Avira Guard meldet TR/Crypt.XPACK.Gen3 - Trojaner

Wastelo · 22.05.2013, 22:57

Hallo zusammen,

heute morgen meldete mir Avira Guard einen vorhandenen Trojaner auf meinem Laptop (Windows XP), welchen ich dann auch direkt nach der vollständigen Systemüberprüfung in Quarantäne versetzte:

In der Datei 'C:\0eea7c6e3ce8bfff7127245bae5e8b\MRT.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Ausgeführte Aktion: Datei in Quarantäne verschieben

Danach habe ich mittels Google nach ähnlichen Vorfällen gesucht und habe mich an die Anleitungen von "ryder" aus Thread "http://www.trojaner-board.de/131581-...arebytes.html" gehalten, d.h.:
Schritt 0: Scan mit Malwarebytes Anti-Malware
Schritt 1: Programme deinstalliert
Schritt 2: Scan mit awdcleaner
Schritt 3: Temporäre Dateien mit TFC gelöscht
Schritt 4: Scan mit DDS+

Dann wollte ich mich bei trojaner-board anmelden und bemerkt, dass doch andere logs erforderlich sind. So habe ich nun sämtliche Schritte aus Thread http://www.trojaner-board.de/69886-a...-beachten.html bearbeitet:

OTL log

Code:

