Schönen guten Abend,

ich kam heute aus meinem 2-wöchigen Urlaub zurück und habe im Hauptverzeichnis C: meiner Festplatte den versteckten Ordner "poooooooasi" mit einer Datei 483A44D3DDBFAFC entdeckt. Da ich mir sicher bin, dass ich den Ordner niemals selbst erstellt habe (Erstelldatum 24.8.11), löschte ich ihn und gab gleich poooooooasi in google ein. Dort fand ich nurt zwei Virenfund-Seiten:

hxxp://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FEyeStye.N&ThreatID=-2147322129

http://www.trojaner-board.de/101625-...-entdeckt.html

Avira schlägt nicht an, ich habe nur 6 Ausnahmen zugelassen, die mit Sicherheit false-positive sind.

Was kann ich tun, reicht es aus, wenn man diese Datei nur endgültig löscht?

Ich bitte um Hilfe, bin schwer beunruhigt, da es sich laut der Microsoft-Security-Seite um einen hochgradig gefährlichen Trojaner handeln könnte.

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 25.08.2011 20:30:01 - Run 1
OTL by OldTimer - Version 3.2.26.5     Folder = C:\Users\Chris\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 67,75% Memory free
8,19 Gb Paging File | 6,70 Gb Available in Paging File | 81,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911,50 Gb Total Space | 327,43 Gb Free Space | 35,92% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 8,33 Gb Free Space | 41,64% Space Free | Partition Type: FAT32
Drive F: | 931,51 Gb Total Space | 296,46 Gb Free Space | 31,83% Space Free | Partition Type: NTFS
 
Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.25 20:23:01 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTL.exe
PRC - [2011.06.30 17:59:51 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.15 14:59:50 | 000,737,016 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe
PRC - [2011.04.30 12:03:55 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.28 16:53:15 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.11.03 17:29:28 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.03.18 21:25:50 | 000,360,960 | ---- | M] (iZ3D Inc.) -- C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe
PRC - [2008.09.05 11:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
PRC - [2007.10.09 01:19:22 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.09 01:19:20 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006.12.19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe
PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.08.03 10:58:52 | 000,168,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV:64bit: - [2009.11.29 16:29:36 | 000,842,056 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV:64bit: - [2009.11.29 16:29:35 | 000,506,696 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysNative\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV:64bit: - [2009.11.16 13:25:48 | 000,035,144 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2008.01.21 04:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011.08.02 18:27:40 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.06.30 17:59:51 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.15 14:59:50 | 000,737,016 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011.04.30 12:03:55 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.01.28 16:53:15 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.03.18 21:34:34 | 000,614,400 | ---- | M] (iZ3D Inc.) [Auto | Running] -- C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe -- (S3D Service (Win64)) S3D Service (Win64)
SRV - [2010.03.18 21:25:50 | 000,360,960 | ---- | M] (iZ3D Inc.) [Auto | Running] -- C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe -- (S3D Service (Win32)) S3D Service (Win32)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.16 13:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.05 11:23:56 | 000,210,720 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter64.exe -- (RalinkRegistryWriter64)
SRV - [2008.09.05 11:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2007.10.09 01:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006.12.19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files (x86)\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.08.03 14:12:34 | 000,161,184 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2011.06.30 17:59:51 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.30 17:59:51 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.02.18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.01.01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010.08.19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2010.08.12 14:10:24 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ESLvnic.sys -- (ESLvnic1)
DRV:64bit: - [2010.02.25 17:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901)
DRV:64bit: - [2010.01.13 17:01:23 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.02 13:41:47 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:64bit: - [2009.02.17 19:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2008.09.25 16:28:10 | 001,591,008 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NxpCap64.sys -- (NxpCap64)
DRV:64bit: - [2008.08.21 12:57:32 | 000,797,184 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2008.01.21 04:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2007.10.09 01:19:02 | 000,383,000 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2006.11.30 16:17:56 | 000,033,048 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\x10ufx2.sys -- (XUIF)
DRV:64bit: - [2006.11.15 16:11:22 | 000,015,768 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\x10hid.sys -- (X10Hid)
DRV - [2009.05.27 21:11:18 | 000,043,704 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys -- (iZ3DInjectionDriver)
DRV - [2009.01.17 14:40:53 | 000,137,344 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\hwpsgt.sys -- (hwpsgt)
DRV - [2009.01.17 14:40:53 | 000,009,472 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\lemsgt.sys -- (lemsgt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "YouTube-Videosuche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de-de.facebook.com/"
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.8
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.3
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {241aae70-0022-11de-87af-0800200c9a66}:3.6.30.01.10
FF - prefs.js..extensions.enabledItems: zigboom@ymail.com:1.3.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files (x86)\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.23 21:07:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.15 12:35:21 | 000,000,000 | ---D | M]
 
