Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Kann mir jemand diese Logfile ansehen? (https://www.trojaner-board.de/96259-mir-jemand-diese-logfile-ansehen.html)

mhiasl 04.03.2011 15:55
Kann mir jemand diese Logfile ansehen?
 
Hi
Ich habe mir auf meinem Laptop einen Trojaner eingefangen.Dabei war ich mit diesem PC auch im Netz(Heimnetzwerk über Lan)
Ist mein PC noch sauber oder habe ich mir was eingefangen.
Der Virenscan von Antivir hat nichts gefunden.
Hier mein LogfileOTL Logfile:
Code:
OTL logfile created on: 04.03.2011 12:06:23 - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\Xy Büro\Documents
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 63,00% Memory free
15,00 Gb Paging File | 12,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488,29 Gb Total Space | 243,79 Gb Free Space | 49,93% Space Free | Partition Type: NTFS
Drive D: | 693,16 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 2,15 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 202,72 Gb Total Space | 4,39 Gb Free Space | 2,16% Space Free | Partition Type: NTFS
Drive G: | 7,81 Mb Total Space | 4,06 Mb Free Space | 51,95% Space Free | Partition Type: NTFS
Drive H: | 118,29 Gb Total Space | 118,20 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive N: | 259,58 Gb Total Space | 10,35 Gb Free Space | 3,99% Space Free | Partition Type: NTFS
 
Computer Name: BÜRO-PC | User Name: Xy Büro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.03.04 11:56:49 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Xy Büro\Documents\OTL.exe
PRC - [2011.02.18 11:11:28 | 000,420,520 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2011.01.16 18:58:38 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.16 18:57:43 | 000,435,368 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
PRC - [2011.01.16 18:57:37 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011.01.16 18:57:35 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.01.16 18:57:34 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.18 10:44:16 | 009,221,024 | ---- | M] (Innovative Solutions) -- C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe
PRC - [2010.11.10 18:58:36 | 000,082,944 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
PRC - [2010.11.10 18:18:20 | 000,380,928 | ---- | M] (Hauppauge Computer Works) -- C:\PROGRA~3\WinTV\TVServer\CAPTUR~4.EXE
PRC - [2010.11.03 19:31:44 | 000,558,592 | ---- | M] (Hauppauge Computer Works) -- C:\PROGRA~3\WinTV\TVServer\HAUPPA~1.EXE
PRC - [2010.10.07 10:37:02 | 000,117,344 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\Ir.exe
PRC - [2010.09.30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010.09.01 05:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009.09.29 17:56:26 | 000,464,224 | ---- | M] () -- C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2009.09.29 17:56:26 | 000,189,792 | ---- | M] () -- C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2009.09.29 17:56:04 | 000,226,536 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\TV Enhance\TVEService.exe
PRC - [2009.09.16 11:34:20 | 000,202,024 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe
PRC - [2009.09.16 11:34:02 | 000,148,776 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerCinema\PCMAgent.exe
PRC - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.03.04 11:56:49 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Xy Büro\Documents\OTL.exe
MOD - [2011.01.16 18:47:30 | 000,159,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.dll
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010.03.25 10:25:22 | 004,222,864 | ---- | M] (Microsoft Corporation) -- C:\PROGRA~3\MICROS~2\Office14\GROOVEEX.DLL
MOD - [2010.03.25 03:45:24 | 008,945,576 | ---- | M] (Microsoft Corporation) -- C:\PROGRA~3\MICROS~2\Office14\1031\GrooveIntlResource.dll
MOD - [2010.01.30 02:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~3\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2009.06.10 22:14:56 | 000,652,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll
