Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   win32/krypt.ftq (https://www.trojaner-board.de/88972-win32-krypt-ftq.html)

Neus23 01.08.2010 11:20

win32/krypt.ftq
 
hi,
ich hab den win32/kryptik.ftq. Nod32 kann den nicht löschen.
#1 CCleaner erledigt.
#2 Malwarebytes
Zitat:

Malwarebytes' Anti-Malware 1.46
w*+alwarebytes.org

Datenbank Version: 4376

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

01.08.2010 12:08:45
mbam-log-2010-08-01 (12-08-45).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 144620
Laufzeit: 3 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

#3 OTL Scan Logs
[QUOTE]

OTL.txt

OTL Logfile:
Code:

OTL logfile created on: 01.08.2010 12:14:27 - Run 3
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\+++\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,31 Gb Total Space | 123,41 Gb Free Space | 66,24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: +++-PC
Current User Name: +++
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\+++\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\+++\AppData\Roaming\Qeca\ozvyc.exe (Zhjln Orftvii Fockjn)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Programme\ASUS\ASUS Direct Console\LCMP.exe (ASUSTeK COMPUTER INC.)
PRC - C:\Programme\ASUS\ASUS Direct Console\D3DCheck.exe (ASUSTeK COMPUTER INC.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\+++\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys File not found
DRV:64bit: - (C) -- C:\Windows\SysNative\Drivers\C.sys File not found
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (eamon) -- C:\Windows\SysNative\drivers\eamon.sys (ESET)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (pfmfs_359) -- C:\Windows\SysNative\drivers\pfmfs_359.sys (Pismo Technic Inc.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (CSN5PD82x64) -- C:\Windows\SysNative\drivers\CSN5PD82x64.sys (Colasoft Co., Ltd.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (AtcL001) -- C:\Windows\SysNative\drivers\l160x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (smserial) -- C:\Windows\SysNative\drivers\SmSerl64.sys (Motorola Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (Ltn_hyd7700pc_64) -- C:\Windows\SysNative\drivers\Ltn_hyd7700pc_64.sys (Liteon)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE 64 69 1F F6 DB CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.07.25 12:48:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.25 23:14:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.01.23 18:39:37 | 000,000,000 | ---D | M]
 
[2010.01.23 00:37:15 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\mozilla\Extensions
[2010.07.25 23:16:34 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\mozilla\Firefox\Profiles\h6z1sowi.Standard-Benutzer\extensions
[2010.04.13 19:37:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.06.25 21:27:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.25 21:27:05 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.25 21:27:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.25 21:27:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.25 21:27:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [ChkMail] C:\Programme\ChkMail\ChkMail\ChkMail.exe (ChkMail)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [zDirectMessenger] C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE (ASUSTeK COMPUTER INC.)
O4 - HKCU..\Run: [{7BE871DD-2212-0724-3A57-59287BACF4C8}] C:\Users\+++\AppData\Roaming\Qeca\ozvyc.exe (Zhjln Orftvii Fockjn)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h+xp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} h+xp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h+xp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h+xp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} h#xp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} x+xp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} h+xp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A6
72-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.01 12:03:53 | 000,000,000 | ---D | C] -- C:\Users\+++\AppData\Roaming\Malwarebytes
[2010.08.01 12:03:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.08.01 12:03:46 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.08.01 12:03:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.08.01 12:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.30 20:00:06 | 000,000,000 | ---D | C] -- C:\Users\+++\Desktop\2010_07_20_Philipps Unfallort
[2010.07.30 17:26:35 | 000,000,000 | ---D | C] -- C:\HDW20_TMP
[2010.07.30 17:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Panasonic
[2010.07.30 17:07:30 | 000,000,000 | ---D | C] -- C:\Users\+++\AppData\Local\Panasonic
[2010.07.30 17:02:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panasonic
[2010.07.29 14:07:53 | 000,000,000 | ---D | C] -- C:\Users\+++\AppData\Roaming\Digital+++
[2010.07.29 14:04:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digital+++
[2010.07.29 13:47:46 | 000,000,000 | ---D | C] -- C:\Users\+++\.jivex
[2010.07.28 12:42:08 | 000,000,000 | ---D | C] -- C:\Users\+++\Desktop\2010_07_27_Schimmel Phil Zimmer
[2010.07.21 09:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010.07.21 09:58:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010.07.14 19:21:34 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010.07.13 15:59:26 | 000,218,624 | ---- | C] (Digital+++ co.,ltd) -- C:\Windows\SysWow64\SetupOnis22Free.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.01 12:14:07 | 002,621,440 | -HS- | M] () -- C:\Users\+++\NTUSER.DAT
[2010.08.01 12:09:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.01 12:03:50 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.01 11:34:47 | 000,013,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.01 11:34:47 | 000,013,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.01 11:32:22 | 001,905,622 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.01 11:32:22 | 000,814,198 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.08.01 11:32:22 | 000,747,234 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.01 11:32:22 | 000,193,500 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.08.01 11:32:22 | 000,156,012 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.01 11:27:36 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachine+++.job
[2010.08.01 11:27:35 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2010.08.01 11:27:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.01 11:27:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.01 11:27:17 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.01 00:07:39 | 008,954,806 | -H-- | M] () -- C:\Users\+++\AppData\Local\IconCache.db
[2010.07.30 20:39:32 | 000,000,416 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010.07.30 20:39:32 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\BD2030.DAT
[2010.07.29 14:01:46 | 000,000,001 | R--- | M] () -- C:\Users\+++\serverport
[2010.07.13 15:59:26 | 000,218,624 | ---- | M] (Digital+++ co.,ltd) -- C:\Windows\SysWow64\SetupOnis22Free.dll
 
========== Files Created - No Company Name ==========
 
[2010.08.01 12:03:50 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.30 20:39:32 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2010.07.29 13:47:45 | 000,000,001 | R--- | C] () -- C:\Users\+++\serverport
[2010.06.18 14:25:44 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.02.12 17:55:43 | 000,000,316 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.02.05 11:36:45 | 001,774,432 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.01.25 16:51:33 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2009.12.10 15:39:10 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.08.16 11:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.05.29 16:52:26 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.05.29 16:47:06 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvid+++.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
 
========== LOP Check ==========
 
[2010.07.31 22:39:08 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Adduso
[2010.03.04 00:04:44 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\ASCOMP Software
[2010.02.05 10:20:10 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Colasoft Packet Builder
[2010.01.24 01:46:07 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\DAEMON Tools Lite
[2010.01.24 20:39:56 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\DAEMON Tools Pro
[2010.07.29 14:07:53 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Digital+++
[2010.02.24 21:38:03 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\KillProcess
[2010.02.13 12:50:51 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Paltalk
[2010.06.01 09:35:50 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Qeca
[2010.01.29 05:38:52 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Shark007
[2010.05.19 21:47:45 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\TeamViewer
[2010.07.31 23:23:55 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\uTorrent
[2010.01.27 20:08:17 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Win7codecs
[2010.01.25 01:51:24 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Wireshark
[2010.06.27 10:51:57 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:242231A9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0B9D8E22
< End of report >

--- --- ---


Extras.txt

OTL Logfile:
Code:

