Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TR/Crypt.XPACK.Gen beim Übertragen von Daten gefunden (https://www.trojaner-board.de/91922-tr-crypt-xpack-gen-beim-ubertragen-daten-gefunden.html)

Poenni 17.10.2010 09:36
TR/Crypt.XPACK.Gen beim Übertragen von Daten gefunden
 
Hallo Community,

habe von einem Kumpel einen USB Stick bekommen. Als ich davon ein paar Daten auf meinen Rechner übertragen wollte, kam von Antivir die Meldung das TR/Crypt.XPACK.Gen in einer Datei (loader.dll) auf dem Stick gefunden wurde. Habe mit Antivir einen kompletten Suchlauf über meinen Rechner gestartet aber es wurde nichts gefunden. Wie kann ich jetzt sicher gehen,dass sich der Schädling nirgends eingenistet hat? Im Taskmanager sind auf jeden Fall keine ungewöhlichen Prozesse oder so.
OS ist Win7 Home Professional 64 bit.

Danke schonmal im voraus.

MfG Poenni

cosinus 17.10.2010 15:56
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Poenni 18.10.2010 10:16
Hier das Malwarebytes File:
Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4862

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18.10.2010 11:14:50
mbam-log-2010-10-18 (11-14-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|J:\|)
Durchsuchte Objekte: 511202
Laufzeit: 1 Stunde(n), 37 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Und hier OTL:
OTL Logfile:
Code:
OTL logfile created on: 18.10.2010 09:37:34 - Run 4
OTL by OldTimer - Version 3.1.37.3    Folder = D:\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 69,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,06 Gb Total Space | 4,52 Gb Free Space | 11,57% Space Free | Partition Type: NTFS
Drive D: | 117,19 Gb Total Space | 49,99 Gb Free Space | 42,66% Space Free | Partition Type: NTFS
Drive E: | 244,38 Gb Total Space | 185,75 Gb Free Space | 76,01% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 34,79 Gb Free Space | 35,63% Space Free | Partition Type: NTFS
Drive G: | 97,66 Gb Total Space | 46,33 Gb Free Space | 47,44% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 931,51 Gb Total Space | 685,49 Gb Free Space | 73,59% Space Free | Partition Type: NTFS
 
Computer Name: ATHLON2
Current User Name: Internet Konto
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\SysWow64\crypserv.exe File not found
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWWSC.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - E:\Programme\BackupX\BackupX.exe (Xpert-Design Software)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - E:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - D:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (dgdersvc) -- C:\Windows\SysNative\dgdersvc.exe (Devguru Co., Ltd.)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (Crypkey License) -- C:\Windows\SysNative\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (dgdersvc) -- C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (SandraAgentSrv) -- e:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP1d\RpcAgentSrv.exe (SiSoftware)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (OMSI download service) -- E:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (sscemdm) -- C:\Windows\SysNative\drivers\sscemdm.sys (MCCI Corporation)
DRV:64bit: - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\SysNative\drivers\sscebus.sys (MCCI Corporation)
DRV:64bit: - (sscemdfl) -- C:\Windows\SysNative\drivers\sscemdfl.sys (MCCI Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation)
DRV:64bit: - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation)
DRV:64bit: - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation)
DRV:64bit: - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation)
DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation)
DRV:64bit: - (Alpham1) -- C:\Windows\SysNative\drivers\Alpham164.sys (Ideazon Corporation)
DRV:64bit: - (NetworkX) -- C:\Windows\SysNative\Ckldrv.sys ()
DRV:64bit: - (Alpham2) -- C:\Windows\SysNative\drivers\Alpham264.sys (Ideazon Corporation)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (SANDRA) -- e:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP1d\WNt500x64\sandra.sys (SiSoftware)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: E:\Programme\Mozilla Firefox\components [2010.09.17 16:07:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: E:\Programme\Mozilla Firefox\plugins [2010.10.09 21:40:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.2\extensions\\Components: E:\Programme\Mozilla Thunderbird\components [2010.09.20 19:51:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.2\extensions\\Plugins: E:\Programme\Mozilla Thunderbird\plugins
 