[2010.12.26 17:34:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2011.08.25 20:18:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rumbok3v.default\extensions
[2010.04.27 19:07:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rumbok3v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.11 15:56:37 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rumbok3v.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2011.03.23 19:36:56 | 000,000,000 | ---D | M] (Fox!Box [de]) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rumbok3v.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2010.06.22 17:36:32 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rumbok3v.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011.03.12 20:10:02 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rumbok3v.default\extensions\personas@christopher.beard
[2008.12.23 14:01:59 | 000,002,108 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\rumbok3v.default\searchplugins\youtube-videosuche.xml
[2011.05.08 17:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.06.05 14:10:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.30 13:34:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.26 15:26:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- 
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RUMBOK3V.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
() (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RUMBOK3V.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
[2011.06.23 21:07:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.05.08 17:44:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.08 17:44:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.05.08 17:44:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.08 17:44:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.08 17:44:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.08 17:44:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\Pictures\Aus dem Internet\Wallpaper\at-the-beach-hd-wallpaper-1440x900.jpeg
O24 - Desktop BackupWallPaper: C:\Users\Chris\Pictures\Aus dem Internet\Wallpaper\at-the-beach-hd-wallpaper-1440x900.jpeg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{cd5cbf84-f706-11df-b3fe-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{cd5cbf84-f706-11df-b3fe-00ff01000001}\Shell\AutoRun\command - "" = G:\Windows\CHECK\DriveNavigator.exe
O33 - MountPoints2\{fa1c689d-357c-11de-8f79-002185754f10}\Shell - "" = AutoRun
O33 - MountPoints2\{fa1c689d-357c-11de-8f79-002185754f10}\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\{fcdadd99-8d66-11de-8dca-0015afb8bf89}\Shell - "" = AutoRun
O33 - MountPoints2\{fcdadd99-8d66-11de-8dca-0015afb8bf89}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk /r \??\I:) -  File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.25 20:23:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.25 20:23:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.25 20:21:23 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.08.25 20:21:23 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.08.25 20:21:23 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.08.25 20:21:23 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.08.25 20:21:23 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.08.25 20:18:31 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.08.25 20:17:02 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.25 20:16:46 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.25 20:16:21 | 000,000,534 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2011.08.25 20:16:07 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.08.25 20:15:17 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.08.25 20:15:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.25 20:14:26 | 4293,054,464 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.25 20:13:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2011.08.25 20:12:09 | 000,000,020 | ---- | M] () -- C:\Users\Chris\defogger_reenable
[2011.08.25 19:00:08 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.08.06 21:35:17 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.08.06 21:35:17 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.08.03 14:12:34 | 000,161,184 | ---- | M] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys
[2011.08.03 10:58:52 | 000,168,864 | ---- | M] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.25 20:12:09 | 000,000,020 | ---- | C] () -- C:\Users\Chris\defogger_reenable
[2011.08.25 19:00:08 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.07.14 16:45:57 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2011.04.16 18:51:16 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.02.21 17:24:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.02.09 18:06:04 | 000,000,004 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\steam_md4.dat
[2011.01.28 17:35:42 | 000,000,579 | ---- | C] () -- C:\Windows\Qtracker.INI
[2011.01.22 12:25:57 | 000,000,632 | ---- | C] () -- C:\Windows\CoD.INI
[2010.11.23 18:39:51 | 000,185,344 | ---- | C] () -- C:\Windows\SysWow64\PCGW32.DLL
[2010.10.26 20:41:04 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.09.10 19:12:32 | 000,004,984 | ---- | C] () -- C:\Windows\SysWow64\vidmode.ini
[2010.08.06 14:05:11 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.05.07 18:21:47 | 000,679,936 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.05.07 18:21:47 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.03.23 18:04:14 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2010.03.23 18:04:14 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2010.02.13 14:08:56 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010.02.13 14:08:56 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010.02.13 14:08:56 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010.02.07 20:46:47 | 000,000,567 | ---- | C] () -- C:\Windows\eReg.dat
[2010.01.24 15:37:20 | 000,000,001 | ---- | C] () -- C:\Windows\yedlata.dll
[2009.11.17 16:21:45 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009.09.25 15:49:54 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.25 15:49:22 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.09.25 15:48:46 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.24 17:43:53 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.07.24 17:31:57 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.07.24 17:07:29 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009.06.30 20:13:52 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
[2009.06.03 15:01:00 | 000,000,048 | ---- | C] () -- C:\Windows\avitoiPodconverter.ini
[2009.06.03 14:52:50 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SysAVItoiPod.dat
[2009.04.30 18:10:54 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009.04.30 18:10:52 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009.04.30 18:10:52 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009.04.28 17:21:09 | 000,000,000 | ---- | C] () -- C:\Windows\galaxy.ini
[2008.12.23 14:42:53 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2008.12.22 22:02:46 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.12.12 18:21:47 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2008.12.11 19:21:52 | 000,000,073 | ---- | C] () -- C:\Windows\wininit.ini
[2008.12.11 19:18:18 | 000,000,556 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008.12.11 18:58:38 | 000,000,794 | ---- | C] () -- C:\Windows\Thps3.INI
[2008.12.11 18:34:58 | 000,137,344 | ---- | C] () -- C:\Windows\SysWow64\drivers\hwpsgt.sys
[2008.12.11 18:34:58 | 000,009,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\lemsgt.sys
[2008.12.10 15:48:45 | 000,000,806 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\wklnhst.dat
[2008.12.09 17:02:35 | 000,008,702 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\UserTile.png
[2008.12.07 15:37:31 | 000,231,936 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.07 14:41:21 | 000,000,000 | ---- | C] () -- C:\Windows\homeDVD-Fotos.INI
[2008.12.07 14:38:20 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2008.12.07 14:36:58 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.12.07 14:05:39 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.12.07 13:53:03 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.12.05 23:00:54 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.12.05 20:51:58 | 000,015,312 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2008.12.05 20:16:39 | 000,008,412 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps64.dat
[2008.11.13 09:31:44 | 000,000,464 | ---- | C] () -- C:\Windows\11317231_000216BE_11.bin
[2008.11.13 09:31:44 | 000,000,464 | ---- | C] () -- C:\Windows\11317231_000216BE_1.bin
[2008.11.13 09:31:44 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_000116BE_1.bin
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.09.19 09:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.06.05 09:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003.08.07 21:01:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
 