OTL Extras logfile created on: 01.08.2010 12:14:27 - Run 3
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\+++\Downloads
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,31 Gb Total Space | 123,41 Gb Free Space | 66,24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: +++-PC
Current User Name: +++
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{1D5F34D0-6329-4D92-B81A-E24E9028910C}" = Crystal Reports Basic Runtime German Language Pack for Visual Studio 2008 (x64)
"{20140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 (Beta)
"{20140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 (Beta)
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{53C900F7-0CB1-3EDE-B9F3-76EDE6F0C253}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{64A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18 (64-bit)
"{7ECA1AEA-2B61-3DE6-8276-6A9A2693F111}" = Microsoft Device Emulator (64 Bit) Version 3.0 - DEU
"{80A620C1-B22C-4781-A351-B14B8A37BFE3}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{AC888A60-9557-3B74-B52B-F353D01BD544}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{ACD875CC-A146-3125-8F99-D3766F46FD86}" = Visual Studio .NET Prerequisites - English
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C31A4909-9C18-3121-AAD4-EAD92013B6E5}" = Microsoft Visual Studio 2008 Remote Debugger - DEU
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{CE4F361A-8C13-441C-A21A-DDC0FBA6FEED}" = ESET NOD32 Antivirus
"{F68310EC-B615-4044-B7D7-1A6349758D42}" = Microsoft SQL Server VSS Writer
"{F75FFCEC-4807-319D-A186-5117EDFE8115}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}" = Microsoft SQL Server Native Client
"{FC3853AF-7CCB-407D-809D-31BAA078D6FD}" = Microsoft UrlScan Filter v3.1
"0B63C37025C2F467B0BAF5BC9C10E853F201C510" = Windows-Treiberpaket - ITE Tech.Inc. (itecir) HIDClass  (10/03/2007 5.0.0004.5)
"5411046CC762A9020A8AB7BD31710ECCA6E432C2" = Windows-Treiberpaket - Alps Touch Pad Driver (09/12/2006 7.100.1301.2)
"MatlabR2009b" = MATLAB R2009b
"Microsoft Visual Studio 2008 Remote Debugger - DEU" = Microsoft Visual Studio 2008 Remote Debugger - DEU
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PismoFileMountAuditPackage" = Pismo File Mount Audit Package
"ProInst" = Intel PROSet Wireless
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"WinRAR archiver" = WinRAR archiver
"x64 Components_is1" = x64 Components v2.3.7
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{064F2D10-83D0-4040-B5B7-BD22BFEB65A2}" = ASUS Direct Console
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU
"{1EC1D18A-AA03-4909-BE7F-2E86112A64CE}" = Onis 2.2 Free Edition
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 (Beta)
"{20140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 (Beta)
"{20140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 (Beta)
"{20140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 (Beta)
"{20140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 (Beta)
"{20140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 (Beta)
"{20140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 (Beta)
"{20140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 (Beta)
"{20140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 (Beta)
"{20140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 (Beta)
"{20140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 (Beta)
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{250F0996-1830-40C8-9B1D-6874D808DD95}" = ChkMail
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{445174EA-3D3A-308E-84AD-446127E71441}" = Microsoft Visual Studio 2008 Professional Edition - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7B937101-FD85-4CA9-9176-ADA6492314AF}" = ArcSoft WebCam Companion 3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B571B309-5E65-3DCE-8DE7-205DE2D366C3}" = Microsoft Visual C++ 2008 Express Edition - DEU
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{d1e6113e-f1ae-4824-b300-09ad6c458521}" = Nero 9 Trial
"{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AVI Splitter_is1" = AVI Splitter
"CCleaner" = CCleaner
"Colasoft Packet Builder 1.0_is1" = Colasoft Packet Builder 1.0
"HijackThis" = HijackThis 2.0.2
"KillProcess" = KillProcess 2.42
"Magic ISO Maker v5.5 (build 0265)" = Magic ISO Maker v5.5 (build 0265)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C++ 2008 Express Edition - DEU" = Microsoft Visual C++ 2008 Express Edition - DEU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"Microsoft Visual Studio 2008 Professional Edition - DEU" = Microsoft Visual Studio 2008 Professional Edition - DEU
"mIRC" = mIRC
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Office14.SingleImage" = Microsoft Office Professional 2010
"QuicktimeAlt_is1" = QuickTime Alternative 3.1.0
"Secure Eraser_is1" = Secure Eraser v3.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.17
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.3
"WinPcapInst" = WinPcap 4.1.1
"Wireshark" = Wireshark 1.2.5
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Menu Layout Demo" = Menu Layout Demo
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.07.2010 01:39:00 | Computer Name = +++-PC | Source = Google Update | ID = 20
Description =
 
Error - 13.07.2010 01:45:09 | Computer Name = +++-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 13.07.2010 02:18:22 | Computer Name = +++-PC | Source = Application Hang | ID = 1002
Description = Programm SndVol.exe, Version 6.1.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen.    Prozess-ID: 15b8    Startzeit: 01cb224e0e7a6001    Endzeit: 4    Anwendungspfad: C:\Windows\system32\SndVol.exe

Berichts-ID:
 621b6ad7-8e41-11df-890a-001bfceefd82 
 
Error - 16.07.2010 03:08:21 | Computer Name = +++-PC | Source = MsiInstaller | ID = 11704
Description =
 
Error - 16.07.2010 03:09:05 | Computer Name = +++-PC | Source = Google Update | ID = 20
Description =
 
Error - 16.07.2010 05:36:51 | Computer Name = +++-PC | Source = Google Update | ID = 20
Description =
 
Error - 16.07.2010 11:09:16 | Computer Name = +++-PC | Source = Google Update | ID = 20
Description =
 
Error - 27.07.2010 12:13:56 | Computer Name = +++-PC | Source = Google Update | ID = 20
Description =
 
Error - 30.07.2010 13:09:16 | Computer Name = +++-PC | Source = Google Update | ID = 20
Description =
 
Error - 31.07.2010 17:59:23 | Computer Name = +++-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 cdrbsdrv.  System Error: Das System kann die angegebene Datei nicht finden.  .
 
[ Media Center Events ]
Error - 27.04.2010 13:58:48 | Computer Name = +++-PC | Source = MCUpdate | ID = 0
Description = 19:58:48 - Fehler beim Herstellen der Internetverbindung.  19:58:48
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 27.04.2010 13:59:09 | Computer Name = +++-PC | Source = MCUpdate | ID = 0
Description = 19:58:53 - Fehler beim Herstellen der Internetverbindung.  19:58:53
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 27.04.2010 14:59:15 | Computer Name = +++-PC | Source = MCUpdate | ID = 0
Description = 20:59:15 - Fehler beim Herstellen der Internetverbindung.  20:59:15
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 27.04.2010 14:59:28 | Computer Name = +++-PC | Source = MCUpdate | ID = 0
Description = 20:59:20 - Fehler beim Herstellen der Internetverbindung.  20:59:20
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 29.04.2010 16:25:13 | Computer Name = +++-PC | Source = MCUpdate | ID = 0
Description = 22:25:13 - Fehler beim Herstellen der Internetverbindung.  22:25:13
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 29.04.2010 16:26:23 | Computer Name = +++-PC | Source = MCUpdate | ID = 0
Description = 22:25:19 - Fehler beim Herstellen der Internetverbindung.  22:25:19
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 19.05.2010 13:09:04 | Computer Name = +++-PC | Source = MCUpdate | ID = 0
Description = 19:09:04 - Fehler beim Herstellen der Internetverbindung.  19:09:04
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 19.05.2010 13:09:55 | Computer Name = +++-PC | Source = MCUpdate | ID = 0
Description = 19:09:09 - Fehler beim Herstellen der Internetverbindung.  19:09:09
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 19.05.2010 14:10:27 | Computer Name = +++-PC | Source = MCUpdate | ID = 0
Description = 20:10:27 - Fehler beim Herstellen der Internetverbindung.  20:10:27
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 19.05.2010 14:10:48 | Computer Name = +++-PC | Source = MCUpdate | ID = 0
Description = 20:10:33 - Fehler beim Herstellen der Internetverbindung.  20:10:33
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 14.05.2010 06:08:25 | Computer Name = +++-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ShowAnalyzerMaster" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%2
 
Error - 14.05.2010 08:38:28 | Computer Name = +++-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ShowAnalyzerMaster" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%2
 
Error - 14.05.2010 08:41:23 | Computer Name = +++-PC | Source = iScsiPrt | ID = 1
Description = Vom Initiator konnte keine Verbindung mit dem Ziel hergestellt werden.
 Die Ziel-IP-Adresse und die TCP-Anschlussnummer sind in Sicherungsdaten angegeben.
 
Error - 14.05.2010 08:41:23 | Computer Name = +++-PC | Source = iScsiPrt | ID = 70
Description = Fehler beim Verarbeiten der iSCSI-Anmeldeanforderung. Die Anforderung
 wurde nicht wiederholt. Der Fehlerstatus wird in den Sicherungsdaten angegeben.
 
Error - 14.05.2010 11:02:02 | Computer Name = +++-PC | Source = iScsiPrt | ID = 1
Description = Vom Initiator konnte keine Verbindung mit dem Ziel hergestellt werden.
 Die Ziel-IP-Adresse und die TCP-Anschlussnummer sind in Sicherungsdaten angegeben.
 
Error - 14.05.2010 11:02:02 | Computer Name = +++-PC | Source = iScsiPrt | ID = 70
Description = Fehler beim Verarbeiten der iSCSI-Anmeldeanforderung. Die Anforderung
 wurde nicht wiederholt. Der Fehlerstatus wird in den Sicherungsdaten angegeben.
 
Error - 14.05.2010 11:02:05 | Computer Name = +++-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ShowAnalyzerMaster" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%2
 
Error - 14.05.2010 12:44:45 | Computer Name = +++-PC | Source = iScsiPrt | ID = 1
Description = Vom Initiator konnte keine Verbindung mit dem Ziel hergestellt werden.
 Die Ziel-IP-Adresse und die TCP-Anschlussnummer sind in Sicherungsdaten angegeben.
 
