e0adba7b4f9033d9f C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1419704737b7f46a48bc854aa2f5597d\System.Runtime.Remoting.ni.dll
MD5: 33101aaeff4e876d07f7ecb3616e68db C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3e016a2e799cfe233b13d88e90c0e0b\System.Windows.Forms.ni.dll
MD5: 2bc43a2c4b0b3bc7863fede5031a9037 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\19f85a4f6faaeb87a9055ccf23a9f8b7\System.Xaml.ni.dll
MD5: 6ac72593c1244399816bb40f21b41af6 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7cc17b90932adaad5651ceb526cade44\System.Xml.ni.dll
MD5: 68f2e9e1ee53b6aa03ab6ec62c43f145 C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5a8bf6ab1a6ba60e7355fa4cc61fd0c5\System.ni.dll
MD5: cc16b7c2367f8c4762bf770286b0a0b1 C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\3154b66d01dcd674b256e03d5f359fac\WindowsBase.ni.dll
MD5: 632e0ce38fbcadeaae28077f4c9c45d5 C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
MD5: ce07a466201096f021cd09d631b21540 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
MD5: 749f5f8cedca70f2a512945325fc489d C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: bc5b0be5af3510b0fd8c140ee42c6d3e C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 1a11a757d613f8a815b8e30025522628 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
MD5: 7b1028a754bb63bbfc75b6a94c3f47e5 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
MD5: 1986443c2f2c0e2a18e908dd241bf84d C:\Windows\Microsoft.NET\Framework\v4.0.30319\culture.dll
MD5: f711c8d93a8e4410c284d177b76c7f2b C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
MD5: 9383d302f0d95db0802308cf250727f3 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
MD5: 56d16a44691c0337dd0ef3f3008a9977 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
MD5: ebc6332093aec6a4fbf2c3919d03877a C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll
MD5: 66328b08ef5a9305d8ede36b93930369 C:\Windows\servicing\TrustedInstaller.exe
MD5: 378e22d49bea659ef11e6829ed058fc7 C:\Windows\system32\atiumdag.dll
MD5: a184e7e06d4d9336ad5cb84e1d8dcb92 C:\Windows\system32\atiumdva.dll
MD5: da7478ba9e41b60b3d5da456e253002a C:\Windows\system32\audioeng.dll
MD5: 4acf748a8e576761e4c610acab67b1bc C:\Windows\system32\BCRYPT.dll
MD5: 74f26fc01b180d4a99a168ed69c30a53 C:\Windows\system32\cmd.exe
MD5: 85e861d0b88db2b54acb0839654c09f7 C:\Windows\system32\DNSAPI.dll
MD5: 3be1651c63954067940e7f473498ad70 C:\Windows\System32\drivers\dgderdrv.sys
MD5: 6843926aff733d46a04f9d4e1c1a6b14 C:\Windows\system32\dwrite.dll
MD5: a9542ff2e9a82cf100e5729ec79068f0 C:\Windows\system32\FLTLIB.DLL
MD5: dca3fa9f9dd103dc39c24c85ef073db1 C:\Windows\system32\ICMP.DLL
MD5: b8fbe5f40b09f5d20e1e5ccfef893d62 C:\Windows\system32\IMM32.DLL
MD5: ba7c3e9dd6b1a632124c8659e8014028 C:\Windows\system32\Perfctrs.dll
MD5: ab530fdd34c67b497a20171d1234cfe9 C:\Windows\system32\RICHED32.DLL
MD5: c7230fbee14437716701c15be02c27b8 C:\Windows\System32\shsvcs.dll
MD5: 36a107e19010259fcac647ea2bf94b37 C:\Windows\system32\ssText3d.scr
MD5: bfa034aac103d8a6f591ac9364688339 C:\Windows\system32\t2embed.dll
MD5: 88b630f6aeb5a11f6ad064930b38c2c0 C:\Windows\system32\uxtheme.dll
MD5: f7f4ad3d174cb5ec3c12f04c99478b84 C:\Windows\system32\WindowsCodecs.dll
MD5: 2d1179cdec6b7400105e68f6ac9b4efe C:\Windows\system32\WINSPOOL.DRV
MD5: 367465dd8e2bffe4c5477c86c8217e8c C:\Windows\SysWOW64\dgderapi.dll
MD5: 10b8f89d146d0e20b1284d47bb4ec6c9 C:\Windows\SysWOW64\dgdersvc.exe
MD5: 1bd976dd77b31fe0f25708ad5c1351ae C:\Windows\SysWOW64\DIFXAPI.dll
MD5: 85e861d0b88db2b54acb0839654c09f7 C:\Windows\Syswow64\DNSAPI.dll
MD5: 05c8c8767e29163fc251164ff6839ea5 C:\Windows\syswow64\GDI32.dll
MD5: af3db1d3ac2ab52f910b2102447e3564 c:\windows\syswow64\ieframe.dll
MD5: 6419081f0f15cb860458515d1a52d560 C:\Windows\syswow64\iertutil.dll
MD5: b8fbe5f40b09f5d20e1e5ccfef893d62 C:\Windows\syswow64\IMM32.dll
MD5: 7f4caeac24592fa9f574e1f8cd1d0604 C:\Windows\syswow64\kernel32.dll
MD5: df37346ea13082e3e1b423b54014e641 C:\Windows\syswow64\LPK.DLL
MD5: 21a67095edc11a528f5434d28bb0ef3c C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MD5: 56007cfc52167c26e4a3f899b8d29ccd C:\Windows\SysWOW64\ntdll.dll
MD5: 9586e7cb2255a8b097a7e4538202585e C:\Windows\syswow64\ole32.dll
MD5: de4cd76c254e143f40e62952788d3be7 C:\Windows\syswow64\OLEAUT32.dll
MD5: 0ed8727ea0172860f47258456c06caea C:\Windows\SysWow64\perfhost.exe
MD5: 015e1f472a5633520903353375f7e69d C:\Windows\SysWOW64\PING.EXE
MD5: 3a2bdd76e7d2a5f40a7174793d1ba794 C:\Windows\SysWOW64\PnkBstrA.exe
MD5: 0abe67004eb4c162f4456e64f90a11fd C:\Windows\syswow64\RPCRT4.dll
MD5: 2ab58991862153a248779174d4e4212b C:\Windows\SysWOW64\schannel.dll
MD5: 33ae914c24f546aabf281ba7b138186d C:\Windows\syswow64\SHELL32.dll
MD5: 9176285122b7b849fec2aa1b72a8f7a8 C:\Windows\syswow64\SHLWAPI.dll
MD5: 9188e90d47ba1e68e90c450473fadf5f C:\Windows\syswow64\urlmon.dll
MD5: d29fdb5dedbdc1bd882164dc6dc4dd53 C:\Windows\syswow64\USER32.dll
MD5: 80fff14f1757b9af8be9d314fc1ae88b C:\Windows\syswow64\USP10.dll
MD5: 17413ef7d95632d892b4c914cd7e66f9 C:\Windows\syswow64\WININET.dll
MD5: a55e7d0d873b2c97585b3b5926ac6ade C:\Windows\WindowsMobile\rapimgr.dll
MD5: 8bda6db43aa54e8bb5e0794541ddc209 C:\Windows\WindowsMobile\wcescomm.dll
MD5: 35acd5ea63d75e97dd0e9a1629e582b2 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll
MD5: be3c082837866c4c291adaf163c10ea6 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MD5: b5b09091b0e33c396ceec8995515bd41 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll
MD5: 914a7156b0c0f10be645a02e13f576b2 D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe


Keine Dateien hochgeladen

Scan beendet - Kommunikation hat 1 Sek. gedauert
übertragene Daten - 0.02 MB gesendet, 0.63 KB empfangen
349 Dateien und Module geprüft - 19 seconds

==============================================================================

Swisstreasure 07.08.2011 20:22
Schritt 1

Fixen mit OTL
Code:
:OTL
PRC - [2011.08.06 12:57:05 | 000,039,424 | ---- | M] (Tricky Perry Shade) -- C:\Windows\temp\kvsqsb\setup.exe
SRV - [2011.08.06 12:57:05 | 000,039,424 | ---- | M] (Tricky Perry Shade) [Auto | Start_Pending] -- C:\Windows\TEMP\kvsqsb\setup.exe -- (AMService)
:files
C:\Windows\temp\kvsqsb
:Commands
[purity]
[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Anubiss 08.08.2011 08:24
Hier das OTL:

All processes killed
========== OTL ==========
No active process named setup.exe was found!
Service AMService stopped successfully!
Service AMService deleted successfully!
File C:\Windows\TEMP\kvsqsb\setup.exe not found.
========== FILES ==========
C:\Windows\temp\kvsqsb folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Max
->Temp folder emptied: 92508 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 6890003 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7192 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7,00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08082011_091917

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Swisstreasure 08.08.2011 08:31
Wie läuft das System?

Update Malwarebytes sund mache erneut einen Scan, poste das Log.