[2010.02.19 21:24:22 | 000,000,000 | ---D | M] -- C:\Users\Internet Konto\AppData\Roaming\mozilla\Extensions
[2010.02.19 21:24:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Internet Konto\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.13 20:25:31 | 000,000,000 | ---D | M] -- C:\Users\Internet Konto\AppData\Roaming\mozilla\Firefox\Profiles\hjlprau5.default\extensions
[2010.08.07 16:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Internet Konto\AppData\Roaming\mozilla\Firefox\Profiles\hjlprau5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.13 20:25:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Internet Konto\AppData\Roaming\mozilla\Firefox\Profiles\hjlprau5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
 
O1 HOSTS File: ([2010.03.22 19:20:09 | 000,001,021 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] e:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager]  File not found
O4 - HKCU..\RunOnce: [__GSCAdditionalInstallation__] H:\Cossacks2Setup.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Internet Konto\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Internet Konto\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Internet Konto\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Internet Konto\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8b4af03e-17ed-11df-b55c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8b4af03e-17ed-11df-b55c-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Msetup4.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.17 21:24:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.10.17 18:22:43 | 000,000,000 | ---D | C] -- C:\Users\Internet Konto\AppData\Roaming\EurekaLog
[2010.10.17 17:04:49 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010.10.17 16:37:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\{437292BE-95BD-4B12-B699-6D217A03ACAF}
[2010.10.17 16:37:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010.10.13 18:26:15 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010.10.13 18:26:14 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010.10.13 18:26:13 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010.10.13 18:26:13 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010.10.13 18:25:42 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.10.13 18:25:42 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.10.13 18:25:41 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010.10.13 18:25:33 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010.10.13 18:25:33 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\StructuredQuery.dll
[2010.10.13 18:25:30 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010.10.13 18:22:58 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010.10.13 18:22:58 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010.10.13 18:22:57 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010.10.13 18:22:57 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010.10.13 18:22:31 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010.10.13 18:22:30 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.10.13 18:22:30 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.10.13 18:22:30 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.10.13 18:22:29 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.10.13 18:22:29 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010.10.13 18:22:29 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.10.13 18:22:29 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010.10.13 18:22:29 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.10.13 18:22:29 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010.10.13 18:22:29 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.10.13 18:22:29 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010.10.13 18:22:29 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.10.13 18:22:29 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.10.13 18:22:29 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.10.13 18:22:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.10.13 18:22:29 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.10.13 18:22:29 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010.10.13 18:22:29 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.10.13 18:22:29 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010.10.13 18:22:29 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010.10.13 18:22:29 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010.10.13 18:22:29 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.10.13 18:22:29 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.10.13 18:22:29 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.10.13 18:16:14 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010.10.09 21:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010.10.09 21:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NOS
[2010.10.01 18:26:17 | 000,000,000 | ---D | C] -- C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
[2010.10.01 18:02:50 | 000,000,000 | ---D | C] -- C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP
[2010.10.01 18:01:28 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2010.09.29 20:48:21 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ks.sys
[2010.09.18 13:59:07 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010.02.13 13:43:01 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeCD6D.dll
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.18 09:36:54 | 001,835,008 | -HS- | M] () -- C:\Users\Internet Konto\ntuser.dat
[2010.10.18 09:35:32 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.18 09:35:28 | 000,023,080 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2010.10.18 09:35:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.18 09:35:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.18 09:35:18 | 3214,196,736 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.17 22:47:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.17 17:13:08 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.17 17:13:08 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.17 17:10:40 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.10.17 17:10:40 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.10.17 17:10:40 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.10.17 17:10:40 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.10.17 17:10:40 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.10.17 13:47:20 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2010.10.17 13:26:51 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT
[2010.10.17 01:05:37 | 000,524,288 | -HS- | M] () -- C:\Users\Internet Konto\ntuser.dat{1b27aa91-d93e-11df-8cde-00241d8deb38}.TMContainer00000000000000000002.regtrans-ms
[2010.10.17 01:05:37 | 000,524,288 | -HS- | M] () -- C:\Users\Internet Konto\ntuser.dat{1b27aa91-d93e-11df-8cde-00241d8deb38}.TMContainer00000000000000000001.regtrans-ms
[2010.10.17 01:05:37 | 000,065,536 | -HS- | M] () -- C:\Users\Internet Konto\ntuser.dat{1b27aa91-d93e-11df-8cde-00241d8deb38}.TM.blf
[2010.10.14 17:05:03 | 002,301,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.10.14 16:57:12 | 000,000,571 | ---- | M] () -- C:\Windows\win.ini
[2010.10.09 21:24:18 | 000,000,911 | ---- | M] () -- C:\Users\Internet Konto\Desktop\Landwirtschafts Simulator 2011 Demo.lnk
[2010.10.08 22:19:43 | 001,944,061 | -H-- | M] () -- C:\Users\Internet Konto\AppData\Local\IconCache.db
[2010.10.08 22:11:49 | 000,094,400 | ---- | M] () -- C:\Users\Internet Konto\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.09.30 17:34:04 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.09.30 17:34:04 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.09.24 16:26:40 | 000,524,288 | -HS- | M] () -- C:\Users\Internet Konto\ntuser.dat{055e1443-c7dc-11df-9388-00241d8deb38}.TMContainer00000000000000000002.regtrans-ms
[2010.09.24 16:26:40 | 000,524,288 | -HS- | M] () -- C:\Users\Internet Konto\ntuser.dat{055e1443-c7dc-11df-9388-00241d8deb38}.TMContainer00000000000000000001.regtrans-ms
[2010.09.24 16:26:40 | 000,065,536 | -HS- | M] () -- C:\Users\Internet Konto\ntuser.dat{055e1443-c7dc-11df-9388-00241d8deb38}.TM.blf
[2010.09.20 18:03:00 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010.09.20 18:03:00 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010.09.20 17:51:45 | 000,524,288 | -HS- | M] () -- C:\Users\Internet Konto\ntuser.dat{902ca548-c4ce-11df-a59f-00241d8deb38}.TMContainer00000000000000000002.regtrans-ms
[2010.09.20 17:51:45 | 000,524,288 | -HS- | M] () -- C:\Users\Internet Konto\ntuser.dat{902ca548-c4ce-11df-a59f-00241d8deb38}.TMContainer00000000000000000001.regtrans-ms
[2010.09.20 17:51:45 | 000,065,536 | -HS- | M] () -- C:\Users\Internet Konto\ntuser.dat{902ca548-c4ce-11df-a59f-00241d8deb38}.TM.blf
[2010.09.19 20:30:29 | 000,000,697 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2010.09.19 20:21:17 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2010.09.19 15:13:29 | 000,524,288 | -HS- | M] () -- C:\Users\Internet Konto\ntuser.dat{58403a0b-c3cd-11df-9458-00241d8deb38}.TMContainer00000000000000000002.regtrans-ms
[2010.09.19 15:13:29 | 000,524,288 | -HS- | M] () -- C:\Users\Internet Konto\ntuser.dat{58403a0b-c3cd-11df-9458-00241d8deb38}.TMContainer00000000000000000001.regtrans-ms
[2010.09.19 15:13:29 | 000,065,536 | -HS- | M] () -- C:\Users\Internet Konto\ntuser.dat{58403a0b-c3cd-11df-9458-00241d8deb38}.TM.blf
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.17 22:26:14 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010.10.17 13:47:19 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2010.10.17 01:05:36 | 000,524,288 | -HS- | C] () -- C:\Users\Internet Konto\ntuser.dat{1b27aa91-d93e-11df-8cde-00241d8deb38}.TMContainer00000000000000000002.regtrans-ms
[2010.10.17 01:05:36 | 000,524,288 | -HS- | C] () -- C:\Users\Internet Konto\ntuser.dat{1b27aa91-d93e-11df-8cde-00241d8deb38}.TMContainer00000000000000000001.regtrans-ms
[2010.10.17 01:05:36 | 000,065,536 | -HS- | C] () -- C:\Users\Internet Konto\ntuser.dat{1b27aa91-d93e-11df-8cde-00241d8deb38}.TM.blf
[2010.10.09 21:24:18 | 000,000,911 | ---- | C] () -- C:\Users\Internet Konto\Desktop\Landwirtschafts Simulator 2011 Demo.lnk
