Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
xpack.gen3 versteck Dateien/Festplatte beschädigt

xpack.gen3 versteck Dateien/Festplatte beschädigt


Plagegeister aller Art und deren Bekämpfung: xpack.gen3 versteck Dateien/Festplatte beschädigt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 12.06.2011, 22:39   #1
brote
 
xpack.gen3 versteck Dateien/Festplatte beschädigt - Standard

xpack.gen3 versteck Dateien/Festplatte beschädigt


Hallo,
ich habe mir besagten Trojaner eingefangen.
Avira konnte ihn nicht beseitigen.
Habe danach mit Malwarebytes einen Kurzscan durchgeführt und gefundene Dateien entfernen lassen.
Warnmeldungen seitdem verschwunden, Dateien jedoch immernoch versteckt.
Logfile von Malwarebytes:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6842

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.06.2011 23:31:19
mbam-log-2011-06-12 (23-31-19).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 179449
Laufzeit: 8 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
c:\programdata\vmbaxaopywyflj.exe (Trojan.FakeAlert) -> 3776 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Banker) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VmBaxAOpYwYFlj (Trojan.FakeAlert) -> Value: VmBaxAOpYwYFlj -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Userinit (Trojan.Agent) -> Value: Userinit -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\vmbaxaopywyflj.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Benjamin\AppData\Roaming\acroiehelpe.dll (Trojan.Banker) -> Quarantined and deleted successfully.
c:\Users\Benjamin\AppData\Local\temp\tmpBED8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:41 on 12/06/2011 (Benjamin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCUAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-


OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.06.2011 23:49:28 - Run 2
OTL by OldTimer - Version 3.2.24.0     Folder = C:\Users\Benjamin\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 67,06% Memory free
4,00 Gb Paging File | 3,12 Gb Available in Paging File | 78,07% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 24,99 Gb Total Space | 0,86 Gb Free Space | 3,44% Space Free | Partition Type: NTFS
Drive D: | 273,09 Gb Total Space | 69,19 Gb Free Space | 25,34% Space Free | Partition Type: NTFS
Drive F: | 2,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: BENJAMIN-NB | User Name: Benjamin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Benjamin\Desktop\OTL(1).exe (OldTimer Tools)
PRC - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - D:\Program Files\Verbindungsassistent\WTGService.exe ()
PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Palm, Inc\novacom\x86\novacomd.exe (Palm)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Benjamin\Desktop\OTL(1).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WTGService) -- D:\Program Files\Verbindungsassistent\WTGService.exe ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (NovacomD) -- C:\Programme\Palm, Inc\novacom\x86\novacomd.exe (Palm)
SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (OMSI download service) -- D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Almico Software)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vpcuxd) -- C:\Windows\System32\drivers\vpcuxd.sys (Microsoft Corporation)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (avgio) -- D:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (TTCinergyT2) TerraTec Cinergy T² (BDA) -- C:\Windows\System32\drivers\TTCinergyT2BDA.sys (TerraTec Electronic GmbH)
DRV - (PID_0920) Logitech QuickCam Express(PID_0920) -- C:\Windows\System32\drivers\LV532AV.SYS ()
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (QCDonner) Logitech QuickCam Express(PID_0840) -- C:\Windows\System32\drivers\lvcd.sys (Logitech Inc.)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 43 0A E2 4F 12 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: ""
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {b9615918-d3de-44a4-ab65-76df7ea1f1c1}:0.3.13
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.9
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.1
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.05.02 19:37:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.04.03 15:52:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2011.05.14 17:59:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins [2011.01.29 18:28:33 | 000,000,000 | ---D | M]
 