========== LOP Check ==========
 
[2011.05.21 22:15:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Ashampoo
[2009.01.17 14:56:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Auslogics
[2011.08.04 17:59:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Azus
[2009.07.25 17:02:10 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\BlackBean
[2009.09.27 16:09:14 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011.05.21 22:44:44 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\concept design
[2010.12.30 14:42:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools Lite
[2011.06.20 12:53:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DVDVideoSoft
[2011.04.10 15:21:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.12.03 22:19:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FUEL
[2011.05.29 20:19:14 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GameRanger
[2009.01.11 15:05:42 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GetRightToGo
[2011.04.22 11:34:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ICQ
[2008.12.09 21:23:48 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\IrfanView
[2010.11.23 18:39:47 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\iZ3D Driver
[2009.01.13 18:26:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Kingston
[2011.05.18 19:46:29 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leadertech
[2011.04.07 19:21:10 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\MediaProSoft Free MP4 to AVI Converter
[2011.07.01 13:21:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\MotioninJoy
[2009.02.24 15:26:05 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Mp3tag
[2011.08.03 14:50:15 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Myfof
[2009.04.30 14:13:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenArena
[2008.12.10 17:48:37 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2008.12.09 21:37:59 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PasswordSafe
[2010.11.06 16:20:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\REAPER
[2008.12.10 16:12:08 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Template
[2011.06.11 13:49:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TS3Client
[2009.07.24 21:15:31 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TuneUp Software
[2011.08.06 21:55:22 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Tunngle
[2011.05.22 00:01:22 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TVcentral-Core
[2010.09.07 13:29:05 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Ubisoft
[2010.05.28 15:47:24 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Unity
[2011.05.22 00:21:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\UseNeXT
[2011.08.25 20:16:21 | 000,000,534 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2011.03.06 04:00:02 | 000,000,294 | ---- | M] () -- C:\Windows\Tasks\Crysis Wars(R) Updates.job
[2011.08.25 20:13:15 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.09.23 21:00:17 | 000,000,000 | ---D | M] -- C:\$Recycle.Bin
[2010.08.24 10:43:34 | 000,000,000 | ---D | M] -- C:\Alien Arena 7_45
[2010.10.04 19:53:32 | 000,000,000 | ---D | M] -- C:\BlueJ
[2010.02.21 18:32:53 | 000,000,000 | ---D | M] -- C:\Boot
[2011.08.11 20:18:44 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009.11.06 00:30:11 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2010.07.01 14:42:01 | 000,000,000 | ---D | M] -- C:\HammerAutosave
[2008.12.05 21:00:54 | 000,000,000 | ---D | M] -- C:\Intel
[2008.10.14 17:49:37 | 000,000,000 | ---D | M] -- C:\MSOCache
[2008.12.05 20:31:50 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2011.05.21 22:05:23 | 000,000,000 | ---D | M] -- C:\Perl
[2011.07.05 16:05:45 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.07.13 15:17:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2011.08.25 19:00:08 | 000,000,000 | ---D | M] -- C:\ProgramData
[2009.12.02 20:34:32 | 000,000,000 | ---D | M] -- C:\Root
[2010.10.22 18:00:05 | 000,000,000 | ---D | M] -- C:\Server
[2010.02.13 14:06:52 | 000,000,000 | ---D | M] -- C:\SIERRA
[2011.08.25 20:32:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.11.06 00:30:09 | 000,000,000 | ---D | M] -- C:\Users
[2009.05.30 14:12:26 | 000,000,000 | ---D | M] -- C:\videodvdmaker
[2011.08.04 18:09:56 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 04:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 04:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe
[2008.01.21 04:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe
[2008.01.21 04:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
         