[2010.09.24 16:26:39 | 000,524,288 | -HS- | C] () -- C:\Users\Internet Konto\ntuser.dat{055e1443-c7dc-11df-9388-00241d8deb38}.TMContainer00000000000000000002.regtrans-ms
[2010.09.24 16:26:39 | 000,524,288 | -HS- | C] () -- C:\Users\Internet Konto\ntuser.dat{055e1443-c7dc-11df-9388-00241d8deb38}.TMContainer00000000000000000001.regtrans-ms
[2010.09.24 16:26:39 | 000,065,536 | -HS- | C] () -- C:\Users\Internet Konto\ntuser.dat{055e1443-c7dc-11df-9388-00241d8deb38}.TM.blf
[2010.09.20 17:51:45 | 000,524,288 | -HS- | C] () -- C:\Users\Internet Konto\ntuser.dat{902ca548-c4ce-11df-a59f-00241d8deb38}.TMContainer00000000000000000002.regtrans-ms
[2010.09.20 17:51:45 | 000,524,288 | -HS- | C] () -- C:\Users\Internet Konto\ntuser.dat{902ca548-c4ce-11df-a59f-00241d8deb38}.TMContainer00000000000000000001.regtrans-ms
[2010.09.20 17:51:45 | 000,065,536 | -HS- | C] () -- C:\Users\Internet Konto\ntuser.dat{902ca548-c4ce-11df-a59f-00241d8deb38}.TM.blf
[2010.09.20 17:45:56 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010.09.20 17:45:50 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010.09.19 20:30:29 | 000,000,697 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2010.09.19 15:13:06 | 000,524,288 | -HS- | C] () -- C:\Users\Internet Konto\ntuser.dat{58403a0b-c3cd-11df-9458-00241d8deb38}.TMContainer00000000000000000002.regtrans-ms
[2010.09.19 15:13:06 | 000,524,288 | -HS- | C] () -- C:\Users\Internet Konto\ntuser.dat{58403a0b-c3cd-11df-9458-00241d8deb38}.TMContainer00000000000000000001.regtrans-ms
[2010.09.19 15:13:06 | 000,065,536 | -HS- | C] () -- C:\Users\Internet Konto\ntuser.dat{58403a0b-c3cd-11df-9458-00241d8deb38}.TM.blf
[2010.09.14 18:25:49 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2010.08.19 19:46:05 | 000,000,088 | RHS- | C] () -- C:\ProgramData\0671F3C6A8.sys
[2010.08.19 19:46:04 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.08.17 20:43:20 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Piano
[2010.08.17 20:43:20 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Phaser
[2010.08.17 20:43:20 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Perl
[2010.08.17 20:43:20 | 000,000,268 | RH-- | C] () -- C:\Users\Internet Konto\AppData\Roaming\People
[2010.08.17 20:43:20 | 000,000,268 | RH-- | C] () -- C:\Users\Internet Konto\AppData\Roaming\Pedal Hard
[2010.08.17 20:43:20 | 000,000,268 | RH-- | C] () -- C:\Users\Internet Konto\AppData\Roaming\PageLibraries
[2010.08.17 20:43:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2010.08.17 20:43:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2010.08.17 20:43:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2010.08.17 20:43:20 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Printer Icons
[2010.08.17 20:43:20 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Pop Kit
[2010.08.17 20:43:20 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Podcasting
[2010.08.13 22:08:38 | 000,000,054 | ---- | C] () -- C:\Windows\LDraw.INI
[2010.07.26 15:18:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2010.07.26 15:18:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2010.07.26 15:18:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2010.07.26 15:18:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.06.19 21:28:37 | 000,000,802 | ---- | C] () -- C:\Windows\CoD.INI
[2010.06.14 16:44:07 | 000,000,051 | ---- | C] () -- C:\Windows\Crypkey.ini
[2010.06.14 16:44:04 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2010.06.12 20:50:13 | 000,000,476 | ---- | C] () -- C:\Windows\iScreensaver.ini
[2010.06.02 18:30:19 | 000,000,321 | ---- | C] () -- C:\Windows\game.ini
[2010.05.26 19:59:11 | 013,045,760 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010.04.26 19:49:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Textures
[2010.04.26 19:49:32 | 000,000,268 | RH-- | C] () -- C:\Users\Internet Konto\AppData\Roaming\Sync Services
[2010.04.26 19:49:32 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2010.04.26 19:49:21 | 000,000,268 | RH-- | C] () -- C:\ProgramData\System Image Utility
[2010.04.26 19:49:21 | 000,000,268 | RH-- | C] () -- C:\Users\Internet Konto\AppData\Roaming\Synth Basics
[2010.04.26 19:24:04 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010.04.04 15:54:35 | 000,007,601 | ---- | C] () -- C:\Users\Internet Konto\AppData\Local\Resmon.ResmonCfg
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.02.24 22:26:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.02.19 22:34:43 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.02.13 23:22:20 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010.02.13 21:04:47 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010.02.12 21:23:40 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.02.12 17:53:32 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.10.06 09:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006.09.19 06:22:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\LPubRay.dll
[2006.09.09 17:28:52 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\glut32.dll
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
< End of report >
--- --- ---


