Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Auswertung Logfiles vor Erstellen eines Backups

Auswertung Logfiles vor Erstellen eines Backups


Log-Analyse und Auswertung: Auswertung Logfiles vor Erstellen eines Backups

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 05.08.2011, 12:11   #1
locoverde
 
Auswertung Logfiles vor Erstellen eines Backups - Standard

Auswertung Logfiles vor Erstellen eines Backups


Hallo zusammen!

Es würde mich freuen, falls jemand einen sachkundigen Blick auf die Logfiles werfen könnte.
Ich möchte ja ein sauberes System im Backup vorfinden ;-)

Es handelt sich bei meinem BS um
Visat Business SP2 mit allen aktuell verfügbaren Updates und Patches

Vielen Dank im Voraus!

Bernd


OTL logfile created on: 05.08.2011 12:44:02 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\G\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 71,83% Memory free
6,69 Gb Paging File | 5,89 Gb Available in Paging File | 88,04% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 78,37 Gb Free Space | 33,65% Space Free | Partition Type: NTFS

Computer Name: - | User Name: G | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.08.05 12:30:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\G\Desktop\OTL.exe
PRC - [2009.04.10 23:28:16 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011.08.05 12:30:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\G\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (.bntr)
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.04.20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.03.16 17:01:22 | 000,132,464 | ---- | M] (Samsung Electronics CO., LTD.) [Disabled | Stopped] -- C:\Windows\System32\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2009.12.06 17:35:49 | 000,361,288 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.12.06 17:10:56 | 000,604,488 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.11.16 13:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.09.11 21:24:07 | 000,062,464 | ---- | M] () [Disabled | Stopped] -- C:\Windows\unsignedthemessvc.exe -- (UnsignedThemes)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.19 14:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)


========== Driver Services (SafeList) ==========

DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.04 19:17:30 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.06.16 20:05:57 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011.04.20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.04.20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.04.20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.03.28 10:52:52 | 000,381,032 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2011.03.28 10:52:52 | 000,040,824 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2011.03.28 10:52:48 | 000,057,112 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2010.09.15 16:16:23 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010.09.15 16:16:23 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010.03.10 04:03:50 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009.12.21 21:56:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009.11.26 20:48:46 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.10.07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.09.02 05:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.07.17 11:52:00 | 000,155,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009.06.19 21:54:48 | 000,021,864 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\uxpatch.sys -- (uxpatch)
DRV - [2009.04.30 23:01:36 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.04.30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009.04.30 22:55:34 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008.09.10 18:07:48 | 000,182,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2007.10.12 03:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2007.10.11 19:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007.10.11 13:24:00 | 000,079,104 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt ) [Driver] [Kernel | System | Running] -- C:\Windows\System32\drivers\sleen16.sys -- (SLEE_16_DRIVER)
DRV - [2007.06.29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.01.16 22:28:54 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007.01.16 22:28:54 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2006.11.10 15:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ATITool.sys -- (ATITool)
DRV - [2005.12.05 21:55:42 | 000,071,372 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StMp3Rec.sys -- (StMp3Rec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.sueddeutsche.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.7.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.enabled: false
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\G\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.12 18:42:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.11 18:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.12 18:42:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.11 18:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.12 18:42:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.11 18:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.12 18:42:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.11 18:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.12 18:42:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.11 18:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.12 18:42:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.11 18:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.12 18:42:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.11 18:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.12 18:42:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.11 18:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.12 18:42:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.11 18:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.12 18:42:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.11 18:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.12 18:42:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.11 18:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.12 18:42:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.11 18:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.12 18:42:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.11 18:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.12 18:42:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.11 18:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.12 18:42:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.11 18:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.12 18:42:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.11 18:10:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\G\Program Files\DNA
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0}: C:\Program Files\Copernic Desktop Search - Home\Firefox36Connector