[2010.01.22 17:44:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Extensions
[2010.01.22 17:44:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.06.07 20:28:42 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Firefox\Profiles\os8yk4py.default\extensions
[2011.05.26 21:24:02 | 000,000,000 | -H-D | M] (Flagfox) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Firefox\Profiles\os8yk4py.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.07.27 21:08:04 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Firefox\Profiles\os8yk4py.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011.04.14 14:35:15 | 000,000,000 | -H-D | M] (Разпознаване на устройство Logitech) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Firefox\Profiles\os8yk4py.default\extensions\DeviceDetection@logitech.com
[2011.05.03 21:57:59 | 000,000,000 | -H-D | M] (FoxyProxy Standard) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Firefox\Profiles\os8yk4py.default\extensions\foxyproxy@eric.h.jung
[2010.05.30 18:29:00 | 000,001,819 | -H-- | M] () -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\os8yk4py.default\searchplugins\bing.xml
[2011.04.08 18:28:05 | 000,002,059 | -H-- | M] () -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\os8yk4py.default\searchplugins\daemon-search.xml
File not found (No name found) -- 
[2011.05.25 19:32:36 | 000,000,000 | -H-D | M] (Java String Helper) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\5015
() (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OS8YK4PY.DEFAULT\EXTENSIONS\{B9615918-D3DE-44A4-AB65-76DF7EA1F1C1}.XPI
() (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OS8YK4PY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OS8YK4PY.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OS8YK4PY.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
() (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OS8YK4PY.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI
[2010.02.04 01:36:43 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2010.01.22 18:44:51 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2011.04.22 13:23:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [Camfrog] D:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe (Camshare Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Read with DeskBot - D:\Program Files\BellCraft.com\DeskBot\DeskBot.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\AutorunsDisabled\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\AutorunsDisabled\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.04.08 04:11:16 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Benjamin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip -  - File not found
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: avgnt - hkey= - key= - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
MsConfig - StartUpReg: Camfrog - hkey= - key= - D:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe (Camshare Inc.)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LogitechGalleryRepair - hkey= - key= -  File not found
MsConfig - StartUpReg: LogitechImageStudioTray - hkey= - key= -  File not found
MsConfig - StartUpReg: LVCOMS - hkey= - key= - C:\Programme\Common Files\Logitech\QCDriver3\LVComS.exe (Logitech Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: QCDriverInstaller - hkey= - key= - C:\Programme\Common Files\Logitech\QCDriver3\Lqdsw.exe (Logitech Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Remote Control Editor - hkey= - key= - C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: ScreenManager Pro for LCD - hkey= - key= - D:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe (EIZO NANAO CORPORATION)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SMSERIAL - hkey= - key= - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
MsConfig - State: "startup" - 2
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.12 23:46:43 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Benjamin\Desktop\OTL(1).exe
[2011.06.12 15:46:48 | 000,000,000 | ---D | C] -- C:\Programme\Creative Labs
[2011.06.12 15:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos Interactive
[2011.06.08 23:34:24 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camfrog Video Chat 6.0
[2011.06.08 10:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TZ-Vokabeltrainer
[2011.06.08 08:51:00 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\Desktop\Bilder
[2011.06.08 07:53:07 | 000,000,000 | --SD | C] -- C:\cofi.exe
[2011.06.07 22:03:54 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011.05.28 19:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.05.28 19:23:36 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2011.05.28 19:23:30 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Local\Google
[2011.05.26 23:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.05.26 23:27:39 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.05.26 23:24:02 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.05.26 22:19:20 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Local\PokerStars.NET
[2011.05.26 22:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
[2011.05.26 17:15:52 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\MyPhoneExplorer
[2011.05.26 17:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
[2011.05.25 19:32:36 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\5015
[2011.05.25 19:32:20 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\xmldm
[2011.05.25 19:32:14 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\kock
[1 C:\Users\Benjamin\AppData\Roaming\*.tmp files -> C:\Users\Benjamin\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.12 23:46:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Benjamin\Desktop\OTL(1).exe
[2011.06.12 23:44:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.12 23:43:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.12 23:43:36 | 1609,179,136 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.12 23:42:53 | 000,014,112 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.12 23:42:53 | 000,014,112 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.12 23:41:18 | 000,050,477 | ---- | M] () -- C:\Users\Benjamin\Desktop\Defogger.exe
[2011.06.12 22:33:01 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.12 16:34:57 | 000,091,965 | -H-- | M] () -- C:\Users\Public\Documents\fragen.pdf
[2011.06.08 23:34:24 | 000,001,002 | -H-- | M] () -- C:\Users\Benjamin\Desktop\Camfrog Video Chat 6.0.lnk
[2011.06.08 11:22:37 | 002,798,414 | -H-- | M] () -- C:\Users\Benjamin\Desktop\schrank.jpg
[2011.06.08 08:27:58 | 000,656,484 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.08 08:27:58 | 000,616,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.08 08:27:58 | 000,130,826 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.08 08:27:58 | 000,107,112 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.08 07:45:10 | 000,000,039 | ---- | M] () -- C:\Windows\WININIT.INI
[2011.06.07 22:03:52 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2011.05.30 17:29:56 | 000,144,459 | -H-- | M] () -- C:\Users\Public\Documents\1306769195094133421398.pdf