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

• "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
  - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
  - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
• Charakteristische Merkmale/Profilinformationen:
  - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
• Die Systemprüfung und Bereinigung:
  - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
• Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
• Innerhalb der Betreuungszeit:
  - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
• Die Reihenfolge:
  - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
• GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
• Ansonsten unsere Forumsregeln:
  - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
• Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

• Installieren und per Doppelklick starten.
• Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
• "Komplett Scan durchführen" wählen (überall Haken setzen)
• wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
• Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
• Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

2.
Fixen mit OTL

• Starte die OTL.exe.
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Kopiere folgendes Skript:

Code: Alles auswählenAufklappen

ATTFilter

:OTL
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
FF - prefs.js..browser.startup.homepage: "http://de-de.facebook.com/"
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
[2011.05.08 17:44:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.05.08 17:44:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cd5cbf84-f706-11df-b3fe-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{cd5cbf84-f706-11df-b3fe-00ff01000001}\Shell\AutoRun\command - "" = G:\Windows\CHECK\DriveNavigator.exe
O33 - MountPoints2\{fa1c689d-357c-11de-8f79-002185754f10}\Shell - "" = AutoRun
O33 - MountPoints2\{fa1c689d-357c-11de-8f79-002185754f10}\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\{fcdadd99-8d66-11de-8dca-0015afb8bf89}\Shell - "" = AutoRun
O33 - MountPoints2\{fcdadd99-8d66-11de-8dca-0015afb8bf89}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk /r \??\I:) -  File not found
[2011.08.25 20:23:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.25 20:23:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.25 20:18:31 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

:Commands
[purity]
[emptytemp]
[resethosts]
         

• und füge es hier ein:
• Schließe alle Programme.
• Klicke auf den Fix Button.
• Klick auf .
• OTL verlangt einen Neustart. Bitte zulassen.
• Nach dem Neustart findest Du ein Textdokument.
  Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

4.
erneut einen Scan mit OTL:

• Doppelklick auf die OTL.exe
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Oben findest Du ein Kästchen mit Ausgabe.
  Wähle bitte Standard-Ausgabe
• Unter Extra-Registrierung wähle bitte Benutze SafeList.
• Mache Häckchen bei LOP- und Purity-Prüfung.
• Klicke nun auf Scan links oben.
• Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
  Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
• Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

Hallo kira,

danke für deine schnelle Antwort, ich hoffe, ich habe alles so getan wie du es beschrieben hast und dass du mir weiterhelfen kannst.

Scan-Bericht:

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7573

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

26.08.2011 13:47:12
mbam-log-2011-08-26 (13-47-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Durchsuchte Objekte: 907589
Laufzeit: 2 Stunde(n), 57 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\program files (x86)\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\program files (x86)\COD6\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully.
f:\spieldateien\cracks & keygens\battlefield bad company 2\Crack\rld-bbc2.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
f:\spieldateien\cracks & keygens\call of duty 4\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
f:\spieldateien\cracks & keygens\CoD 6\Crack\coop teknogods\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully.
f:\spieldateien\Spiele\unreal tournament\109000006200002i\unrealtournament.exe (Trojan.Agent) -> Quarantined and deleted successfully.
         