[2011.07.09 14:24:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\G\AppData\Roaming\Mozilla\Extensions
[2011.07.09 14:24:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\G\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011.07.29 18:30:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\9dloz750.default\extensions
[2011.07.17 14:57:00 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\9dloz750.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.06.20 19:13:29 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\9dloz750.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011.03.21 18:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\uwko68yu.alternative Basic\extensions
[2011.03.13 11:51:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\uwko68yu.alternative Basic\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.03 20:53:16 | 000,001,210 | ---- | M] () -- C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\9dloz750.default\searchplugins\scroogle-de.xml
[2011.08.04 19:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.05.22 09:18:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.06.13 13:59:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.08.04 19:54:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\G\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DLOZ750.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\G\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DLOZ750.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2009.06.24 19:05:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.07.08 09:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.08.04 19:54:03 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.08 21:08:24 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2009.09.21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2010.06.13 20:14:25 | 000,000,894 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Create 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\G\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\G\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{40142a7a-90de-11de-9452-001fd0591c35}\Shell - "" = AutoRun
O33 - MountPoints2\{40142a7a-90de-11de-9452-001fd0591c35}\Shell\AutoRun\command - "" = F:\Setup.exe cd
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.08.05 12:30:51 | 000,000,000 | ---D | C] -- C:\Users\G\Desktop\69886-fuer-alle-hilfesuchenden-muss-ich-vor-der-eroeffnung-eines-themas-beachten_files
[2011.08.05 12:30:08 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\G\Desktop\OTL.exe
[2011.08.05 12:10:16 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011.08.05 12:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.08.04 19:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.07.29 14:40:27 | 000,017,224 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.07.29 14:39:38 | 000,029,000 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.07.17 14:11:13 | 000,000,000 | ---D | C] -- C:\Users\G\AppData\Roaming\vlc
[2011.07.17 13:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.07.11 18:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange
[2011.07.09 14:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\G\Desktop\*.tmp files -> C:\Users\G\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.08.05 12:39:26 | 000,004,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.05 12:39:26 | 000,004,544 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.05 12:39:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.05 12:38:01 | 000,000,020 | ---- | M] () -- C:\Users\G\defogger_reenable
[2011.08.05 12:30:55 | 000,053,460 | ---- | M] () -- C:\Users\G\Desktop\69886-fuer-alle-hilfesuchenden-muss-ich-vor-der-eroeffnung-eines-themas-beachten.html
[2011.08.05 12:30:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\G\Desktop\OTL.exe
[2011.08.04 21:11:26 | 000,137,728 | ---- | M] () -- C:\Users\G\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.04 16:52:55 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.04 16:52:55 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.04 11:55:31 | 000,000,411 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.08.04 11:52:28 | 000,002,708 | ---- | M] () -- C:\Windows\System32\.rsp
[2011.08.04 11:52:28 | 000,001,536 | ---- | M] () -- C:\Windows\System32\.lck
[2011.08.01 18:47:09 | 000,002,331 | ---- | M] () -- C:\Users\G\Application Data\Microsoft\Internet Explorer\Quick Launch\SyncToy 2.1.lnk
[2011.07.17 13:14:33 | 000,000,908 | ---- | M] () -- C:\Users\G\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011.07.13 17:09:27 | 000,338,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.12 18:42:17 | 000,000,830 | ---- | M] () -- C:\Users\G\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\G\Desktop\*.tmp files -> C:\Users\G\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.08.05 12:37:51 | 000,000,020 | ---- | C] () -- C:\Users\G\defogger_reenable
[2011.08.05 12:30:50 | 000,053,460 | ---- | C] () -- C:\Users\G\Desktop\69886-fuer-alle-hilfesuchenden-muss-ich-vor-der-eroeffnung-eines-themas-beachten.html
[2011.08.04 11:52:28 | 000,002,708 | ---- | C] () -- C:\Windows\System32\.rsp
[2011.08.04 11:52:28 | 000,001,536 | ---- | C] () -- C:\Windows\System32\.lck
[2011.03.17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.02.28 21:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.09.06 20:30:03 | 000,216,876 | ---- | C] () -- C:\Windows\hpwins24.dat.temp
[2010.06.08 18:14:40 | 000,000,411 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010.05.27 18:24:24 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.04.25 20:02:10 | 000,282,624 | ---- | C] () -- C:\Windows\System32\DscPnt.dll
[2010.04.25 20:02:10 | 000,260,464 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2010.04.25 20:02:10 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l.dll