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.26 17:30:51 | 000,000,029 | -H-- | M] () -- C:\Users\Benjamin\AppData\Roaming\urhtps.dat
[1 C:\Users\Benjamin\AppData\Roaming\*.tmp files -> C:\Users\Benjamin\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.12 23:41:17 | 000,050,477 | ---- | C] () -- C:\Users\Benjamin\Desktop\Defogger.exe
[2011.06.12 16:34:57 | 000,091,965 | -H-- | C] () -- C:\Users\Public\Documents\fragen.pdf
[2011.06.08 23:34:24 | 000,001,002 | -H-- | C] () -- C:\Users\Benjamin\Desktop\Camfrog Video Chat 6.0.lnk
[2011.06.08 11:21:27 | 002,798,414 | -H-- | C] () -- C:\Users\Benjamin\Desktop\schrank.jpg
[2011.06.08 07:45:10 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.05.30 17:29:56 | 000,144,459 | -H-- | C] () -- C:\Users\Public\Documents\1306769195094133421398.pdf
[2011.05.28 19:23:45 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.28 19:23:42 | 000,001,098 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.26 17:08:10 | 000,000,029 | -H-- | C] () -- C:\Users\Benjamin\AppData\Roaming\urhtps.dat
[2011.04.22 13:15:47 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.04.22 13:15:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.04.22 13:15:47 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.04.22 13:15:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.04.22 13:15:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.03.29 19:37:49 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011.02.03 21:17:27 | 000,000,094 | ---- | C] () -- C:\Windows\Lexstat.ini
[2011.01.21 07:36:02 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.12.27 19:54:14 | 000,000,032 | -H-- | C] () -- C:\Users\Benjamin\AppData\Local\packet
[2010.11.30 22:35:18 | 000,007,605 | -H-- | C] () -- C:\Users\Benjamin\AppData\Local\Resmon.ResmonCfg
[2010.08.08 22:39:11 | 000,000,241 | ---- | C] () -- C:\Windows\QSync.INI
[2010.08.08 22:36:19 | 000,081,920 | ---- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe
[2010.07.01 17:08:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.20 13:21:39 | 000,006,656 | -H-- | C] () -- C:\Users\Benjamin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.10 18:30:43 | 000,002,903 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2010.02.10 18:30:37 | 000,000,748 | ---- | C] () -- C:\Windows\cm106.ini
[2009.07.14 10:47:43 | 000,656,484 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,130,826 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,283,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,616,990 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,107,112 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.02.07 19:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2006.06.07 15:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
[2006.03.07 13:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
[2006.01.10 19:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
[2005.01.31 10:13:22 | 000,163,328 | ---- | C] () -- C:\Windows\System32\drivers\LV532AV.SYS
[2005.01.31 09:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2011.01.29 19:04:07 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\.purple
[2011.05.25 19:32:36 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\5015
[2011.01.31 19:33:17 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\Amazon
[2010.04.19 18:16:33 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\BellCraft.com
[2011.03.18 16:56:53 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\Bytemobile
[2011.06.12 13:49:18 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\Camfrog
[2010.01.22 18:57:38 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\CanuckSoftware
[2011.04.08 18:31:46 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\DAEMON Tools Lite
[2010.02.03 20:12:09 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\gtk-2.0
[2011.03.28 01:11:59 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\Hi-Rez Studios
[2011.04.21 18:32:00 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\ICQ
[2011.05.25 19:32:14 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\kock
[2010.08.30 17:51:03 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\LolClient
[2010.12.22 20:19:03 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\ManyCam
[2010.12.01 16:13:28 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\MobMapUpdater
[2011.05.26 17:22:12 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\MyPhoneExplorer
[2011.04.21 18:31:05 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\NetSpeedMonitor
[2010.02.04 01:37:48 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\OpenOffice.org
[2010.02.17 22:46:43 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\Red Kawa
[2011.06.12 22:55:17 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\SoftGrid Client
[2010.07.31 19:02:49 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\TerraTec
[2010.01.22 17:44:43 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\Thunderbird
[2011.04.03 16:19:24 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\TP
[2010.05.09 22:09:58 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\Trillian
[2010.04.12 18:07:36 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\TrueCrypt
[2010.04.12 18:59:13 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\TuneUp Software
[2010.12.29 12:43:34 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\Tyef
[2010.09.12 02:00:07 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\Verbindungsassistent
[2011.03.18 16:56:53 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\Vodafone
[2011.06.10 08:26:07 | 000,000,000 | -H-D | M] -- C:\Users\Benjamin\AppData\Roaming\xmldm
[2010.08.31 19:20:25 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.04.25 16:07:03 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.06.08 07:53:09 | 000,000,000 | --SD | M] -- C:\cofi.exe
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.01.22 17:19:58 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.06.07 18:50:28 | 000,000,000 | -H-D | M] -- C:\Download
[2010.05.02 14:03:02 | 000,000,000 | -H-D | M] -- C:\NVIDIA
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.06.12 15:46:48 | 000,000,000 | R--D | M] -- C:\Programme
[2011.06.12 23:31:19 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.01.22 17:19:58 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.06.08 07:53:09 | 000,000,000 | -H-D | M] -- C:\Qoobox
[2010.01.22 17:19:59 | 000,000,000 | ---D | M] -- C:\Recovery
[2011.06.12 23:01:22 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.08.09 19:07:39 | 000,000,000 | -H-D | M] -- C:\temp
[2010.11.27 19:45:59 | 000,000,000 | -H-D | M] -- C:\TerraTec
[2010.06.07 18:52:38 | 000,000,000 | -H-D | M] -- C:\tmpDownload
[2010.08.29 21:30:13 | 000,000,000 | R--D | M] -- C:\Users
[2011.06.12 22:57:30 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:14:30 | 000,398,336 | -H-- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | -H-- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-26 11:33:39
 