Anubiss 08.08.2011 15:00
Sieht gut aus, jetzt wird nur noch 1 Datei als Trojan Banker angezeigt
System läuft!

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7409

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

08.08.2011 15:55:54
mbam-log-2011-08-08 (15-55-04).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 170667
Laufzeit: 1 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A} (PUP.Dealio.TB) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio.TB) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio.TB) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio.TB) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files (x86)\youtube downloader toolbar\IE\4.5\youtubedownloadertoolbarie.dll (PUP.Dealio.TB) -> No action taken.

Anubiss 09.08.2011 09:00
Kann ich den Trojaner jetzt einfach mit malwarebytes entfernen?

Swisstreasure 09.08.2011 13:07
Ja entferne alles.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Anubiss 09.08.2011 13:50
So, hier das OTL. Malwarebytes findet nach dem entfernen der Dateien auch nix mehr. Dürfte jetzt clean sein oder?OTL Logfile:
Code:
OTL logfile created on: 09.08.2011 14:38:49 - Run 4
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\Max\Desktop\Security
64bit-Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 67,60% Memory free
8,17 Gb Paging File | 6,65 Gb Available in Paging File | 81,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,10 Gb Total Space | 32,19 Gb Free Space | 21,59% Space Free | Partition Type: NTFS
Drive D: | 300,00 Gb Total Space | 73,85 Gb Free Space | 24,62% Space Free | Partition Type: NTFS
Drive E: | 148,99 Gb Total Space | 16,96 Gb Free Space | 11,39% Space Free | Partition Type: NTFS
Drive F: | 296,17 Gb Total Space | 169,86 Gb Free Space | 57,35% Space Free | Partition Type: NTFS
Drive H: | 246,75 Mb Total Space | 246,73 Mb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: MAX-PC | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.04 11:02:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\Security\OTL.exe
PRC - [2011.07.23 15:56:30 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.06.30 16:38:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.01 12:00:48 | 003,071,384 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011.04.27 16:51:20 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.09 21:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.08 23:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010.09.06 09:16:58 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysWOW64\dgdersvc.exe
PRC - [2008.01.21 04:47:38 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2006.12.28 01:00:00 | 001,454,080 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2006.12.28 01:00:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.08.04 11:02:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\Security\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.09.24 00:28:02 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.07.23 15:56:30 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.06.30 16:38:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 16:51:20 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.06 09:16:58 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.09.12 18:15:50 | 000,087,288 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2007.05.31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.12.28 01:00:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.07.30 11:23:52 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.06.30 16:38:06 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.30 16:38:06 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.06 16:11:34 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.03.06 16:11:34 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.12.30 19:05:53 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.09.06 09:19:54 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.09.06 09:11:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.07.20 12:38:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010.07.20 12:38:24 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2010.07.20 12:38:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010.04.27 04:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.04.27 04:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.04.27 04:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009.09.30 16:32:44 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.24 01:01:24 | 006,175,744 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.04.22 15:46:06 | 003,552,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009.02.09 00:43:10 | 000,111,104 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\hxctlflt.sys -- (hxctlflt)
DRV:64bit: - [2008.01.21 04:45:19 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2006.12.28 01:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2006.12.28 01:00:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2006.10.03 04:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2006.09.18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV - [2010.09.06 09:16:58 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010.09.06 09:11:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.01.06 12:35:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.01.06 12:35:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Max\AppData\Roaming\5016 [2011.06.08 18:38:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.24 13:26:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.06 19:49:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Max\AppData\Roaming\5016 [2011.06.08 18:38:58 | 000,000,000 | ---D | M]
 