Error - 14.05.2010 12:44:45 | Computer Name = +++-PC | Source = iScsiPrt | ID = 70
Description = Fehler beim Verarbeiten der iSCSI-Anmeldeanforderung. Die Anforderung
 wurde nicht wiederholt. Der Fehlerstatus wird in den Sicherungsdaten angegeben.
 
Error - 14.05.2010 12:44:48 | Computer Name = +++-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ShowAnalyzerMaster" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%2
 
 
< End of report >

--- --- ---



Vielen Dank wenn man mir hilft.
Gruß, Neus23

Neus23 01.08.2010 13:54

Malewarebytes hat den Virus nicht gefunden, weil der Virus anscheinend zu aktuell für MWB ist. Nod32 erkennt den Virus schon, kann ihn aber nicht löschen.
Der Virus läuft in meinem Task Manager mit folgendem Pfad mit:

01.08.2010 14:29:09 Prüfung der Systemstartdateien Datei C:\Users\core\AppData\Roaming\Qeca\ozvyc.exe Variante von Win32/Kryptik.FTQ Trojaner Fehler beim Löschen


Combofit funzt bei mir nicht, weil ich unter 64bit bin.

Also scheint es wohl noch kein Mittel zur Entfernung des Win32/Kryptik.FTQ zu geben?

Auch Suchmaschinen finden noch keine Threads über Kryptik.FTQ

Der Virus erscheint mir als hochaktuell

Leonixx 01.08.2010 14:12

C:\Users\core\AppData\Roaming\Qeca\ozvyc.exe

Datei bei Virustotal prüfen lassen, ob es sich hier um kein false positve handelt.

Neus23 01.08.2010 14:39

Also ich habe diese Datei im Task Manager beendet: C:\Users\core\AppData\Roaming\Qeca\ozvyc.exe

Und dann mit SecureEraser mehrfach überschreiben lassen und somit sicher gelöscht.

Aus diesem Grund kann ich nicht mehr über VirusTotal auf Falsivität überprüfen.

Ob ich nun 100% malware frei bin weiß ich nicht. Fehlt für die Beurteilung noch ein Log?

Leonixx 01.08.2010 14:55

Da ich mit OTL zu wenig Erfahrung habe poste mit RSIT Logs.

Neus23 01.08.2010 15:05

info.txt
[PHP]info.txtRSIT Logfile:
Code:

logfile of random's system information tool 1.08 2010-08-01 16:00:32

======Uninstall list======

-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
µTorrent-->"C:\Program Files (x86)\uTorrent.exe" /UNINSTALL
7-Zip 4.65-->"C:\Program Files (x86)\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Adobe SVG Viewer 3.0-->C:\Program Files (x86)\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files (x86)\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft WebCam Companion 3-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7B937101-FD85-4CA9-9176-ADA6492314AF}\Setup.exe" -l0x7
ASUS Direct Console-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{064F2D10-83D0-4040-B5B7-BD22BFEB65A2}\Setup.exe" -l0x9
ATK Package-->MsiExec.exe /I{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}
AVI Splitter-->"C:\Program Files (x86)\avisplit\unins000.exe"
CCleaner-->"C:\Program Files (x86)\CCleaner\uninst.exe"
ChkMail-->C:\Program Files (x86)\InstallShield Installation Information\{250F0996-1830-40C8-9B1D-6874D808DD95}\setup.EXE -runfromtemp -l0x0009 -removeonly
Colasoft Packet Builder 1.0-->"C:\Program Files (x86)\Colasoft Packet Builder 1.0\unins000.exe"
Crystal Reports Basic for Visual Studio 2008-->MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32}
Crystal Reports Basic German Language Pack for Visual Studio 2008-->MsiExec.exe /X{3924C3E7-C440-4B23-9740-9A9EC0545F21}
DolbyFiles-->MsiExec.exe /X{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)-->C:\Windows\SQL9_KB970892_ENU\Hotfix.exe /Uninstall
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)-->C:\Windows\SQLTools9_KB970892_ENU\Hotfix.exe /Uninstall
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB971091)-->c:\Windows\SysWOW64\msiexec.exe /package {445174EA-3D3A-308E-84AD-446127E71441} /uninstall {06694B0F-B778-4E13-B841-4FF9CC81D0C5} /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB973674)-->c:\Windows\SysWOW64\msiexec.exe /package {445174EA-3D3A-308E-84AD-446127E71441} /uninstall {E1404B9C-5F36-406A-B720-70FA3F242B7B} /qb+ REBOOTPROMPT=""
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
KillProcess 2.42-->C:\Program Files (x86)\KillProcess\uninst.exe
Magic ISO Maker v5.5 (build 0265)-->C:\PROGRA~2\MagicISO\UNWISE.EXE C:\PROGRA~2\MagicISO\INSTALL.LOG
MagicDisc 2.7.106-->C:\PROGRA~2\MAGICD~1\UNWISE.EXE C:\PROGRA~2\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Menu Templates - Starter Kit-->MsiExec.exe /X{B78120A0-CF84-4366-A393-4D0A59BC546C}
Microsoft Document Explorer 2008 Language Pack - DEU-->C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008 Language Pack - DEU\install.exe
Microsoft Document Explorer 2008 Language Pack - DEU-->MsiExec.exe /X{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}
Microsoft Document Explorer 2008-->C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
Microsoft Document Explorer 2008-->MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office Access MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-0015-0407-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-0016-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-0018-0407-0000-0000000FF1CE}
Microsoft Office Professional 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall SINGLEIMAGE /dll OSETUP.DLL
Microsoft Office Proof (English) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2010 (Beta)-->MsiExec.exe /X{20140000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-006E-0407-0000-0000000FF1CE}
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0021-0407-0000-0000000FF1CE} /uninstall {0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}
Microsoft Office Single Image 2010 (Beta)-->MsiExec.exe /X{20140000-003D-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer 2007-->MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (German) 2007-->MsiExec.exe /X{90120000-0021-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}
Microsoft SQL Server 2005-->"c:\Program Files (x86)\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Compact 3.5 Design Tools DEU-->MsiExec.exe /X{E32260E7-0B10-43C7-9B77-AB9F4184676D}
Microsoft SQL Server Compact 3.5 DEU-->MsiExec.exe /I{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}
Microsoft SQL Server Compact 3.5 for Devices DEU-->MsiExec.exe /I{1C3ADB5F-750E-4453-AC98-B75C5323845C}
Microsoft SQL Server Compact 3.5 SP1 English-->MsiExec.exe /I{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}
Microsoft SQL Server Database Publishing Wizard 1.2-->MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Express Edition - DEU-->C:\Program Files (x86)\Microsoft Visual Studio 9.0\Microsoft Visual C++ 2008 Express Edition - DEU\setup.exe
Microsoft Visual C++ 2008 Express Edition - DEU-->MsiExec.exe /X{B571B309-5E65-3DCE-8DE7-205DE2D366C3}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack-->C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack\install.exe
Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Visual Studio 2008 Professional Edition - DEU-->c:\Program Files (x86)\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Professional Edition - DEU\setup.exe
Microsoft Visual Studio Web Authoring Component-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
mIRC-->C:\Program Files (x86)\mIRC\uninstall.exe _?=C:\Program Files (x86)\mIRC
Movie Templates - Starter Kit-->MsiExec.exe /X{E498385E-1C51-459A-B45F-1721E37AA1A0}
Mozilla Firefox (3.6.8)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 9 Trial-->C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="8M01-2085-KK25-2LEE-0UHL-8MPA-6H4U-EHAL"
Nero BurnRights-->MsiExec.exe /X{7829DB6F-A066-4E40-8912-CB07887C20BB}
Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
Nero Disc Copy Gadget-->MsiExec.exe /X{F1861F30-3419-44DB-B2A1-C274825698B3}
Nero DiscSpeed-->MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C}
Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
Nero Recode-->MsiExec.exe /X{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}
Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}
Nero Vision-->MsiExec.exe /X{43E39830-1826-415D-8BAE-86845787B54B}
NeroBurningROM-->MsiExec.exe /X{D025A639-B9C9-417D-8531-208859000AF8}
NeroExpress-->MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
Onis 2.2 Free Edition-->MsiExec.exe /I{1EC1D18A-AA03-4909-BE7F-2E86112A64CE}
QuickTime Alternative 3.1.0-->"C:\Program Files (x86)\QuickTime Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE"  -removeonly
RICOH R5U8xx Media Driver ver.3.62.02-->"C:\Program Files (x86)\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -runfromtemp -l0x0007 anything -removeonly
Secure Eraser v3.1-->"C:\Program Files (x86)\ASCOMP Software\Secure Eraser\unins000.exe"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{20140000-003D-0000-0000-0000000FF1CE}" "{701D1499-1FE5-4E8E-9E09-562423116373}" "1031" "0"
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{20140000-003D-0000-0000-0000000FF1CE}" "{76CB26F9-C8AD-403B-8461-168B18C2FE31}" "1031" "0"
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{20140000-003D-0000-0000-0000000FF1CE}" "{7CDAA76C-5DB2-431F-A921-14A106BD8FA3}" "1031" "0"
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
Tools für Microsoft SQL Server 2005 Express Edition-->MsiExec.exe /I{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)-->MsiExec.exe /X{07629207-FAA0-4F1A-8092-BF5085BE511F}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB972221)-->c:\Windows\SysWOW64\msiexec.exe /package {445174EA-3D3A-308E-84AD-446127E71441} /uninstall {D2313FB6-9E59-4846-9910-C0990A01D20D} /qb+ REBOOTPROMPT=""
VC Runtimes MSI-->MsiExec.exe /X{FF29527A-44CD-3422-945E-981A13584000}
Veetle TV 0.9.17-->C:\Program Files (x86)\Veetle\UninstallVeetleTV.exe
Visual Studio 2005 Tools for Office Second Edition Runtime-->c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime-->C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime-->MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}
Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU-->C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU\install.exe
VLC media player 1.0.3-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Mobile 5.0 SDK R2 for Pocket PC-->MsiExec.exe /I{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}
Windows Mobile 5.0 SDK R2 for Smartphone-->MsiExec.exe /I{DA7F48EF-5F56-45FE-9169-3B8159A7A323}
WinFlash-->MsiExec.exe /X{8F21291E-0444-4B1D-B9F9-4370A73E346D}
WinPcap 4.1.1-->C:\Program Files (x86)\WinPcap\uninstall.exe
Wireless Console 3-->MsiExec.exe /I{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}
Wireshark 1.2.5-->"C:\Program Files\Wireshark\uninstall.exe"
Xvid 1.2.2 final uninstall-->"C:\Program Files (x86)\Xvid\unins000.exe"