<           >
 
< End of report >
--- --- ---

 

Themen zu xpack.gen3 versteck Dateien/Festplatte beschädigt
acroiehelpe.dll, anti-malware, appdata, beschädigt, broken.opencommand, bösartige, c:\windows\system32\rundll32.exe, durchgeführt, entfernen, explorer, langs, malwarebytes, mbamservice.exe, minute, mozilla thunderbird, nodrives, nvlddmkm.sys, platte, plug-in, remote control, roaming, sched.exe, searchplugins, start menu, taskhost.exe, trojan.agent, trojan.banker, trojan.dropper, trojan.fakealert, trojan.zbotr.gen, verschwunden


« Bundeskriminalamt Virus | ich kann nicht mehr über google o andere suchmaschinen auf das internet zugreifen »


Ähnliche Themen: xpack.gen3 versteck Dateien/Festplatte beschädigt


  1. Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt
    Plagegeister aller Art und deren Bekämpfung - 16.02.2018 (27)
  2. TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3
    Log-Analyse und Auswertung - 14.06.2014 (13)
  3. TR/Crypt.XPACK.Gen3 alle dateien verschwunden
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (7)
  4. Trojaner: Festplatte beschädigt, Desktop schwarz und keine Dateien sichtbar!
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (1)
  5. Möglicher Virus ('TR/Crypt.XPACK.Gen3') bei neuer Festplatte
    Plagegeister aller Art und deren Bekämpfung - 06.02.2012 (1)
  6. "Festplatte beschädigt" - TR/Crypt.XPACK.GEN3
    Plagegeister aller Art und deren Bekämpfung - 05.07.2011 (20)
  7. Festplatte beschädigt
    Plagegeister aller Art und deren Bekämpfung - 15.06.2011 (1)
  8. "Festplatte beschädigt"-Meldungen, schwarzer Desktop, alle Dateien versteckt
    Log-Analyse und Auswertung - 01.06.2011 (12)
  9. Trojaner/Virus: Festplatte beschädigt - Bildschirm schwarz - keine Dateien
    Log-Analyse und Auswertung - 23.05.2011 (45)
  10. Festplatte beschädigt, Dateien verschwunden, schwarzer Bildschirm
    Log-Analyse und Auswertung - 21.05.2011 (1)
  11. trojaner ''festplatte beschädigt - durch problem mit IDE/ SATA festplatte''
    Plagegeister aller Art und deren Bekämpfung - 18.05.2011 (3)
  12. TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!
    Log-Analyse und Auswertung - 02.05.2011 (18)
  13. TR/Kazy.mekml.1, Festplatte beschädigt, Dateien nicht sichtbar
    Log-Analyse und Auswertung - 29.04.2011 (7)
  14. TR/kazy.mekml, Festplatte beschädigt, Dateien weg
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (11)
  15. Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt
    Plagegeister aller Art und deren Bekämpfung - 21.04.2011 (1)
  16. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
  17. festplatte beschädigt
    Netzwerk und Hardware - 13.11.2005 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema xpack.gen3 versteck Dateien/Festplatte beschädigt - Hallo, ich habe mir besagten Trojaner eingefangen. Avira konnte ihn nicht beseitigen. Habe danach mit Malwarebytes einen Kurzscan durchgeführt und gefundene Dateien entfernen lassen. Warnmeldungen seitdem verschwunden, Dateien jedoch immernoch - xpack.gen3 versteck Dateien/Festplatte beschädigt...
Archiv
Du betrachtest: xpack.gen3 versteck Dateien/Festplatte beschädigt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19