[2010.03.18 12:31:12 | 000,000,036 | ---- | C] () -- C:\Users\G\AppData\Local\housecall.guid.cache
[2010.03.02 22:11:40 | 000,017,408 | ---- | C] () -- C:\Users\G\AppData\Local\WebpageIcons.db
[2010.02.28 16:46:46 | 000,001,758 | ---- | C] () -- C:\Windows\hpwmdl24.dat.temp
[2010.02.28 16:37:12 | 000,217,040 | ---- | C] () -- C:\Windows\hpwins24.dat
[2009.12.12 17:32:12 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.10.13 16:40:41 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.10.09 20:50:48 | 000,000,264 | ---- | C] () -- C:\Windows\tb89r.ini
[2009.10.07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.09.14 19:03:07 | 000,003,722 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.09.14 19:01:51 | 000,000,391 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009.09.14 17:50:39 | 000,000,045 | -H-- | C] () -- C:\Windows\dsez5928.dat
[2009.09.11 21:24:07 | 000,062,464 | ---- | C] () -- C:\Windows\unsignedthemessvc.exe
[2009.09.02 10:03:02 | 000,000,000 | ---- | C] () -- C:\Windows\bdb.ini
[2009.08.24 22:20:18 | 000,000,158 | ---- | C] () -- C:\Windows\Clony2.ini
[2009.08.24 12:48:13 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.06.19 21:54:48 | 000,021,864 | ---- | C] () -- C:\Windows\System32\drivers\uxpatch.sys
[2009.05.27 19:35:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.05.26 18:01:34 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.05.26 18:01:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.26 18:00:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.04.30 22:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009.04.29 10:27:00 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2009.04.12 17:01:20 | 000,074,240 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2009.02.15 19:00:23 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009.01.10 17:06:14 | 000,001,594 | ---- | C] () -- C:\Users\G\AppData\Roaming\SAS7_000.DAT
[2008.12.26 22:55:41 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008.12.17 06:09:43 | 000,001,758 | ---- | C] () -- C:\Windows\hpwmdl24.dat
[2008.12.14 20:55:23 | 000,000,153 | ---- | C] () -- C:\Windows\cavscan.INI
[2008.12.13 18:39:07 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.11.30 23:27:47 | 000,137,728 | ---- | C] () -- C:\Users\G\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.30 17:10:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.11.30 16:05:38 | 000,064,000 | ---- | C] () -- C:\Windows\System32\esfw30.bin
[2008.11.30 15:51:33 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssgh1l3.dll
[2008.11.30 14:37:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.11.30 14:30:57 | 000,001,356 | ---- | C] () -- C:\Users\G\AppData\Local\d3d9caps.dat
[2006.11.10 15:08:50 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2006.11.02 14:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:43 | 000,338,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2009.08.26 12:43:23 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Acronis
[2009.08.10 20:06:41 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Ashampoo
[2008.12.10 11:58:14 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Auslogics
[2010.03.02 14:39:54 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\CloneSpy
[2010.03.11 18:34:34 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2011.07.04 20:26:53 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\DAEMON Tools Lite
[2008.12.10 17:28:12 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\DNA
[2009.12.14 17:31:36 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Duden
[2011.03.19 12:51:11 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\EPSON
[2011.03.26 19:19:08 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\FreeHideIP
[2009.04.25 19:00:41 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\gtk-2.0
[2008.11.30 16:40:02 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\HDD Thermometer
[2009.10.13 16:09:44 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\iPodder
[2009.05.23 22:31:50 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\KC Softwares
[2008.12.16 09:32:27 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Leadertech
[2011.07.27 17:18:27 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Nuance
[2008.11.30 22:03:12 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\OpenOffice.org
[2011.03.13 22:39:09 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Orbit
[2010.06.13 18:05:35 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Panda Security
[2011.06.14 12:53:47 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\pokerth
[2009.10.13 16:47:47 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\River Past G5
[2009.09.18 21:16:49 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\ScanSoft
[2009.01.18 18:19:34 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\SoundSpectrum
[2011.03.13 22:39:09 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Steganos
[2009.04.30 09:43:22 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Thinstall
[2008.12.10 00:01:34 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\TomTom
[2008.12.01 21:20:01 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Tracker Software
[2008.11.30 17:06:33 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\TuneUp Software
[2009.08.26 14:57:07 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\USBSafelyRemove
[2011.08.05 00:32:46 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\uTorrent
[2009.09.14 19:19:05 | 000,000,000 | ---D | M] -- C:\Users\G\AppData\Roaming\Zeon
[2011.08.05 12:38:10 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:B90F8A52D48FAD4D
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9B013599
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FED912DB