OTL-Fix:

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Prefs.js: "hxxp://de-de.facebook.com/" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd5cbf84-f706-11df-b3fe-00ff01000001}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd5cbf84-f706-11df-b3fe-00ff01000001}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd5cbf84-f706-11df-b3fe-00ff01000001}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd5cbf84-f706-11df-b3fe-00ff01000001}\ not found.
File G:\Windows\CHECK\DriveNavigator.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa1c689d-357c-11de-8f79-002185754f10}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa1c689d-357c-11de-8f79-002185754f10}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa1c689d-357c-11de-8f79-002185754f10}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa1c689d-357c-11de-8f79-002185754f10}\ not found.
File K:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcdadd99-8d66-11de-8dca-0015afb8bf89}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fcdadd99-8d66-11de-8dca-0015afb8bf89}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcdadd99-8d66-11de-8dca-0015afb8bf89}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fcdadd99-8d66-11de-8dca-0015afb8bf89}\ not found.
File G:\LaunchU3.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk /r \??\I: deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\Google Software Updater.job moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Chris
->Temp folder emptied: 437880 bytes
->Temporary Internet Files folder emptied: 58987393 bytes
->Java cache emptied: 59534425 bytes
->FireFox cache emptied: 499340072 bytes
->Flash cache emptied: 133513 bytes
 
User: Default
->Temporary Internet Files folder emptied: 33109 bytes
->Flash cache emptied: 41 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 311296 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 8522752 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22627 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 20847280 bytes
 
Total Files Cleaned = 618,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.26.5 log created on 08262011_140001

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\SET6F43.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET77A4.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         

Installierte Programme:

Code: Alles auswählenAufklappen

ATTFilter

7-Zip 4.65		07.03.2009	3,13MB	
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	13.09.2009		10.0.32.18
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	04.07.2011		10.3.181.26
Adobe Reader 9.4.5 - Deutsch	Adobe Systems Incorporated	14.06.2011	164,1MB	9.4.5
Age of Empires III	Microsoft Game Studios	10.12.2008	2.148MB	1.00.0000
Alien Arena 2010	COR Entertainment, LLC	23.08.2010	776MB	
Apple Application Support	Apple Inc.	20.05.2011	51,0MB	1.5.1
Apple Mobile Device Support	Apple Inc.	01.04.2011	22,4MB	3.4.0.25
Apple Software Update	Apple Inc.	06.09.2010	2,26MB	2.1.2.120
Assassin's Creed II	Ubisoft	06.09.2010	5.881MB	1.01
Avira AntiVir Personal - Free Antivirus	Avira GmbH	10.08.2011	90,2MB	10.2.0.700
Battlefield: Bad Company™ 2	Electronic Arts	29.12.2010	1.773MB	1.0.0.0
BlueJ 2.5.0	Deakin University	02.10.2010	8,80MB	
Bonjour	Apple Inc.	20.05.2011	1,15MB	2.0.5.0
Caesar 3		10.12.2008	544MB	
Call of Duty		21.01.2011	1.158MB	
Call of Duty(R) 4 - Modern Warfare(TM)	Activision	16.11.2009	6.718MB	1.7
Call of Duty: Black Ops		10.11.2010	8.042MB	
Call of Duty: Black Ops - Multiplayer	Treyarch	20.02.2011	8.739MB	
Call of Juarez	Ubisoft	10.09.2010	2.809MB	1.1.1.0
Call of Juarez - Bound in Blood	Ubisoft	06.07.2011	2.892MB	1.01.0000
CCleaner	Piriform	25.08.2011	8,28MB	3.10
Chaser		26.05.2009	1.501MB	
Command & Conquer 3	Ihr Firmenname	29.06.2009	1.014MB	1.00.0000
Command & Conquer Die ersten 10 Jahre	Electronic Arts	24.05.2009	9.965MB	1.00.0000
Command & Conquer™ Die ersten 10 Jahre-Patch		25.05.2009	9.965MB	
Command & Conquer™ Die ersten 10 Jahre-Patch 1.02		25.05.2009	9.965MB	
Compatibility Pack für 2007 Office System	Microsoft Corporation	15.06.2011		12.0.6425.1000
Counter-Strike 1.6		19.11.2010	4,57MB	1.6
Counter-Strike: Condition Zero	Valve	28.02.2011	41,3MB	
Counter-Strike: Source	Valve	23.08.2010	1.325MB	
Counter-Strike: Source	Valve	24.08.2010		
Counter-Strike: Source Texture Pack 1.00		01.11.2010	7.174MB	
Create™	Electronic Arts	11.03.2011	1.800MB	1.0.0.0
Crysis Wars(R)	Electronic Arts	26.12.2010	7.039MB	
Crysis Wars(R) Patch	Electronic Arts	26.12.2010	7.039MB	
Crysis® 2	Electronic Arts	01.06.2011	3.661MB	1.0.0.0
Day of Defeat	Valve	05.03.2011	29,4MB	
Day of Defeat: Source	Valve	06.03.2011	60,8MB	
Deathmatch Classic	Valve	05.03.2011	15,7MB	
Defraggler	Piriform	02.08.2011	2,75MB	2.06
DivX Converter	DivX, Inc.	27.08.2010	45,3MB	7.1.0
DivX Plus DirectShow Filters	DivX, Inc.	27.08.2010	1,58MB	
DivX-Setup	DivX, Inc. 	22.11.2010	2,28MB	2.1.2.2
Duke Nukem Forever		30.06.2011	6.743MB	
EA Download Manager	Electronic Arts, Inc.	02.12.2009	7,99MB	5.1.0.4
EAX4 Unified Redist	Creative Labs	06.01.2009	0,16MB	4.001
Empire Earth		12.02.2010	5,77MB	
ESL Wire 1.10.1	Turtle Entertainment GmbH	07.08.2011	59,1MB	
EVEREST Home Edition v2.20	Lavalys Inc	24.12.2008	6,58MB	2.20
Fallout 3	Bethesda Softworks	06.12.2009	5.857MB	1.00.0000
Far Cry 2	Ubisoft	29.04.2009	3.240MB	1.03.00
FEARCombat	Vivendi Universal Games, Inc.	22.07.2010	3.534MB	1.00.0000
FIFA 11	Electronic Arts	17.05.2011	2.166MB	1.0.0.0
Free Video to iPod Converter version 4.2.20.602	DVDVideoSoft Limited.	18.06.2011	3,15MB	
Free Video to Sony Phones Converter version 1.0.7.602	DVDVideoSoft Limited.	19.06.2011	3,56MB	
Free YouTube Download version 2.10.33.324	DVDVideoSoft Limited.	09.04.2011	2,30MB	
Free YouTube to MP3 Converter version 3.2	DVDVideoSoft Limited.	25.09.2009	5,34MB	
FUEL	Codemasters	02.12.2009	3.916MB	1.00.0000
GameRanger	GameRanger Technologies	28.05.2011	3,10MB	
GeoGebra	GeoGebra Inc.	28.09.2009	106,1MB	3.2.0.0
Google Earth	Google	28.06.2011	84,7MB	6.0.3.2197
Google Updater	Google Inc.	21.03.2009	3,43MB	2.4.1536.6592
Gotcha!		24.05.2009	551MB	1.00.000
Grand Theft Auto IV	Rockstar Games	28.11.2009	15.335MB	1.00.0000
Grand Theft Auto Vice City		10.12.2008	1.502MB	1.00.000
GTA San Andreas	Rockstar Games	10.12.2008	4.789MB	1.00.00001
Half-Life 2: Deathmatch	Valve	02.09.2010	5.934MB	
Half-Life Dedicated Server Update Tool		01.09.2010	2.274MB	
Harry Potter und der Gefangene von Askaban(TM)		10.12.2008	808MB	
Harry Potter und der Orden des Phönix™		10.12.2008	4.720MB	
Hitman Blood Money	Eidos	11.08.2009	4.290MB	1.00.0000
ICQ7.4	ICQ	20.04.2011	47,0MB	7.4
Intel(R) Matrix Storage Manager		04.12.2008	8,14MB	
IrfanView (remove only)		08.12.2008	1,77MB	
IsoBuster 2.8.5	Smart Projects	21.01.2011	10,8MB	2.8.5
iTunes	Apple Inc.	20.05.2011	144,9MB	10.2.2.14
iZ3D Driver Remove	iZ3D Inc.	22.11.2010	29,9MB	1.10
Jagged Alliance 2		12.08.2009	418MB	
James Bond 007: Nightfire	Electronic Arts	06.02.2010	1.134MB	
Java(TM) 6 Update 18	Sun Microsystems, Inc.	03.06.2010	97,1MB	6.0.180
Java(TM) 6 Update 21 (64-bit)	Oracle	02.10.2010	90,5MB	6.0.210
Java(TM) 6 Update 22	Sun Microsystems, Inc.	08.12.2008	94,4MB	6.0.220
Java(TM) 6 Update 7	Sun Microsystems, Inc.	06.12.2008	136,2MB	1.6.0.70
Java(TM) SE Development Kit 6 Update 21 (64-bit)	Oracle	02.10.2010	144,0MB	1.6.0.210
JDownloader	AppWork UG (haftungsbeschränkt)	11.06.2010	54,4MB	0.89
Logitech Gaming Software		10.12.2008	10,4MB	4.40
Malwarebytes' Anti-Malware Version 1.51.1.1800	Malwarebytes Corporation	25.08.2011	6,73MB	1.51.1.1800
Microangelo Toolset 6	Eclipsit	04.01.2009	5,86MB	6.10.2
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	15.07.2009	42,1MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	08.02.2011	42,1MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	02.07.2010	189,3MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	02.07.2010	46,5MB	4.0.30319