======System event log======

Computer Name: +++-PC
Event Code: 7036
Message: Dienst "Peernetzwerk-Gruppenzuordnung" befindet sich jetzt im Status "Ausgeführt".
Record Number: 36665
Source Name: Service Control Manager
Time Written: 20100328142410.547806-000
Event Type: Informationen
User:

Computer Name: +++-PC
Event Code: 7036
Message: Dienst "Peer Name Resolution-Protokoll" befindet sich jetzt im Status "Ausgeführt".
Record Number: 36664
Source Name: Service Control Manager
Time Written: 20100328142409.949771-000
Event Type: Informationen
User:

Computer Name: +++-PC
Event Code: 7036
Message: Dienst "Peernetzwerkidentitäts-Manager" befindet sich jetzt im Status "Ausgeführt".
Record Number: 36663
Source Name: Service Control Manager
Time Written: 20100328142409.439742-000
Event Type: Informationen
User:

Computer Name: +++-PC
Event Code: 7036
Message: Dienst "Heimnetzgruppen-Listener" befindet sich jetzt im Status "Ausgeführt".
Record Number: 36662
Source Name: Service Control Manager
Time Written: 20100328142409.223730-000
Event Type: Informationen
User:

Computer Name: +++-PC
Event Code: 7036
Message: Dienst "Heimnetzgruppen-Anbieter" befindet sich jetzt im Status "Ausgeführt".
Record Number: 36661
Source Name: Service Control Manager
Time Written: 20100328142408.975716-000
Event Type: Informationen
User:

=====Application event log=====

Computer Name: 37L4247E29-32
Event Code: 1001
Message: Fehlerbucket , Typ 0
Ereignisname: PnPDriverNotFound
Antwort: Nicht verfügbar
CAB-Datei-ID: 0

Problemsignatur:
P1: x64
P2: ACPI\ATK0100
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Angefügte Dateien:
C:\Windows\Temp\DMIC5AE.tmp.log.xml

Diese Dateien befinden sich möglicherweise hier:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d4a99e8e3cb284c21dcc14fa73286c8c8f3f5f25_cab_076dc63b

Analysesymbol:
Es wird erneut nach einer Lösung gesucht: 0
Berichts-ID: ad8b685f-079e-11df-a084-c36bdc664168
Berichtstatus: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20100122213955.000000-000
Event Type: Informationen
User:

Computer Name: 37L4247E29-32
Event Code: 5617
Message: Die Subsysteme des Windows-Verwaltungsinstrumentationsdienstes wurden erfolgreich initialisiert.
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20100122213907.000000-000
Event Type: Informationen
User:

Computer Name: 37L4247E29-32
Event Code: 5615
Message: Der Windows-Verwaltungsinstrumentationsdienst wurde erfolgreich gestartet.
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20100122213903.000000-000
Event Type: Informationen
User:

Computer Name: 37L4247E29-32
Event Code: 4625
Message: Das EventSystem-Subsystem unterdrückt duplizierte Ereignisprotokolleinträge für eine Dauer von 86400 Sekunden. Dieses Zeitlimit kann durch den REG_DWORD-Wert SuppressDuplicateDuration unter folgendem Registrierungsschlüssel gesteuert werden: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 2
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100122213859.000000-000
Event Type: Informationen
User:

Computer Name: 37L4247E29-32
Event Code: 1531
Message: Der Benutzerprofildienst wurde erfolgreich gestartet. 


Record Number: 1
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100122213858.922102-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4735
Message: Eine sicherheitsaktivierte lokale Gruppe wurde geändert.

Antragsteller:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                37L4247E29-32$
        Kontodomäne:                WORKGROUP
        Anmelde-ID:                0x3e7

Gruppe:
        Sicherheits-ID:                S-1-5-32-551
        Gruppenname:                Sicherungs-Operatoren
        Gruppendomäne:                Builtin

Geänderte Attribute:
        SAM-Kontoname:        -
        SID-Verlauf:                -

Weitere Informationen:
        Berechtigungen:                -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100122213836.692063-000
Event Type: Überwachung erfolgreich
User:

Computer Name: 37L4247E29-32
Event Code: 4731
Message: Eine sicherheitsaktivierte lokale Gruppe wurde erstellt.

Antragsteller:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                37L4247E29-32$
        Kontodomäne:                WORKGROUP
        Anmelde-ID:                0x3e7

Neue Gruppe:
        Sicherheits-ID:                S-1-5-32-551
        Gruppenname:                Sicherungs-Operatoren
        Gruppendomäne:                Builtin

Attribute:
        SAM-Kontoname:        Sicherungs-Operatoren
        SID-Verlauf:                -

Weitere Informationen:
        Berechtigungen:                -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100122213836.676463-000
Event Type: Überwachung erfolgreich
User:

Computer Name: 37L4247E29-32
Event Code: 4902
Message: Eine Benutzerrichtlinien-Überwachungstabelle wurde erstellt.

        Anzahl von Elementen:        0
        Richtlinienkennung:        0x32c41
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100122213836.208462-000
Event Type: Überwachung erfolgreich
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
        Sicherheits-ID:                S-1-0-0
        Kontoname:                -
        Kontodomäne:                -
        Anmelde-ID:                0x0

Anmeldetyp:                        0

Neue Anmeldung:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                SYSTEM
        Kontodomäne:                NT-AUTORITÄT
        Anmelde-ID:                0x3e7
        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
        Prozess-ID:                0x4
        Prozessname:               

Netzwerkinformationen:
        Arbeitsstationsname:        -
        Quellnetzwerkadresse:        -
        Quellport:                -

Detaillierte Authentifizierungsinformationen:
        Anmeldeprozess:                -
        Authentifizierungspaket:        -
        Übertragene Dienste:        -
        Paketname (nur NTLM):        -
        Schlüssellänge:                0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
        - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
        - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
        - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
        - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100122213833.665658-000
Event Type: Überwachung erfolgreich
User:

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows wird gestartet.