MOD - [2009.06.10 22:14:54 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcp90.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.12.14 14:00:54 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010.11.26 02:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.08.10 21:34:50 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.02.18 11:11:28 | 000,420,520 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.01.16 18:58:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.01.16 18:57:37 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.01.16 18:57:35 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.12.14 14:04:48 | 002,019,648 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.12.14 14:00:50 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.11.03 19:31:44 | 000,558,592 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\PROGRA~3\WinTV\TVServer\HAUPPA~1.EXE -- (HauppaugeTVServer)
SRV - [2010.09.30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.29 17:56:26 | 000,464,224 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS)
SRV - [2009.09.29 17:56:26 | 000,189,792 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS))
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2005.02.09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\Windows\SysWOW64\drivers\Pclepci.sys -- (PCLEPCI)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.02.24 14:51:18 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.01.16 18:59:41 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.01.16 18:59:39 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.11.26 04:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.11.26 04:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.11.26 02:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.08.16 17:21:38 | 000,440,064 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88vid.sys -- (hcw88vid)
DRV:64bit: - [2010.08.16 17:21:34 | 000,259,456 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88bda.sys -- (HCW88BDA)
DRV:64bit: - [2010.08.16 17:21:30 | 000,339,968 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88tse.sys -- (HCW88TSE)
DRV:64bit: - [2010.08.16 17:21:30 | 000,110,592 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88tun.sys -- (HCW88TUNE)
DRV:64bit: - [2010.08.16 17:21:26 | 000,015,872 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88rc5.sys -- (hcw88rc5)
DRV:64bit: - [2010.08.16 17:21:24 | 000,021,632 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw88bar.sys -- (HCW88XBAR)
DRV:64bit: - [2010.08.16 17:21:24 | 000,016,128 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hcw88aud.sys -- (HCW88AUD)
DRV:64bit: - [2010.04.17 18:11:50 | 000,108,032 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)
DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.12.31 11:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011c\WNt500x64\Sandra.sys -- (SANDRA)
DRV:64bit: - [2009.07.30 12:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009.07.14 01:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009.07.14 01:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009.07.14 01:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009.07.14 01:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:36:03 | 000,899,328 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fpcibase.sys -- (FPCIBASE)
DRV:64bit: - [2009.06.10 21:36:02 | 000,079,872 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmcowan.sys -- (AVMCOWAN)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.05.04 17:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009.04.28 02:03:42 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.04.28 02:03:42 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2008.01.19 06:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV:64bit: - [2006.12.13 12:34:04 | 000,253,568 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bender64.sys -- (BENDER)
DRV - [2010.11.29 19:27:40 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F E7 64 C4 A1 B5 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/|hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.01 18:37:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.01 18:40:05 | 000,000,000 | ---D | M]
 