Und OTL Extras:
OTL Logfile:
Code:
OTL Extras logfile created on: 18.10.2010 09:37:34 - Run 4
OTL by OldTimer - Version 3.1.37.3    Folder = D:\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 69,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,06 Gb Total Space | 4,52 Gb Free Space | 11,57% Space Free | Partition Type: NTFS
Drive D: | 117,19 Gb Total Space | 49,99 Gb Free Space | 42,66% Space Free | Partition Type: NTFS
Drive E: | 244,38 Gb Total Space | 185,75 Gb Free Space | 76,01% Space Free | Partition Type: NTFS
Drive F: | 97,66 Gb Total Space | 34,79 Gb Free Space | 35,63% Space Free | Partition Type: NTFS
Drive G: | 97,66 Gb Total Space | 46,33 Gb Free Space | 47,44% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 931,51 Gb Total Space | 685,49 Gb Free Space | 73,59% Space Free | Partition Type: NTFS
 
Computer Name: ATHLON2
Current User Name: Internet Konto
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "E:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel PaintShop Photo Pro X3 durchsuchen] -- "e:\Programme\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "E:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel PaintShop Photo Pro X3 durchsuchen] -- "e:\Programme\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{053B3DA8-91B5-4682-A130-715412A1A253}" = Paint.NET v3.5.4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{373934DC-C16C-4CB5-83E2-1E5498CF99EC}" = Shutdown Timer
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP1d
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00)
"88EB56038379B8B7DCFB4D2448A60F52E064B265" = Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0205.1
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.0 Build #1211 Banner Remover 1.0
"{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Luminance HDR 2.0.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7574A47E-DAB9-4C3A-A140-35692DF886AB}_is1" = The Works 3.1v
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77566BB4-BA61-4D2E-A601-882D0A07865A}_is1" = BackupXpress Pro Version 3.0.2.114 (DEUTSCH/ENGLISH)
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3A7B653-1A30-4CBC-9E73-5F8BBD333637}" = EXSL-WIN DEMO
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DE4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DE612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{DE8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{DE99075E-7D25-4B96-B32E-BFE6FBFAA644}" = IPM_PSP_CL
"{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DEF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DEF8C145-CC4F-4DAA-AD5C-E707C07AEE50}" = IPM_PSP_COM
"{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Call of Duty" = Call of Duty
"Capture NX 2" = Capture NX 2
"CCleaner" = CCleaner
"Compressed Help System_is1" = Compressed Help System (Version 1.0.0.7)
"Disk Doctors Undelete_is1" = Disk Doctors Undelete Version 1.0.0
"ExposurePlot_is1" = ExposurePlot 1.13
"FarmingSimulator2011DemoDE_is1" = Landwirtschafts Simulator 2011 Demo
"FluidSIM 4.2d Pneumatik Demoversion" = FluidSIM 4.2d Pneumatik Demoversion
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio Converter_is1" = Free Audio Converter version 2.0
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.1
"Free Studio_is1" = Free Studio version 4.8
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HijackThis" = HijackThis 2.0.2
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"InstallShield_{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch
"InstallShield_{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{D3A7B653-1A30-4CBC-9E73-5F8BBD333637}" = EXSL-WIN DEMO
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LDraw2006 3rd Quarter" = LDraw
"LingoPad_is1" = LingoPad 2.6 (Build 360)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"Mozilla Thunderbird (3.0.2)" = Mozilla Thunderbird (3.0.2)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MPE" = MyPhoneExplorer
"MTS CNC 7.3 Demo" = MTS CNC 7.3 Demo
"MyFreeCodec" = MyFreeCodec
"New LEGO Digital Designer" = LEGO Digital Designer
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoRemote NewDimension_is1" = PhotoRemote ND (Version 2.0.0.6)
"POV-Ray for Windows v3.1" = POV-Ray for Windows v3.1
"PunkBusterSvc" = PunkBuster Services
"RADVideo" = RAD Video Tools
"SpeedFan" = SpeedFan (remove only)
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 50130" = Mafia II
"T4EPlayer" = T4E Player
"Trillian" = Trillian
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 2.1.9.1
"XnView_is1" = XnView 1.97.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"Smart Shutdown Manager" = Smart Shutdown Manager
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