Microsoft Age of Empires II		06.02.2010	572MB	
Microsoft Age of Empires II: The Conquerors Expansion		06.02.2010	572MB	
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	06.05.2011	31,3MB	3.5.88.0
Microsoft Games for Windows Marketplace	Microsoft Corporation	06.05.2011	6,04MB	3.5.50.0
Microsoft Motocross Madness 2		10.12.2008	568MB	
Microsoft Silverlight	Microsoft Corporation	15.06.2011	20,3MB	4.0.60531.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	06.04.2011	1,74MB	3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	28.07.2009	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	28.07.2009	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.06.2011	0,29MB	8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	06.12.2008	0,81MB	8.0.61000
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148	Microsoft Corporation	04.06.2010	0,21MB	9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	28.07.2009	0,19MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022	Microsoft Corporation	03.06.2010	2,24MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	06.10.2010	0,76MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,76MB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	06.12.2008	2,06MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218	Microsoft Corporation	03.06.2010	0,22MB	9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	17.05.2011	0,23MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	17.03.2009	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	25.03.2010	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,58MB	9.0.30729.6161
Midnight Club II		10.12.2008	1.530MB	2.0
MotioninJoy ds3 driver version 0.6.0003	www.motioninjoy.com	30.06.2011	3,16MB	0.5.0001
Mozilla Firefox 5.0 (x86 de)	Mozilla	22.06.2011	33,9MB	5.0
Mp3tag v2.44	Florian Heidenreich	13.10.2009	5,03MB	v2.44
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	08.12.2008	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	24.11.2009	1,34MB	4.20.9876.0
Need for Speed Underground 2		10.12.2008	1.730MB	
Need for Speed™ Carbon		10.12.2008	4.995MB	
Nero 8 Essentials	Nero AG	29.05.2009	1.937MB	8.3.124
NFS Underground		10.12.2008	1.270MB	
NVIDIA Drivers	NVIDIA Corporation	23.07.2009		1.3
NVIDIA PhysX	NVIDIA Corporation	23.07.2009	119,9MB	9.09.0203
OpenAL		17.01.2010	0,75MB	
OpenOffice.org 3.2	OpenOffice.org	03.06.2010	373MB	3.2.9483
Password Safe and Repository 5.1.1.1581	MATESO GmbH	29.06.2009	6,73MB	5.1.1.1581
Picasa 3	Google, Inc.	17.11.2010	52,6MB	3.8
Polipo 1.0.4		18.01.2010	0,32MB	
Pro Evolution Soccer 2009	KONAMI	30.12.2009		1.40.0000
Prototype(TM)	Activision	01.12.2009	7.963MB	1.0
PunkBuster Services	Even Balance, Inc.	26.12.2010		0.986
Qtracker		25.12.2010	35,3MB	4.92
QuickTime	Apple Inc.	01.04.2011	73,7MB	7.69.80.9
Ralink RT2870 Wireless LAN Card	Ralink	04.12.2008	13,3MB	1.0.4.0
RealPlayer	RealNetworks	22.12.2008	46,0MB	
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	02.03.2011	21,6MB	6.0.1.5700
Ricochet	Valve	28.02.2011	13,2MB	
Rockstar Games Social Club	Rockstar Games	28.11.2009	1,89MB	1.00.0000
Sierra-Dienstprogramme		10.12.2008		
Skype™ 4.2	Skype Technologies S.A.	20.05.2010	31,8MB	4.2.169
Source Dedicated Server	Valve	30.08.2010	18,9MB	
Source SDK Base 2006	Valve	03.02.2011		
Source SDK Base 2007	Valve	03.02.2011	64,0MB	
SpeechRedist	Epic Games Inc.	02.11.2010	58,8MB	1.0.0
Splinter Cell Pandora Tomorrow		09.09.2010	2.148MB	1.03.100
Star Wars Battlefront II	LucasArts	09.09.2010	4.415MB	1.0
Steam	Valve Corporation	22.08.2010	1,49MB	1.0.0.0
Team Fortress 2	Valve	23.06.2011	821MB	
Team Fortress 2	[PSY]	13.09.2010	6.265MB	1.0.5.2
TeamSpeak 2 RC2	Dominating Bytes Design	26.11.2010		2.0.32.60
TeamSpeak 3 Client	TeamSpeak Systems GmbH	10.04.2010	35,4MB	
Tom Clancy's Splinter Cell Conviction	Ubisoft	07.07.2010	7.093MB	1.04.000
Tom Clancy's Splinter Cell Double Agent	Ubisoft	06.01.2009	10.926MB	1.00.0000
Tomb Raider: Underworld 1.1		04.12.2009	7.522MB	
Tony Hawk's American Wasteland	Ihr Firmenname	10.12.2008	3.430MB	1.00.0000
Tony Hawk's Pro Skater 3®	Activision Publishing, Inc.	10.12.2008	707MB	1.0
Tor 0.2.1.21		18.01.2010	3,12MB	
TuneUp Utilities 2009	TuneUp Software	28.11.2009	47,1MB	8.0.3310.3
Tunngle beta	Tunngle.net GmbH	12.07.2011	8,32MB	
Turtix	Ihr Firmenname	23.07.2009	51,0MB	1.00.0000
Ubisoft Game Launcher	UBISOFT	05.07.2011	2,82MB	1.0.0.0
UltraStar 0.7.0		18.01.2010	199,6MB	
Uninstall 1.0.0.1		09.04.2011	17,3MB	
Unreal Tournament 2004		02.11.2010	5.806MB	
UseNeXT	Aviteo Ltd	29.03.2010	4,39MB	
Vidalia 0.2.6		18.01.2010	25,6MB	
VirtualCloneDrive	Elaborate Bytes	29.04.2009	2,19MB	
VLC media player 1.1.5	VideoLAN	25.12.2010	60,4MB	1.1.5
Warhammer® 40,000™: Dawn of War® II	Relic	05.03.2011	6.369MB	
Warhammer® 40,000™: Dawn of War® II – Chaos Rising™	Relic	06.03.2011	6.369MB	
Winamp	Nullsoft, Inc	01.08.2010	29,3MB	5.581 
Winamp Erkennungs-Plug-in	Nullsoft, Inc	01.08.2010	0,13MB	1.0.0.1
Windows Live Essentials	Microsoft Corporation	07.04.2011		15.4.3508.1109
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	06.04.2011	5,58MB	15.4.5722.2
WinRAR		04.03.2009	3,73MB	
X10 Hardware(TM)		22.12.2008	28,00KB	
Xfire (remove only)		11.11.2009	15,3MB	
Xpand Rally Xtreme	Techland	23.07.2009	1.358MB	1.0.0.0
         