[2011.02.24 14:26:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xy Büro\AppData\Roaming\mozilla\Extensions
[2011.02.24 14:26:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xy Büro\AppData\Roaming\mozilla\Firefox\Profiles\lzjpequu.default\extensions
[2011.02.24 14:26:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2004.06.09 16:03:02 | 000,832,728 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPSWF32.dll
[2010.08.25 01:44:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.08.25 01:44:54 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.08.25 01:44:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.08.25 01:44:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.08.25 01:44:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.22 17:15:02 | 000,001,337 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
 
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~3\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~3\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TVEService] C:\Program Files (x86)\CyberLink\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DriverMax] C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~3\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.01.17 11:55:08 | 000,000,107 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.10.07 17:23:33 | 000,000,143 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010.09.07 12:23:59 | 000,000,605 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010.09.07 12:23:59 | 000,000,012 | R--- | M] () - E:\autorun.tag -- [ CDFS ]
O32 - AutoRun File - [2010.07.30 10:40:54 | 000,000,087 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6e78c36a-401d-11e0-a13a-d52c50e896b7}\Shell - "" = AutoRun
O33 - MountPoints2\{6e78c36a-401d-11e0-a13a-d52c50e896b7}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O33 - MountPoints2\{8a670039-21c9-11e0-85e6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8a670039-21c9-11e0-85e6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\wubi.exe -- [2010.10.07 11:59:45 | 001,503,592 | R--- | M] ()
O33 - MountPoints2\{8a67003a-21c9-11e0-85e6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8a67003a-21c9-11e0-85e6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\pcwstart.exe -- [2010.09.06 11:54:59 | 000,935,768 | R--- | M] (mirabyte GmbH & Co. KG)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.04 11:56:53 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Xy Büro\Documents\OTL.exe
[2011.03.01 11:03:46 | 000,000,000 | R--D | C] -- C:\Users\Xy Büro\Documents\Eigene Dateien
[2011.03.01 10:35:52 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\Documents\de_windows_7_ultimate_win64_x15-80012
[2011.02.26 19:29:27 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\{0277B9B5-D18A-48BF-A14D-4988C1EEDABB}
[2011.02.26 19:27:45 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Roaming\vlc
[2011.02.26 19:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.02.26 19:27:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011.02.25 08:26:35 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\{2C7339B4-B014-4CDC-8213-39A7C6531591}
[2011.02.24 18:54:31 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\Chromium
[2011.02.24 18:47:56 | 041,426,128 | ---- | C] (MakeMusic) -- C:\Users\Xy Büro\Documents\notepad2008.exe
[2011.02.24 15:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC-WELT-IronBrowser
[2011.02.24 15:35:57 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\PC-WELT-IronBrowser
[2011.02.24 15:33:00 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Roaming\U3
[2011.02.24 15:25:52 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\{4F665550-E516-4FE3-AB8E-E44DF6B52047}
[2011.02.24 15:16:40 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.02.24 15:13:14 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\Google
[2011.02.24 15:12:58 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\Deployment
[2011.02.24 15:12:58 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\Apps
[2011.02.24 15:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2011.02.24 15:11:37 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011.02.24 14:50:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2011.02.24 14:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%
[2011.02.24 14:26:53 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Roaming\Mozilla
[2011.02.24 14:26:53 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\Mozilla
[2011.02.24 14:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011.02.24 14:26:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011.02.24 14:25:33 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\Documents\Iron_Erweiterungen
[2011.02.23 16:00:06 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\{BF51A51B-0046-4BEB-97F6-F19B0E3943EB}
[2011.02.22 17:09:58 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011.02.22 17:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011.02.22 17:09:56 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Roaming\Notepad++
[2011.02.22 17:09:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2011.02.21 09:48:44 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\{0FB3E6E4-E21C-4632-80BD-9F26C40F15AB}