Dieses Ereignis wird protokolliert, wenn LSASS.EXE gestartet und das Überwachungssubsystem initialisiert wird.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100122213833.540858-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;%SYSTEMROOT%\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;C:\PROGRAM FILES\MATLAB\R2009B\RUNTIME\WIN64;C:\PROGRAM FILES\MATLAB\R2009B\BIN;C:\PROGRAM FILES (X86)\QUICKTIME ALTERNATIVE\QTSYSTEM;;c:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=0f0a
"VS90COMNTOOLS"=c:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\Tools\

-----------------EOF-----------------

--- --- ---



log.txt

[PHP]
RSIT Logfile:
Code:

Logfile of random's system information tool 1.08 (written by random/random)
Run by +++ at 2010-08-01 16:00:26
Microsoft Windows 7 Professional 
System drive C: has 126 GB (66%) free of 191 GB
Total RAM: 4095 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:00:30, on 01.08.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe
C:\Program Files\ASUS\ASUS Direct Console\D3DCheck.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\+++\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\+++.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = +++://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = +++://search.conduit.com?SearchSource=10&ctid=CT2431245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = +++://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = +++://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = +++://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = +++://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [zDirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE"
O4 - HKLM\..\Run: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - +++://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET +++ Server (E+++Srv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\E+++Srv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ShowAnalyzerMaster - Unknown owner - C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8065 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachine+++.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2009-11-03 556432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-01-24 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2009-10-09 6937216]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2009-08-19 170624]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"zDirectMessenger"=C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE [2007-09-12 988160]
"ChkMail"=C:\Program Files\ChkMail\ChkMail\ChkMail.exe [2007-07-13 741376]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=95

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-01 14:26:01 ----D---- C:\32788R22FWJFW
2010-08-01 12:03:53 ----D---- C:\Users\+++\AppData\Roaming\Malwarebytes
2010-08-01 12:03:47 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
2010-08-01 12:03:46 ----D---- C:\ProgramData\Malwarebytes
2010-08-01 12:03:46 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-07-30 17:26:35 ----D---- C:\HDW20_TMP
2010-07-30 17:07:32 ----D---- C:\ProgramData\Panasonic
2010-07-30 17:02:07 ----D---- C:\Program Files (x86)\Common Files\Panasonic
2010-07-29 14:07:53 ----D---- C:\Users\+++\AppData\Roaming\Digital+++
2010-07-29 14:04:13 ----D---- C:\Program Files (x86)\Digital+++
2010-07-21 09:58:08 ----D---- C:\Windows\SysWOW64\Adobe
2010-07-21 09:58:08 ----D---- C:\Program Files (x86)\Common Files\Real
2010-07-13 15:59:26 ----A---- C:\Windows\SysWOW64\SetupOnis22Free.dll

======List of files/folders modified in the last 1 months======

2010-08-01 16:00:30 ----D---- C:\Windows\Prefetch
2010-08-01 16:00:30 ----D---- C:\Program Files (x86)\Trend Micro
2010-08-01 16:00:29 ----D---- C:\Windows\Temp
2010-08-01 15:56:33 ----D---- C:\Windows
2010-08-01 14:49:10 ----D---- C:\Windows\tracing
2010-08-01 14:42:29 ----D---- C:\Windows\System32
2010-08-01 14:42:28 ----D---- C:\Windows\inf
2010-08-01 14:32:55 ----D---- C:\Windows\SysWOW64\drivers
2010-08-01 13:57:00 ----D---- C:\Users\+++\AppData\Roaming\mIRC
2010-08-01 12:03:46 ----D---- C:\ProgramData
2010-08-01 12:03:46 ----D---- C:\Program Files (x86)
2010-07-31 23:44:53 ----SHD---- C:\System Volume Information
2010-07-31 23:44:52 ----D---- C:\Windows\SysWOW64
2010-07-31 23:23:55 ----D---- C:\Users\+++\AppData\Roaming\uTorrent
2010-07-30 20:39:32 ----A---- C:\Windows\BRWMARK.INI
2010-07-30 17:02:07 ----D---- C:\Program Files (x86)\Common Files
2010-07-30 17:01:53 ----SHD---- C:\Windows\Installer
2010-07-30 17:01:53 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-07-30 17:01:43 ----D---- C:\Windows\winsxs
2010-07-25 12:48:21 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-07-22 22:57:27 ----D---- C:\Windows\debug
2010-07-21 09:58:08 ----D---- C:\Program Files (x86)\Common Files\Adobe
2010-07-16 09:08:27 ----D---- C:\Windows\SysWOW64\en-US
2010-07-16 09:08:27 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-07-16 09:08:26 ----D---- C:\Windows\Microsoft.NET
2010-07-09 21:41:26 ----D---- C:\Users\+++\AppData\Roaming\vlc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
R1 pfmfs_359;pfmfs_359; C:\Windows\system32\Drivers\pfmfs_359.sys []
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys []
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys []
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys []
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys []
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmpx64.sys []
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimspx64.sys []
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdpx64.sys []
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys []
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\l160x64.sys []
R3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys []
R3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys []
R3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys []
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys []
R3 Ltn_hyd7700pc_64;TV tuner device ; C:\Windows\System32\Drivers\Ltn_hyd7700pc_64.sys []
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 255552]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys []
R3 netw5v64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 64-Bit; C:\Windows\system32\DRIVERS\netw5v64.sys []
R3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
R3 smserial;smserial; C:\Windows\system32\DRIVERS\SmSerl64.sys []
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys []
R3 vpcbus;Virtual PC-Hostbusdienst; C:\Windows\system32\DRIVERS\vpchbus.sys []
R3 vpcusb;USB-Virtualisierungsconnectordienst; C:\Windows\system32\DRIVERS\vpcusb.sys []
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys []
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys []
S3 C;C NDIS Protocol Driver; C:\Windows\System32\Drivers\C.sys []
S3 CSN5PD82x64;CSN5PD82x64 NDIS Protocol Driver; C:\Windows\System32\Drivers\CSN5PD82x64.sys []
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys []
S3 vpcuxd;USB-Virtualisierungsstubdienst; C:\Windows\system32\DRIVERS\vpcuxd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-07-21 96824]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-11-16 735960]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-09-21 1420560]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-09-21 831760]
R2 SQLBrowser;SQL Server-Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-23 135664]
S2 ShowAnalyzerMaster;ShowAnalyzerMaster; C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 E+++Srv;ESET +++ Server; C:\Program Files\ESET\ESET NOD32 Antivirus\E+++Srv.exe [2009-11-16 23296]
S3 ose;Office  Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2009-09-26 149336]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4924336]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2007-11-08 4466688]

-----------------EOF-----------------

--- --- ---

Leonixx 01.08.2010 15:37

Sehe im Log bis auf ein paar unnötige Einträge nichts. Hast du noch Probleme?

eScan laden und ausführen wie in Anleitung beschrieben. Poste das Log.

http://www.modernboard.de/viren-wuer...nd-tricks.html

Neus23 01.08.2010 16:24

eScan hat tatsächlich noch Infektionen gefunden. Der Scan ist nicht ganz fertig und durchsucht schon länger den Matlab Ordner.
Hier schonmal das Log

PHP-Code:

01 Aug 2010 16:47:21 - **********************************************************

01 Aug 2010 16:47:21 eScan Antivirus und Spyware Werkzeugsatz.

01 Aug 2010 16:47:21 Copyright © MicroWorld

01 Aug 2010 16
:47:21 - **********************************************************

01 Aug 2010 16:47:21 SourceC:\Users\+++\Desktop\mwav.exe

01 Aug 2010 16
:47:21 Version 12.0.49 (C:\USERS\+++\APPDATA\LOCAL\TEMP\MEXE.COM)

01 Aug 2010 16:47:21 LogdateiC:\Users\+++\AppData\Local\Temp\MWAV.LOG

01 Aug 2010 16
:47:21 MWAV RegisteredTRUE

01 Aug 2010 16
:47:21 User Account: +++ (Administrator Mode)

01 Aug 2010 16:47:21 OS TypeWindows Workstation

01 Aug 2010 16
:47:21 OSWindows 7 64-Bit [OS Install Date22 Jan 2010 23:49:12]

01 Aug 2010 16:47:21 VerProfessional (Build 7600)

01 Aug 2010 16:47:21 System Up Time2 Hours11 Minutes58 Seconds



01 Aug 2010 16
:47:21 Parent Process Name C:\Users\+++\Desktop\mwav.exe

01 Aug 2010 16
:47:21 Windows Root  FolderC:\Windows

01 Aug 2010 16
:47:21 Windows Sys32 FolderC:\Windows\system32

01 Aug 2010 16
:47:21 DHCP NameServer192.168.0.1

01 Aug 2010 16
:47:21 Interface0 DHCPNameServer192.168.0.1

01 Aug 2010 16
:47:21 Interface1 DHCPNameServer192.168.0.1

01 Aug 2010 16
:47:21 Local Fixed Drivesc:\

01 Aug 2010 16:47:21 MWAV ModeScan and Clean files (for virusesadware and spyware)

01 Aug 2010 16:47:21 - [CREATED ZIP FILEC:\Users\+++\AppData\Local\Temp\pinfect.zip]

 