cosinus 18.10.2010 11:17
Gibt es noch weitere Logs von Malwarebytes? Wäre sehr sinnfrei, wenn Du das ohne Funde gepostet hättest!

Poenni 18.10.2010 11:45
Nein, da kam nur das eine bei raus!

cosinus 18.10.2010 11:47
Das meinte ich nicht.
Ich wollte wissen, ob Du in der Vergangenheit schon mit Malwarebytes das System scannen lassen hast.

Poenni 18.10.2010 12:15
Ja aber das ist schon lange her. Bestimmt nen halbes Jahr.

cosinus 18.10.2010 12:44
Poste mal trotzdem alle Logs.

Poenni 18.10.2010 13:00
Hier ist der Log vom 12.5. diesen Jahres. Andere hab ich nicht.
Steht aber auch nichts anderes drin.
Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4094

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.05.2010 23:38:41
mbam-log-2010-05-12 (23-38-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 311405
Laufzeit: 39 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Es muss ja nicht unbedingt sein, dass der Trojaner sich auf meinen Rechner übertragen hat. In Antivir wurde der nämlich auch nur auf dem Stick lokalisiert. Und am Rechner von meinem Bruder kam gar keine Meldung obwohl er genau die gleich Programme wie AntiVir, etc hat...

cosinus 18.10.2010 17:53
Der Rest ist auch unauffällig.
Noch Probleme oder weitere Funde in der Zwischenzeit?

Poenni 18.10.2010 20:43
Negativ, alles so wie immer. Scheint clean zu sein. Danke für deine Mühen. :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:56 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131