[2011.02.19 17:15:35 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\Documents\Brennesel
[2011.02.19 13:25:53 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\{3820863F-5C58-4BB9-9D87-7531DDED7A7E}
[2011.02.17 16:19:15 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\{C1F98DD2-44F6-4E91-8791-3E86F852BC23}
[2011.02.16 18:09:04 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\{D3039079-609B-4183-BB49-D78801D99EC3}
[2011.02.15 19:45:42 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\{0A5CDF07-D915-4517-90B1-61FEEDC81FB5}
[2011.02.14 23:01:12 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011.02.14 22:57:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011.02.14 22:51:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011.02.14 22:32:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2011.02.14 22:23:30 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\Documents\PhotoshopElements_9_LS15
[2011.02.14 21:41:36 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\{48FB578B-A95B-4E1C-8D15-BF5BA0BF2A46}
[2011.02.14 08:23:15 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\{BFA5F6C9-6F89-4C03-9DC6-F25027D4E326}
[2011.02.14 08:16:00 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\{C25648D4-6F17-4A2A-900C-1DB2EBC2A8BD}
[2011.02.13 11:51:45 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\{95404982-0470-4782-939A-BDE5D114E23F}
[2011.02.11 15:54:21 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\{DF680E99-3F70-4181-BD33-32D2C767DB52}
[2011.02.09 17:47:59 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Roaming\AdobeUM
[2011.02.09 17:47:56 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\Documents\My eBooks
[2011.02.09 16:29:01 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\{FB141D3A-B832-4EFF-92AD-CB41D8D9B479}
[2011.02.08 09:00:34 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\ElevatedDiagnostics
[2011.02.07 21:56:25 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\{D25DBC7B-D857-4536-9F53-86DA99CBEFCC}
[2011.02.05 03:26:11 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\{48535ECA-2523-4852-B797-04028E04247E}
[2011.02.04 17:06:14 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\Documents\Faschingsblattl
[2011.02.04 15:25:47 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\{3E915296-D7DA-410E-B177-1204A5CA9899}
[2011.02.03 12:28:19 | 000,000,000 | ---D | C] -- C:\Users\Xy Büro\AppData\Local\{929E3256-2C9D-48B2-8F4E-7E39EE15D5FF}
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.04 11:56:49 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Xy Büro\Documents\OTL.exe
[2011.03.04 11:18:10 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2995656763-2247449789-2702785056-1000UA.job
[2011.03.04 08:56:11 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.03.04 08:56:11 | 000,655,802 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.03.04 08:56:11 | 000,616,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.03.04 08:56:11 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.03.04 08:56:11 | 000,106,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.03.04 08:52:54 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.04 08:52:54 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.04 08:45:48 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011.03.04 08:45:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.04 08:45:24 | 1945,554,943 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.03 15:18:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2995656763-2247449789-2702785056-1000Core.job
[2011.03.01 14:18:28 | 000,002,420 | ---- | M] () -- C:\Users\Xy Büro\Desktop\Google Chrome.lnk
[2011.03.01 10:41:53 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011.02.26 19:27:42 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.02.24 18:53:55 | 041,426,128 | ---- | M] (MakeMusic) -- C:\Users\Xy Büro\Documents\notepad2008.exe
[2011.02.24 15:36:45 | 000,002,155 | ---- | M] () -- C:\Users\Public\Desktop\PC-WELT-IronBrowser.lnk
[2011.02.24 15:11:38 | 000,001,268 | ---- | M] () -- C:\Users\Xy Büro\Desktop\Revo Uninstaller.lnk
[2011.02.24 15:05:43 | 2065,278,976 | ---- | M] () -- C:\Users\Xy Büro\Documents\Anna Dez 09-Jan 2010.mdf
[2011.02.24 15:04:43 | 000,004,328 | ---- | M] () -- C:\Users\Xy Büro\Documents\Anna Dez 09-Jan 2010.mds
[2011.02.24 14:55:25 | 000,001,184 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2011.02.24 14:51:18 | 000,868,848 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2011.02.24 14:26:49 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.02.22 17:15:02 | 000,001,337 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.02.19 18:20:47 | 000,311,656 | ---- | M] () -- C:\Users\Xy Büro\Documents\Brennesel.zip
[2011.02.16 16:59:04 | 004,643,841 | ---- | M] () -- C:\Users\Xy Büro\Documents\P1000650.JPG
[2011.02.16 16:58:52 | 004,868,716 | ---- | M] () -- C:\Users\Xy Büro\Documents\P1000649.JPG
[2011.02.16 16:58:32 | 004,434,611 | ---- | M] () -- C:\Users\Xy Büro\Documents\P1000648.JPG
[2011.02.15 09:11:34 | 000,459,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.02.14 22:53:16 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 9.lnk