01 Aug 2010 16:47:21 - ********** Die in den letzten 14 Tagen im Windowsund ROOT-Ordner erstellten/modifizierten Dateien **********

01 Aug 2010 16:47:22 C:\Windows\system32\api-ms-win-+++-console-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System

01 Aug 2010 16
:47:22 C:\Windows\system32\api-ms-win-+++-datetime-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System

01 Aug 2010 16
:47:22 C:\Windows\system32\api-ms-win-+++-debug-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System

01 Aug 2010 16
:47:22 C:\Windows\system32\api-ms-win-+++-delayload-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-+++-delayload-l1-1-0.dll to ZIP FILE]

01 Aug 2010 16:47:22 C:\Windows\system32\api-ms-win-+++-errorhandling-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-+++-errorhandling-l1-1-0.dll to ZIP FILE]

01 Aug 2010 16:47:22 C:\Windows\system32\api-ms-win-+++-fibers-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System

01 Aug 2010 16
:47:22 C:\Windows\system32\api-ms-win-+++-file-l1-1-0.dll (5120), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System

01 Aug 2010 16
:47:22 C:\Windows\system32\api-ms-win-+++-handle-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System

01 Aug 2010 16
:47:22 C:\Windows\system32\api-ms-win-+++-heap-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-+++-heap-l1-1-0.dll to ZIP FILE]

01 Aug 2010 16:47:22 C:\Windows\system32\api-ms-win-+++-interlocked-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System

01 Aug 2010 16
:47:22 C:\Windows\system32\api-ms-win-+++-io-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-+++-io-l1-1-0.dll to ZIP FILE]

01 Aug 2010 16:47:22 C:\Windows\system32\api-ms-win-+++-libraryloader-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System

01 Aug 2010 16
:47:22 C:\Windows\system32\api-ms-win-+++-localization-l1-1-0.dll (4096), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-+++-localization-l1-1-0.dll to ZIP FILE]

01 Aug 2010 16:47:22 C:\Windows\system32\api-ms-win-+++-localregistry-l1-1-0.dll (4096), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System

01 Aug 2010 16
:47:22 C:\Windows\system32\api-ms-win-+++-memory-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-+++-memory-l1-1-0.dll to ZIP FILE]

01 Aug 2010 16:47:22 C:\Windows\system32\api-ms-win-+++-misc-l1-1-0.dll (4096), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System

01 Aug 2010 16
:47:22 C:\Windows\system32\api-ms-win-+++-namedpipe-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System

01 Aug 2010 16
:47:22 C:\Windows\system32\api-ms-win-+++-processenvironment-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System

01 Aug 2010 16
:47:22 C:\Windows\system32\api-ms-win-+++-processthreads-l1-1-0.dll (4608), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-+++-processthreads-l1-1-0.dll to ZIP FILE]

01 Aug 2010 16:47:22 C:\Windows\system32\api-ms-win-+++-profile-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-+++-profile-l1-1-0.dll to ZIP FILE]

01 Aug 2010 16:47:22 C:\Windows\system32\api-ms-win-+++-rtlsupport-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-+++-rtlsupport-l1-1-0.dll to ZIP FILE]

01 Aug 2010 16:47:22 C:\Windows\system32\api-ms-win-+++-string-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-+++-string-l1-1-0.dll to ZIP FILE]

01 Aug 2010 16:47:22 C:\Windows\system32\api-ms-win-+++-synch-l1-1-0.dll (4096), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System

01 Aug 2010 16
:47:22 C:\Windows\system32\api-ms-win-+++-sysinfo-l1-1-0.dll (4096), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System

01 Aug 2010 16
:47:22 C:\Windows\system32\api-ms-win-+++-threadpool-l1-1-0.dll (4608), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System

01 Aug 2010 16
:47:22 C:\Windows\system32\api-ms-win-+++-util-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System

01 Aug 2010 16
:47:22 C:\Windows\system32\api-ms-win-+++-xstate-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System

01 Aug 2010 16
:47:22 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll (6144), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System

01 Aug 2010 16
:47:22 C:\Windows\system32\api-ms-win-security-lsalookup-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System

01 Aug 2010 16
:47:22 C:\Windows\system32\api-ms-win-security-sddl-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System

01 Aug 2010 16
:47:22 C:\Windows\system32\api-ms-win-service-+++-l1-1-0.dll (2560), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System

01 Aug 2010 16
:47:22 C:\Windows\system32\api-ms-win-service-management-l1-1-0.dll (2560), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System

01 Aug 2010 16
:47:22 C:\Windows\system32\api-ms-win-service-management-l2-1-0.dll (2560), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System

01 Aug 2010 16
:47:22 C:\Windows\system32\api-ms-win-service-winsvc-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft CorporationMicrosoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-service-winsvc-l1-1-0.dll to ZIP FILE]

01 Aug 2010 16:47:22 C:\Windows\system32\stdftde.dll (15872), 29-Dec-2007 [S], Microsoft CorporationMSSTDFMT-Objektbibliothek [Added C:\Windows\system32\stdftde.dll to ZIP FILE]

01 Aug 2010 16:47:22 C:\Windows\system32\drivers\mbamswissarmy.sys (38224), 01-Aug-2010Malwarebytes CorporationMalwarebytes' Anti-Malware

01 Aug 2010 16:47:22 - C:\Users\+++\AppData\Local\Temp\bdc.exe (91904), 01-Aug-2010, MicroWorld Tech, eScan

01 Aug 2010 16:47:22 - C:\Users\+++\AppData\Local\Temp\bdfltlib2k.dll (231944), 01-Aug-2010, MicroWorld Technologies Inc., eScan for Windows

01 Aug 2010 16:47:22 - C:\Users\+++\AppData\Local\Temp\clean.bat (11), 01-Aug-2010 [Added C:\Users\+++\AppData\Local\Temp\clean.bat to ZIP FILE]

01 Aug 2010 16:47:22 - C:\Users\+++\AppData\Local\Temp\download.exe (785416), 28-Jul-2010, MicroWorld Technologies Inc., eScan

01 Aug 2010 16:47:22 - C:\Users\+++\AppData\Local\Temp\encdec.dll (162824), 28-Jul-2010, MicroWorld Technologies Inc., eScan/MailScan/eConceal

01 Aug 2010 16:47:22 - C:\Users\+++\AppData\Local\Temp\erootdrv.sys (13832), 28-Jul-2010, MicroWorld Technologies Inc., eScan/MWAV

01 Aug 2010 16:47:22 - C:\Users\+++\AppData\Local\Temp\mexe.com (2505288), 28-Jul-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)

01 Aug 2010 16:47:22 - C:\Users\+++\AppData\Local\Temp\msvclnt.dll (236040), 28-Jul-2010, MicroWorld Technologies Inc., MailScan

01 Aug 2010 16:47:22 - C:\Users\+++\AppData\Local\Temp\MWAVSCAN.COM (2505288), 28-Jul-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)

01 Aug 2010 16:47:22 - C:\Users\+++\AppData\Local\Temp\red32.dll (10248), 28-Jul-2010, Microsoft Corporation, Microsoft® Windows® Operating System

01 Aug 2010 16:47:22 - C:\Users\+++\AppData\Local\Temp\reload.exe (158728), 28-Jul-2010, MicroWorld Technologies Inc., eScan for Windows

01 Aug 2010 16:47:22 - C:\Users\+++\AppData\Local\Temp\setpriv.exe (64520), 28-Jul-2010, MicroWorld Technologies Inc, eScan AntiVirus Toolkit Utility

01 Aug 2010 16:47:22 - C:\Users\+++\AppData\Local\Temp\unregx.exe (76296), 28-Jul-2010, MicroWorld Technologies Inc, MicroWorld AntiVirus Toolkit Utility

01 Aug 2010 16:47:22 - C:\Users\+++\AppData\Local\Temp\viewtcp.exe (574472), 28-Jul-2010, MicroWorld Technologies Inc., ViewTCP

 