2. Fix im Anhang

Grüße Gold

f:\spieldateien\cracks & keygens\battlefield bad company 2\Crack\rld-bbc2.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
f:\spieldateien\cracks & keygens\call of duty 4\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
f:\spieldateien\cracks & keygens\CoD 6\Crack\coop teknogods\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully.

tschuldigung..
aber kann es nicht sein dass der Auslöser einen anderen Ursprung besitzt und nur auf vermeintlich gefährliche Dateien übergesprungen ist?

Ist mein System jetzt komplett bereinigt oder was muss ich weiterhin tun?

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

danke Cosinus!

- Das Installieren von Raubkopien ist eine ziemlich sichere Methode, ein Rechner zu infizieren
- Ich beführte dass Du Dein Problem nur lösen kannst, wenn du dein System neu installierst, da geht`s um:

Code: Alles auswählenAufklappen

ATTFilter

f:\spieldateien\cracks & keygens\battlefield bad company 2\Crack\rld-bbc2.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
f:\spieldateien\cracks & keygens\call of duty 4\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
f:\spieldateien\cracks & keygens\CoD 6\Crack\coop teknogods\teknogods_mw2sp.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully.
         

"Solche Programme" enthalten immer besonders viele und gefährliche Schadprogramme, sollte man die Finger davon lassen!
** Du solltest in so einem Fall mal dein Konsummuster überdenken
Weil dein Verhalten damit dem deutschen Recht unterliegt, wird den Support an dieser Stelle von unsere Seite aus beendet. Also am besten ist es, Du Sicherst deiner Daten (ohne cracks & Keygens!) und machst eine komplette Neuinstallation des Rechners, das ist der schnellste und sauberste lösung!
Aber wenigstens hast Du dann nach einer Neuinstallation wieder ein sauberes System und hoffentlich hast Du was draus gelernt und in Zukunft lässt die Finger von...
-> Forumregel!

Zitat:

Sinn & Zweck der Sache - Viren Trojaner Würmer:
Ein Wurm, der fast als "guter Wurm" bezeichnet werden kann, zieht durch
das Netz und verbeitet sich über die File-Sharing Netzwerke BearShare, KaZaA
eMule & Co
Der Wurm besitzt unzählige verschiedene Namen bekannter Cracks oder
Keygeneratoren zur illegalen Benutzung von kommerzieller Software. Wer gezielt
nach solchen Dateien sucht, könnte also durchaus auch auf eine Wurmkopie
treffen.