[2011.02.12 18:27:07 | 000,243,943 | ---- | M] () -- C:\Users\Xy Büro\Documents\PowerCinema_UG_DEU.pdf
[2011.02.09 17:36:36 | 000,284,807 | ---- | M] () -- C:\Users\Xy Büro\Documents\Anleitung3 001.jpg
[2011.02.09 17:34:22 | 000,392,703 | ---- | M] () -- C:\Users\Xy Büro\Documents\Anleitung1 001.jpg
[2011.02.09 14:16:38 | 000,002,000 | -H-- | M] () -- C:\Users\Xy Büro\Documents\Default.rdp
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.26 19:27:42 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.02.24 15:36:45 | 000,002,155 | ---- | C] () -- C:\Users\Public\Desktop\PC-WELT-IronBrowser.lnk
[2011.02.24 15:16:41 | 000,002,420 | ---- | C] () -- C:\Users\Xy Büro\Desktop\Google Chrome.lnk
[2011.02.24 15:13:17 | 000,001,134 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2995656763-2247449789-2702785056-1000UA.job
[2011.02.24 15:13:16 | 000,001,082 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2995656763-2247449789-2702785056-1000Core.job
[2011.02.24 15:11:38 | 000,001,268 | ---- | C] () -- C:\Users\Xy Büro\Desktop\Revo Uninstaller.lnk
[2011.02.24 15:04:43 | 2065,278,976 | ---- | C] () -- C:\Users\Xy Büro\Documents\Anna Dez 09-Jan 2010.mdf
[2011.02.24 15:04:43 | 000,004,328 | ---- | C] () -- C:\Users\Xy Büro\Documents\Anna Dez 09-Jan 2010.mds
[2011.02.24 14:55:25 | 000,001,184 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2011.02.24 14:51:18 | 000,868,848 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2011.02.24 14:26:49 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.02.22 17:10:58 | 000,000,824 | ---- | C] () -- C:\Users\Xy Büro\Documents\hosts
[2011.02.19 18:20:47 | 000,311,656 | ---- | C] () -- C:\Users\Xy Büro\Documents\Brennesel.zip
[2011.02.16 17:08:23 | 004,643,841 | ---- | C] () -- C:\Users\Xy Büro\Documents\P1000650.JPG
[2011.02.16 17:08:22 | 004,868,716 | ---- | C] () -- C:\Users\Xy Büro\Documents\P1000649.JPG
[2011.02.16 17:08:22 | 004,434,611 | ---- | C] () -- C:\Users\Xy Büro\Documents\P1000648.JPG
[2011.02.14 22:57:39 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011.02.14 22:57:19 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011.02.14 22:53:16 | 000,001,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 9.lnk
[2011.02.14 22:53:16 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 9.lnk
[2011.02.12 17:39:57 | 000,243,943 | ---- | C] () -- C:\Users\Xy Büro\Documents\PowerCinema_UG_DEU.pdf
[2011.02.09 17:36:59 | 000,284,807 | ---- | C] () -- C:\Users\Xy Büro\Documents\Anleitung3 001.jpg
[2011.02.09 17:35:08 | 000,392,703 | ---- | C] () -- C:\Users\Xy Büro\Documents\Anleitung1 001.jpg
[2011.02.03 08:48:02 | 000,002,000 | -H-- | C] () -- C:\Users\Xy Büro\Documents\Default.rdp
[2011.01.27 10:16:18 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.01.26 14:48:44 | 010,932,224 | ---- | C] () -- C:\ProgramData\sandra.mda
[2011.01.26 08:34:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.01.24 17:59:53 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.01.24 17:59:53 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.01.24 15:02:26 | 000,002,347 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2011.01.17 19:33:02 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.01.17 19:33:02 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.01.17 19:32:29 | 000,037,639 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.01.17 19:32:24 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
[2011.01.17 14:09:02 | 000,000,017 | ---- | C] () -- C:\Windows\MovingPicture.ini
[2011.01.17 11:55:08 | 000,196,096 | ---- | C] () -- C:\Windows\SysWow64\macd32.dll
[2011.01.17 11:55:08 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\mase32.dll
[2011.01.17 11:55:08 | 000,136,192 | ---- | C] () -- C:\Windows\SysWow64\mamc32.dll
[2011.01.17 11:55:08 | 000,057,856 | ---- | C] () -- C:\Windows\SysWow64\masd32.dll
[2011.01.17 11:55:08 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\ma32.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.02.22 17:10:08 | 000,000,000 | ---D | M] -- C:\Users\Xy Büro\AppData\Roaming\Notepad++
[2011.01.27 21:15:04 | 000,000,000 | ---D | M] -- C:\Users\Xy Büro\AppData\Roaming\PowerCinema
[2011.01.17 14:05:27 | 000,000,000 | ---D | M] -- C:\Users\Xy Büro\AppData\Roaming\proDAD
[2011.01.20 09:01:22 | 000,000,000 | ---D | M] -- C:\Users\Xy Büro\AppData\Roaming\TuneUp Software
[2011.01.27 22:23:09 | 000,000,000 | ---D | M] -- C:\Users\Xy Büro\AppData\Roaming\Windows Live Writer
[2011.02.23 20:28:49 | 000,026,334 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
--- --- ---

nochdigger 06.03.2011 08:58
Hallo und :hallo:

Zitat:
Ich habe mir auf meinem Laptop einen Trojaner eingefangen
Nähere Informationen wie Pfad/Dateiname und Bezeichnung des Schädlings könnten hilfreich sein.

Ist das System Gewerblich genutzt?

Bitte prüfe dein System mit Malwarebytes und erstelle ein frisches OTL Log ohne daraus Zeilen zu löschen:nono:
Zitat:
Zitat von markusg
Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:

Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten
Poste dann bitte die Logs hierher.

MFG


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:33 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129