01 Aug 2010 16:47:22 - C:\Windows\Fonts, 14-Jul-2009 [SR] [Ordner]

01 Aug 2010 16:47:22 - C:\Windows\ftpcache, 29-Jan-2010 [HS] [Ordner]

01 Aug 2010 16:47:22 - C:\Windows\Media, 14-Jul-2009 [SR] [Ordner]

01 Aug 2010 16:47:22 - C:\Windows\system32\Adobe, 21-Jul-2010 [Ordner]

01 Aug 2010 16:47:22 - C:\32788R22FWJFW, 01-Aug-2010 [Ordner]

01 Aug 2010 16:47:22 - C:\Boot, 22-Jan-2010 [HS] [Ordner]

01 Aug 2010 16:47:22 - C:\Documents and Settings, 14-Jul-2009 [HS] [Ordner]

01 Aug 2010 16:47:22 - C:\Dokumente und Einstellungen, 22-Jan-2010 [HS] [Ordner]

01 Aug 2010 16:47:22 - C:\HDW20_TMP, 30-Jul-2010 [Ordner]

01 Aug 2010 16:47:22 - C:\MSOCache, 26-Jan-2010 [HR] [Ordner]

01 Aug 2010 16:47:22 - C:\Programme, 22-Jan-2010 [HS] [Ordner]

01 Aug 2010 16:47:22 - C:\Recovery, 22-Jan-2010 [HS] [Ordner]

01 Aug 2010 16:47:22 - C:\Users\+++\AppData\Local\Temp\hsperfdata_+++, 01-Aug-2010 [Ordner]

01 Aug 2010 16:47:22 - C:\Users\+++\AppData\Local\Temp\Low, 01-Aug-2010 [Ordner]

01 Aug 2010 16:47:22 - C:\Users\+++\AppData\Local\Temp\plugins, 01-Aug-2010 [Ordner]

01 Aug 2010 16:47:22 - C:\Users\+++\AppData\Roaming\Digital+++, 29-Jul-2010 [Ordner]

01 Aug 2010 16:47:22 - C:\Users\+++\AppData\Roaming\Download Manager, 01-Aug-2010 [Ordner]

01 Aug 2010 16:47:22 - C:\Users\+++\AppData\Roaming\Malwarebytes, 01-Aug-2010 [Ordner]

01 Aug 2010 16:47:22 - C:\Users\+++\AppData\Roaming\Microsoft, 22-Jan-2010 [S] [Ordner]

01 Aug 2010 16:47:22 - C:\ProgramData\Anwendungsdaten, 22-Jan-2010 [HS] [Ordner]

01 Aug 2010 16:47:22 - C:\ProgramData\Application Data, 14-Jul-2009 [HS] [Ordner]

01 Aug 2010 16:47:22 - C:\ProgramData\Desktop, 14-Jul-2009 [HS] [Ordner]

01 Aug 2010 16:47:22 - C:\ProgramData\Documents, 14-Jul-2009 [HS] [Ordner]

01 Aug 2010 16:47:22 - C:\ProgramData\Dokumente, 22-Jan-2010 [HS] [Ordner]

01 Aug 2010 16:47:22 - C:\ProgramData\Favoriten, 22-Jan-2010 [HS] [Ordner]

01 Aug 2010 16:47:22 - C:\ProgramData\Malwarebytes, 01-Aug-2010 [Ordner]

01 Aug 2010 16:47:22 - C:\ProgramData\MicroWorld, 01-Aug-2010 [Ordner]

01 Aug 2010 16:47:22 - C:\ProgramData\Panasonic, 30-Jul-2010 [Ordner]

01 Aug 2010 16:47:22 - C:\ProgramData\Start Menu, 14-Jul-2009 [HS] [Ordner]

01 Aug 2010 16:47:22 - C:\ProgramData\Startmenü, 22-Jan-2010 [HS] [Ordner]

01 Aug 2010 16:47:22 - C:\ProgramData\Templates, 14-Jul-2009 [HS] [Ordner]

01 Aug 2010 16:47:22 - C:\ProgramData\Vorlagen, 22-Jan-2010 [HS] [Ordner]

01 Aug 2010 16:47:22 - C:\ProgramData\..\32788R22FWJFW, 01-Aug-2010 [Ordner]

01 Aug 2010 16:47:22 - C:\ProgramData\..\Boot, 22-Jan-2010 [HS] [Ordner]

01 Aug 2010 16:47:22 - C:\ProgramData\..\Documents and Settings, 14-Jul-2009 [HS] [Ordner]

01 Aug 2010 16:47:22 - C:\ProgramData\..\Dokumente und Einstellungen, 22-Jan-2010 [HS] [Ordner]

01 Aug 2010 16:47:22 - C:\ProgramData\..\HDW20_TMP, 30-Jul-2010 [Ordner]

01 Aug 2010 16:47:22 - C:\ProgramData\..\MSOCache, 26-Jan-2010 [HR] [Ordner]

01 Aug 2010 16:47:22 - C:\ProgramData\..\Programme, 22-Jan-2010 [HS] [Ordner]

01 Aug 2010 16:47:22 - C:\ProgramData\..\Recovery, 22-Jan-2010 [HS] [Ordner]

01 Aug 2010 16:47:22 - C:\Program Files (x86)\Digital+++, 29-Jul-2010 [Ordner]

01 Aug 2010 16:47:22 - C:\Program Files (x86)\Malwarebytes' 
Anti-Malware01-Aug-2010 [Ordner]

01 Aug 2010 16:47:22 C:\Program Files (x86)\Common Files\Panasonic30-Jul-2010 [Ordner]

01 Aug 2010 16:47:22 C:\Program Files (x86)\Common Files\Real21-Jul-2010 [Ordner]

 

01 Aug 2010 16:47:22 - *********************************************************************************************

 

01 Aug 2010 16:47:22 Aktuellstes  Datum der in MWAV enthaltenen DateienWed Jul 28 08:24:15 2010.

01 Aug 2010 16
:47:22 Plugins FileCount783 Sign Version7.33043

01 Aug 2010 16
:47:24 - ** Create Value of "1001" in "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" DWORD:1

01 Aug 2010 16
:47:24 - ** Create Value of "1004" in "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" DWORD:3

01 Aug 2010 16
:47:24 - ** Changed Value of "HKEY_CLASSES_ROOT\.htm" from "FirefoxHTML" to "htmlfile"

01 Aug 2010 16:47:24 - ** Changed Value of "HKEY_CLASSES_ROOT\.html" from "FirefoxHTML" to "htmlfile"

01 Aug 2010 16:47:24 Loading/Creating FileScan Database C:\ProgramData\MicroWorld\MWAV\ESCANDBX.MDB [LogC:\Users\+++\AppData\Local\Temp\ESCANDB.LOG]

01 Aug 2010 16:47:25 Loaded/Created FileScan Database...

01 Aug 2010 16:47:25 Loading AV Library [DB]...

01 Aug 2010 16:47:37 AV Library Loaded [DB-DIRECT].

01 Aug 2010 16:47:37 MWAV doing self scanning...

01 Aug 2010 16:47:37 MWAV files are clean.
01 Aug 2010 16:47:41 Virendatenbankdatum28 Jul 2010
01 Aug 2010 16
:47:41 Virendatenbankzähler6190918
 
01 Aug 2010 16
:48:10 - **********************************************************
01 Aug 2010 16:48:10 eScan Antivirus und Spyware Werkzeugsatz.
01 Aug 2010 16:48:10 Copyright © MicroWorld
01 Aug 2010 16
:48:10 
01 Aug 2010 16:48:10 Supportsupport@escanav.com
01 Aug 2010 16
:48:10 Web: +++://www.escanav.com
01 Aug 2010 16:48:10 - **********************************************************
01 Aug 2010 16:48:10 Version 12.0.49[DB] (C:\USERS\+++\APPDATA\LOCAL\TEMP\MEXE.COM)
01 Aug 2010 16:48:10 LogdateiC:\Users\+++\AppData\Local\Temp\MWAV.LOG
01 Aug 2010 16
:48:10 User Account: +++ (Administrator Mode)
01 Aug 2010 16:48:10 Parent Process Name C:\Users\+++\Desktop\mwav.exe
01 Aug 2010 16
:48:10 Windows Root  FolderC:\Windows
01 Aug 2010 16
:48:10 Windows Sys32 FolderC:\Windows\system32
01 Aug 2010 16
:48:10 OSWindows 7 64-Bit [OS Install Date22 Jan 2010 23:49:12]
01 Aug 2010 16:48:10 VerProfessional (Build 7600)
01 Aug 2010 16:48:10 Aktuellstes  Datum der in MWAV enthaltenen DateienWed Jul 28 08:24:15 2010.
01 Aug 2010 16
:48:10 Plugins FileCount783 Sign Version7.33043
 
01 Aug 2010 16
:48:10 Vom Benutzer gewählte Optionen:
01 Aug 2010 16:48:10 SpeicherüberprüfungAktiviert
01 Aug 2010 16
:48:10 Überprüfung der RegistrierungsdatenbankAktiviert
01 Aug 2010 16
:48:10 Überprüfung des StartordnersAktiviert
01 Aug 2010 16
:48:10 Überprüfung des SystemordnersAktiviert
01 Aug 2010 16
:48:10 Überprüfung der DiensteAktiviert
01 Aug 2010 16
:48:10 Scannen SpywareAktiviert
01 Aug 2010 16
:48:10 Überprüfung der LaufwerkeDeaktiviert
01 Aug 2010 16
:48:10 Überprüfung aller Laufwerke:Aktiviert
01 Aug 2010 16
:48:10 Überprüfung der OrdnerAktiviert
01 Aug 2010 16
:48:10 Gewählter Ordner C:\Windows
01 Aug 2010 16
:48:10 SCANAll_Files
01 Aug 2010 16
:48:10 MWAV ModeScan and Clean files (for virusesadware and spyware)
 