[2010.12.30 20:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Extensions
[2011.08.07 20:26:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\sjrc5bed.default\extensions
[2011.01.01 15:40:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\sjrc5bed.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.01 14:24:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\sjrc5bed.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.08.07 20:26:37 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\sjrc5bed.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.01.05 22:38:26 | 000,002,094 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\sjrc5bed.default\searchplugins\ecosia.xml
[2011.08.09 14:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.30 19:47:20 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
[2011.06.08 18:38:58 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\MAX\APPDATA\ROAMING\5016
() (No name found) -- C:\USERS\MAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SJRC5BED.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
[2011.06.24 13:26:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.06 19:49:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.06 19:49:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.05.06 19:49:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.06 19:49:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.06 19:49:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.06 19:49:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.07 20:26:53 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\QuickScan
[2011.08.07 16:55:54 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\World in Conflict
[2011.08.05 14:57:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011.08.05 14:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2011.08.05 14:24:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011.08.05 14:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011.08.05 13:50:34 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\Security
[2011.08.04 20:04:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.08.04 19:41:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.08.03 12:19:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.08.03 11:22:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.08.03 11:14:01 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\temp
[2011.08.03 11:08:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.08.03 11:08:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.08.03 11:08:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.08.03 11:08:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.08.03 11:07:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.08.02 20:36:16 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Malwarebytes
[2011.08.02 20:36:07 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.08.02 20:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.02 20:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.02 20:36:03 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.08.02 20:36:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.08.02 19:53:36 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.08.02 19:53:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011.07.31 13:15:30 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Jens Lorek
[2011.07.30 11:23:52 | 000,254,528 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.07.30 11:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011.07.30 11:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011.07.28 15:15:27 | 000,000,000 | ---D | C] -- C:\Temp
[2011.07.28 15:13:08 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Samsung
[2011.07.28 15:12:20 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2011.07.28 15:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2011.07.28 12:37:33 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Samsung
[2011.07.28 12:22:14 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Downloaded Installations
[2011.07.28 11:48:14 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2011.07.28 11:48:14 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2011.07.28 11:48:13 | 000,159,208 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2011.07.28 11:48:13 | 000,125,416 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2011.07.28 11:48:13 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2011.07.28 11:48:13 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2011.07.28 11:48:13 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2011.07.28 11:44:04 | 000,172,104 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys
[2011.07.28 11:44:04 | 000,136,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys
[2011.07.28 11:44:04 | 000,019,016 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys
[2011.07.28 11:44:04 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys
[2011.07.28 11:44:04 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys
[2011.07.28 11:44:04 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys
[2011.07.28 11:44:04 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys
[2011.07.28 11:41:37 | 000,020,480 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe
[2011.07.28 11:41:37 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys
[2011.07.28 11:41:37 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysNative\drivers\TFsExDisk.sys
[2011.07.28 11:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2011.07.28 11:38:21 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Samsung
[2011.07.28 11:38:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2011.07.28 11:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2011.07.28 11:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Samsung
[2011.07.23 20:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011.07.23 20:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011.07.23 20:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011.07.23 20:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011.07.23 17:37:46 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\HP
[2011.07.23 15:56:22 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\PunkBuster
[2011.07.22 22:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jens Lorek
[2 C:\Users\Max\AppData\Local\*.tmp files -> C:\Users\Max\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.09 14:38:25 | 001,733,766 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.08.09 14:38:25 | 000,736,506 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.08.09 14:38:25 | 000,684,882 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.08.09 14:38:25 | 000,172,314 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.08.09 14:38:25 | 000,139,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.08.09 14:31:31 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.09 14:31:14 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.09 14:31:14 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.09 14:31:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.09 14:29:57 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.08.09 14:24:10 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.05 11:16:36 | 000,074,240 | ---- | M] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.02 14:57:20 | 000,000,321 | ---- | M] () -- C:\Windows\wininit.ini
[2011.08.02 13:58:12 | 000,000,000 | ---- | M] () -- C:\Users\Max\AppData\Local\{12916667-5210-4A38-9F85-638A4C1756FD}
[2011.08.02 13:55:14 | 000,250,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.08.02 13:42:59 | 000,000,732 | ---- | M] () -- C:\Users\Max\AppData\Local\d3d9caps64.dat
[2011.08.02 11:35:15 | 000,000,120 | ---- | M] () -- C:\Users\Max\AppData\Local\Lbanirakipejo.dat
[2011.08.01 14:21:56 | 000,000,632 | ---- | M] () -- C:\Users\Max\Desktop\Gothic III - Forsaken Gods.lnk