< End of report >

Alt 05.08.2011, 13:27   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Auswertung Logfiles vor Erstellen eines Backups - Standard

Auswertung Logfiles vor Erstellen eines Backups


Zitat:
SRV - [2009.12.06 17:35:49 | 000,361,288 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.12.06 17:10:56 | 000,604,488 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.11.16 13:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
Von TU würde ich dringend von abraten. Insbesondere die angeblichen "Tuneingtipps" und Registry-"Optimierungen" erinnern eher an Schlangenöl als an seriösen Maßnahmen.

OTL sieht soweit ok aus, mach mal einen Vollscan mit Malwarebytes.
__________________

__________________
Antwort

Themen zu Auswertung Logfiles vor Erstellen eines Backups
alternate, application/pdf, application/pdf:, auswertung, autorun, bho, cdrom, defender, explorer, firefox, format, helper, home, hängen, ics, logfiles, malwarebytes, mbamservice.exe, microsoft, plug-in, realtek, registry, scan, secure, software, sptd.sys, start menu, system, tracker, updates, vista, wallpaper, winlogon


« Virus, der alle Virenscans killt | Virenfunde + PC schaltet sich von selbst aus »


Ähnliche Themen: Auswertung Logfiles vor Erstellen eines Backups


  1. Schwere Probleme nach Deinstallation von Avira Antivir und dem Aufspielen eines aelteren Backups / Fund bei Malewarebyte: PUP.Optional.Ask.A
    Log-Analyse und Auswertung - 02.08.2015 (14)
  2. Anleitung: Erstellen eines Backups mit Paragon unter Windows
    Antiviren-, Firewall- und andere Schutzprogramme - 29.07.2015 (3)
  3. Wieder mal eine Auswertung eines OTLPE-Logs eines GVU/GEMA Trojaner infizierten Systems
    Log-Analyse und Auswertung - 29.06.2013 (10)
  4. Anleitung: Posten eines Logfiles in Code-Tags
    Anleitungen, FAQs & Links - 26.06.2013 (0)
  5. Hätte gerne eine Auswertung meiner HJT-logfiles und meiner OTL+Extras-logfiles
    Log-Analyse und Auswertung - 26.07.2012 (15)
  6. Weder malwarebytes, noch defogger lassen sich öffnen um logfiles zu erstellen
    Plagegeister aller Art und deren Bekämpfung - 01.11.2011 (3)
  7. broblem beim erstellen des OTL logfiles
    Log-Analyse und Auswertung - 17.11.2010 (13)
  8. Auswertung eines HijackThis Logfiles
    Log-Analyse und Auswertung - 01.07.2010 (8)
  9. Erstellen eines Trojaners auf Vista
    Mülltonne - 22.02.2009 (2)
  10. Hilfe bei Beurteilung eines Avira-Logfiles
    Plagegeister aller Art und deren Bekämpfung - 03.12.2008 (0)
  11. Sofware zum erstellen eines Trojana
    Mülltonne - 12.12.2006 (3)
  12. Erstellen eines HJackThis Log-File
    Log-Analyse und Auswertung - 11.10.2006 (1)
  13. Auswertung eines logfiles
    Log-Analyse und Auswertung - 02.05.2006 (4)
  14. Auswertung eines logfiles,brauche Hilfe
    Log-Analyse und Auswertung - 08.07.2005 (1)
  15. Virus Warnung von AntiVir beim Speichern eines hijackthis logfiles!
    Log-Analyse und Auswertung - 13.12.2004 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Auswertung Logfiles vor Erstellen eines Backups - Hallo zusammen! Es würde mich freuen, falls jemand einen sachkundigen Blick auf die Logfiles werfen könnte. Ich möchte ja ein sauberes System im Backup vorfinden ;-) Es handelt sich bei - Auswertung Logfiles vor Erstellen eines Backups...
Archiv
Du betrachtest: Auswertung Logfiles vor Erstellen eines Backups auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131