 
01 Aug 2010 16:48:10 - ***** Speicherdateien werden gescannt *****
 
01 Aug 2010 16:48:22 - ***** Dateien der Registrierungsdatenbank werden gescannt *****
 
01 Aug 2010 16:48:26 - *****  Startordner werden gescannt *****
 
01 Aug 2010 16:48:31 - ***** Dateien bezüglich Dienste werden gescannt *****
01 Aug 2010 16:48:32 ERROR(2)!!! Invalid Entry System32\Drivers\C.sysAction TakenRemoving HKLM\SYSTEM\CurrentControlSet\Services\C.
01 Aug 2010 16:48:34 ERROR(2)!!! Invalid Entry "C:\Program Files (x86)\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe"Action TakenRemoving HKLM\SYSTEM\CurrentControlSet\Services\ShowAnalyzerMaster.
01 Aug 2010 16:48:34 ERROR(2)!!! Invalid Entry system32\DRIVERS\vmnetadapter.sysAction TakenRemoving HKLM\SYSTEM\CurrentControlSet\Services\VMnetAdapter.
 
01 Aug 2010 16:48:35 - ***** Registrierungsdatenbank und Dateisystem werden auf Schnüffelprogramme (Spywareund werbefinanzierte Software (Adwaregeprüft *****
01 Aug 2010 16:48:35 Signaturen der Spionageprogramme werden aus einer neuen auswärtigen Datenbank geladen [NameC:\Users\+++\AppData\Local\Temp\spydb.avsGröße949022]...
01 Aug 2010 16:48:35 Indexed Spyware Databases Successfully Created...
 
01 Aug 2010 16:48:37 Offending file foundC:\Users\+++\Downloads\Load.exe
01 Aug 2010 16
:48:37 System found infected with peopleonpage Spyware/Adware (Load.exe)! Action takenDatei gelöscht.
01 Aug 2010 16:48:37 Objekt "peopleonpage Spyware/Adware" im Dateisystem gefundenMaßnahme ergriffenDatei gelöscht.

01 Aug 2010 16:48:39 Offending Registry Entry foundHKCR\Licenses\7C35CA30-D112-11cf-8E72-00A0C90F26F8
01 Aug 2010 16
:48:39 System found infected with combo Spyware/Adware (HKCR\Licenses\7C35CA30-D112-11cf-8E72-00A0C90F26F8)! Action takenEinträge entfernt.
01 Aug 2010 16:48:39 Offending Registry Entry foundHKCU\Software\Classes\.exe
01 Aug 2010 16
:48:39 System found infected with XP AntiMalware Spyware/Adware (HKCU\Software\Classes\.exe)! Action takenEinträge entfernt.
01 Aug 2010 16:48:39 Objekt "XP AntiMalware Spyware/Adware" im Dateisystem gefundenMaßnahme ergriffenEinträge entfernt.

 
01 Aug 2010 16:48:40 - ***** Dateien der Registrierungsdatenbank werden gescannt *****
01 Aug 2010 16:48:40 Clearing Temporary sub-folders as Spyware/Adware found in system...
01 Aug 2010 16:48:40 Few files will be deleted *ONLYon reboot...
01 Aug 2010 16:48:40 - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = +++://go.microsoft.com/fwlink/?LinkId=69157
01 Aug 2010 16:48:40 - ** Deleted Value of "NoActiveDesktop" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"Its value was DWORD:1.
01 Aug 2010 16
:48:40 - ** Deleted Value of "ForceActiveDesktopOn" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"Its value was DWORD:0.
01 Aug 2010 16
:48:40 - ** Deleted Value of "NoComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop"Its value was DWORD:1.
01 Aug 2010 16
:48:40 - ** Deleted Value of "NoAddingComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop"Its value was DWORD:1.
01 Aug 2010 16
:48:40 - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = +++://search.conduit.com?SearchSource=10&ctid=CT2431245
 
01 Aug 2010 16:48:40 - ***** System32-Ordner werden gescannt *****
 
 
01 Aug 2010 16:49:55 - ***** Alle Laufwerke werden gescannt *****
01 Aug 2010 16:49:55 Laufwerk C:\ wird gescannt ...
01 Aug 2010 16:49:58 Datei C:\32788R22FWJFW\iexplore.exe wird gescannt
01 Aug 2010 16
:49:58 Datei C:\32788R22FWJFW\iexplore.exe ist durch den Virus "Malware.Win32 (ES)" infiziert!  Maßnahme ergriffenDatei umbenannt.

01 Aug 2010 16:50:00 Datei C:\32788R22FWJFW\n.pif (????) wird gescannt
01 Aug 2010 16
:50:00 Datei C:\32788R22FWJFW\n.pif ist durch den Virus "Malware.Win32 (ES)" infiziert!  Maßnahme ergriffenDatei gelöscht.

01 Aug 2010 16:50:00 Datei C:\32788R22FWJFW\NirCmd.cfxxe wird gescannt
01 Aug 2010 16
:50:00 Datei C:\32788R22FWJFW\NirCmd.cfxxe ist durch den Virus "Malware.Win32 (ES)" infiziert!  Maßnahme ergriffenDatei umbenannt.

01 Aug 2010 16:50:05 C:\Boot\BCD konnte nicht gescannt werdenda sie möglicherweise durch Passwort geschützt ist... 

PS: Gefunden wurden bisher 5 kritische Objekte und 3 Fehler. 3 wurden gelöscht und 2 umbenannt

Leonixx 01.08.2010 17:14

Ok, Spyware und ein Malware wurde desinfiziert.

Bitte nochmal Online Scan mit Eset.

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
  • Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.
  • Button "ESET Online Scanner" drücken.
  • Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
  • Das Firefox-Addon auf dem Desktop speichern und dann installieren.
  • IE-User müssen das Installieren eines ActiveX Elements erlauben.
  • Einen Haken bei "Remove found threads" und "Scan archives" machen.
  • Start drücken.
  • Signaturen werden heruntergeladen.
  • Der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
  • IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
  • O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)

Neus23 01.08.2010 20:43

Eset Scan hat 3 weitere Infektionen gefunden.

Eset Log:

Zitat:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=342aa87a6dc3444dac1686f792485c59
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-01 07:19:29
# local_time=2010-08-01 09:19:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 14783 14783 0 0
# compatibility_mode=5893 16776573 100 94 198938 33091684 0 0
# compatibility_mode=8199 39157181 100 75 13068 22331447 0 0
# scanned=305536
# found=3
# cleaned=3
# scan_time=4356
# nod_component=V3 Build:0x30000000
C:\Program Files (x86)\Win7codecs\Tools\Settings32.exe Win32/Packed.Autoit.Gen application (deleted - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Win7codecs\{C68B319D-E153-4557-BAEB-0987320636A7}\Win7codecs.msi Win32/Packed.Autoit.Gen application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Windows\Installer\792a02.msi Win32/Packed.Autoit.Gen application (deleted - quarantined) 00000000000000000000000000000000 C


Leonixx 01.08.2010 21:28

Lade dir Gmer. Ausführen wie in Anleitung beschrieben. Poste das Log. Kann ich mir heute aber nicht mehr ansehen.

http://www.trojaner-board.de/74908-a...t-scanner.html

Neus23 02.08.2010 09:07

Hallo,

weil ich windows 64 bit habe erhalte ich folgende fehlermeldung von gmer:

"C:\Windows\system32\config\system: The system cannot find the file specified."

Es konnten nur ADS, Services, Registry und Files überprüft werden, alle anderen Häkchen konnten nicht ausgewählt werden.

In Services, Registry und Files wurde keine "System modification" gefunden. Es wurde aber auch kein Log erstellt.

Leonixx 02.08.2010 17:51

Versuche es mal damit. http://ht4u.net/download-details/347/1167/

Neus23 02.08.2010 20:07

Wird auch nicht besser. Lässt sich eingeschränkt scannen und fertig kein Log an.
Ich habe heute mal einen Trend Micro Online Scan gemacht. Der hat keinen Fund gemeldet.

Leonixx 02.08.2010 21:18

Wie sieht es mittlerweile mit den Problemen aus?


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:30 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132