[2011.08.01 13:22:43 | 000,000,559 | ---- | M] () -- C:\Users\Max\Desktop\Gothic III.lnk
[2011.07.30 11:23:52 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.07.28 13:29:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011.07.28 13:22:25 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2011.07.25 23:14:40 | 000,001,356 | ---- | M] () -- C:\Users\Max\AppData\Local\d3d9caps.dat
[2011.07.23 20:58:50 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f Scan.lnk
[2011.07.23 15:56:30 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.07.23 15:56:25 | 000,270,408 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.07.23 15:56:25 | 000,270,408 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2 C:\Users\Max\AppData\Local\*.tmp files -> C:\Users\Max\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.03 11:08:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.08.03 11:08:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.08.03 11:08:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.08.03 11:08:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.08.03 11:08:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.08.02 13:57:56 | 000,000,000 | ---- | C] () -- C:\Users\Max\AppData\Local\{12916667-5210-4A38-9F85-638A4C1756FD}
[2011.08.02 12:24:53 | 000,000,321 | ---- | C] () -- C:\Windows\wininit.ini
[2011.08.02 11:35:15 | 000,000,120 | ---- | C] () -- C:\Users\Max\AppData\Local\Lbanirakipejo.dat
[2011.08.01 14:21:56 | 000,000,632 | ---- | C] () -- C:\Users\Max\Desktop\Gothic III - Forsaken Gods.lnk
[2011.08.01 13:22:43 | 000,000,559 | ---- | C] () -- C:\Users\Max\Desktop\Gothic III.lnk
[2011.07.28 15:05:04 | 000,002,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2011.07.28 15:04:42 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.07.28 13:29:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011.07.28 11:38:18 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp
[2011.07.23 20:59:23 | 000,000,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2011.07.23 20:58:50 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f Scan.lnk
[2011.07.23 15:56:25 | 000,270,408 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.07.06 12:37:12 | 000,270,408 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.06 12:37:10 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.05.01 19:09:37 | 000,000,091 | ---- | C] () -- C:\Users\Max\AppData\Local\fusioncache.dat
[2011.03.16 21:00:01 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.12.31 15:16:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.30 19:51:01 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010.12.30 19:49:52 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.12.30 18:52:46 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.30 16:25:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.12.30 12:50:31 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010.12.30 12:49:48 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010.12.30 12:49:14 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010.12.29 19:41:56 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010.12.29 18:55:58 | 000,000,552 | ---- | C] () -- C:\Users\Max\AppData\Local\d3d8caps.dat
[2010.12.29 18:55:00 | 000,001,356 | ---- | C] () -- C:\Users\Max\AppData\Local\d3d9caps.dat
[2010.12.29 18:53:24 | 000,074,240 | ---- | C] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.29 17:01:01 | 001,762,112 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.29 14:14:00 | 000,000,732 | ---- | C] () -- C:\Users\Max\AppData\Local\d3d9caps64.dat
[2010.09.06 09:19:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2010.09.06 09:19:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2010.09.06 09:19:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2010.09.06 09:19:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2009.08.07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 04:47:53 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 17:30:41 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011.01.31 20:27:21 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\25006
[2011.06.08 18:38:58 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\5016
[2010.12.30 19:45:00 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DAEMON Tools Lite
[2011.07.30 19:55:38 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\ICQ
[2011.07.31 13:15:30 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Jens Lorek
[2011.06.08 18:38:48 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\kock
[2011.07.06 12:37:09 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\PunkBuster
[2011.08.07 20:27:53 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\QuickScan
[2011.07.28 15:10:29 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Samsung
[2011.07.08 14:29:21 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TeamViewer
[2010.12.31 15:14:46 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TubeBox
[2011.07.23 15:56:17 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Ubisoft
[2011.06.08 18:38:48 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\xmldm
[2011.08.09 14:29:57 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.08.03 12:19:35 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.12.30 16:49:48 | 000,000,000 | ---D | M] -- C:\ATI
[2010.12.30 14:52:07 | 000,000,000 | ---D | M] -- C:\Boot
[2006.11.02 17:35:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.12.29 14:11:44 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.12.29 15:01:44 | 000,000,000 | ---D | M] -- C:\Intel
[2008.01.21 05:01:21 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.07.23 20:55:50 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.08.09 14:34:29 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.08.02 20:36:05 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.12.29 14:11:44 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.08.03 11:22:32 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.08.09 14:39:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.28 15:33:09 | 000,000,000 | ---D | M] -- C:\Temp
[2010.12.30 17:07:15 | 000,000,000 | R--D | M] -- C:\Users
[2011.08.09 14:33:27 | 000,000,000 | ---D | M] -- C:\Windows
[2011.08.04 19:41:32 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\ERDNT\cache86\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 04:46:34 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 04:47:14 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:47:40 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:48:18 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe
[2008.01.21 04:48:18 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe
[2008.01.21 04:47:40 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\ERDNT\cache86\regedit.exe
[2008.01.21 04:47:40 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:48:25 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe
[2008.01.21 04:48:25 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:48:25 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:47:35 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe
[2008.01.21 04:47:35 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:47:35 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:45:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache86\wininit.exe
[2008.01.21 04:45:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:45:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:48:12 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\ERDNT\cache64\wininit.exe
[2008.01.21 04:48:12 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:48:12 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:47:36 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:48:26 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<          >

< End of report >
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:30 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20