ATTFilter

OTL logfile created on: 22.05.2013 17:40:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.97 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 68.30% Memory free
3.82 Gb Paging File | 3.18 Gb Available in Paging File | 83.16% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 72.05 Gb Total Space | 24.51 Gb Free Space | 34.02% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 7.13 Gb Free Space | 9.90% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.22 17:39:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe
PRC - [2013.02.13 20:38:24 | 000,844,144 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013.02.13 20:38:18 | 000,310,128 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.02.13 20:38:14 | 001,509,232 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe
PRC - [2012.12.03 09:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2011.07.08 22:32:14 | 000,666,696 | ---- | M] (Juniper Networks) -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe
PRC - [2011.06.19 08:29:04 | 000,619,672 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\NI Error Reporting\nierserver.exe
PRC - [2011.06.14 17:57:10 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\MAX\nimxs.exe
PRC - [2011.06.14 11:54:08 | 000,676,016 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\Tagger\tagsrv.exe
PRC - [2011.06.14 09:11:10 | 000,362,104 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2011.06.14 09:08:24 | 000,056,952 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lktsrv.exe
PRC - [2011.06.14 09:00:10 | 000,046,192 | ---- | M] (National Instruments Corporation) -- C:\WINDOWS\system32\lkads.exe
PRC - [2011.06.10 14:11:20 | 000,121,032 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
PRC - [2011.06.04 02:05:19 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011.06.01 16:32:14 | 000,194,224 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
PRC - [2011.05.27 13:44:20 | 000,050,328 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\NI WebServer\SystemWebServer.exe
PRC - [2011.05.27 13:43:48 | 000,050,336 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
PRC - [2010.10.27 09:43:38 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\WINDOWS\system32\lkcitdl.exe
PRC - [2010.08.12 17:45:00 | 000,024,064 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
PRC - [2010.01.12 22:02:46 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2008.10.23 20:18:31 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008.10.23 20:13:24 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008.07.17 18:41:34 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2007.06.12 01:40:40 | 001,489,688 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\UNS.exe
PRC - [2007.06.12 01:40:36 | 000,183,064 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\atchksrv.exe
PRC - [2007.06.12 01:40:30 | 000,121,624 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\LMS.exe
PRC - [2007.05.16 21:51:02 | 000,716,800 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2007.03.28 09:29:38 | 000,299,008 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\MagicKBD\PerformanceManager.exe
PRC - [2007.01.30 13:34:00 | 000,372,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Programme\Samsung\MagicKBD\MagicKBD.exe
PRC - [2007.01.11 10:08:50 | 000,634,880 | ---- | M] () -- C:\Programme\Samsung\Samsung EDS\EDSAgent.exe
PRC - [2006.12.14 16:13:18 | 002,764,800 | ---- | M] () -- C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
PRC - [2006.12.11 16:35:34 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006.12.11 16:32:54 | 001,400,916 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006.11.13 18:41:08 | 000,081,920 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
PRC - [2006.09.30 00:00:00 | 000,071,240 | ---- | M] (Hummingbird Ltd.) -- C:\Programme\Hummingbird\Connectivity\12.00\NFS Maestro\expserv.exe
PRC - [2006.09.30 00:00:00 | 000,034,888 | ---- | M] (Hummingbird Ltd.) -- C:\Programme\Hummingbird\Connectivity\12.00\NFS Maestro\HumGSS.exe
PRC - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
PRC - [2006.07.13 19:27:16 | 000,528,384 | ---- | M] ( ) -- C:\WINDOWS\system32\lxctcoms.exe
PRC - [2006.06.20 21:08:48 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2006.06.20 15:37:42 | 000,286,720 | ---- | M] () -- C:\Programme\Lexmark 5400 Series\lxctmon.exe
PRC - [2006.06.07 05:05:20 | 000,098,304 | ---- | M] (Lexmark International Inc.) -- C:\Programme\Lexmark 5400 Series\ezprint.exe
PRC - [2005.07.03 09:20:49 | 000,372,736 | ---- | M] (Samsung Electronics.) -- C:\WINDOWS\Samsung\ComSMMgr\SSMMgr.exe
PRC - [2005.05.28 08:35:56 | 000,036,864 | R--- | M] () -- C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe
PRC - [2004.08.04 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.13 17:22:56 | 017,300,480 | ---- | M] () -- C:\Programme\Samsung\Kies\Theme\Kies.Theme.dll
MOD - [2013.02.13 17:21:38 | 000,569,344 | ---- | M] () -- C:\Programme\Samsung\Kies\Common\Kies.UI.dll
MOD - [2013.02.06 16:04:44 | 000,034,816 | ---- | M] () -- C:\Programme\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
MOD - [2013.02.06 16:04:04 | 000,023,040 | ---- | M] () -- C:\Programme\Samsung\Kies\MVVM\Kies.MVVM.dll
MOD - [2013.02.05 18:53:48 | 000,057,856 | ---- | M] () -- C:\Programme\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
MOD - [2011.07.26 23:08:31 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
MOD - [2011.07.26 23:07:21 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
MOD - [2011.07.26 22:56:19 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
MOD - [2011.07.26 22:55:33 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll
MOD - [2011.07.26 22:55:18 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll
MOD - [2011.07.26 22:54:56 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll
MOD - [2011.07.26 22:54:37 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll
MOD - [2011.07.26 22:54:30 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
MOD - [2011.07.26 22:54:20 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
MOD - [2011.07.26 22:53:25 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011.06.19 08:29:06 | 001,967,104 | ---- | M] () -- C:\Programme\National Instruments\Shared\NI Error Reporting\niwsrp.dll
MOD - [2010.11.15 21:30:07 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.15 21:30:03 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2010.08.12 17:45:00 | 000,024,064 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
MOD - [2010.05.05 13:44:14 | 000,039,936 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.SSL.pyd
MOD - [2010.05.05 13:44:12 | 000,010,752 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.rand.pyd
MOD - [2010.05.05 13:44:10 | 000,051,200 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.crypto.pyd
MOD - [2010.05.05 13:43:08 | 000,008,192 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\twisted.protocols._c_urlarg.pyd
MOD - [2010.03.16 13:05:00 | 000,020,480 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\zope.interface._zope_interface_coptimizations.pyd
MOD - [2009.10.26 09:27:14 | 000,011,776 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\select.pyd
MOD - [2009.10.26 09:27:12 | 000,311,808 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\_hashlib.pyd
MOD - [2009.10.26 09:27:06 | 000,153,088 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\pyexpat.pyd
MOD - [2009.10.26 09:25:42 | 000,073,728 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\_ctypes.pyd
MOD - [2009.10.26 09:25:18 | 000,645,120 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\_ssl.pyd
MOD - [2009.10.26 09:25:02 | 000,040,448 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\_socket.pyd
MOD - [2009.07.06 04:16:02 | 000,111,104 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\win32file.pyd
MOD - [2009.07.05 06:35:58 | 000,028,160 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\servicemanager.pyd
MOD - [2009.07.05 06:35:52 | 000,096,256 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\win32api.pyd
MOD - [2009.07.05 06:35:44 | 000,041,472 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\win32service.pyd
MOD - [2009.07.05 06:35:42 | 000,110,592 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\win32security.pyd
MOD - [2009.07.05 06:35:38 | 000,036,352 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\win32process.pyd
MOD - [2009.07.05 06:35:36 | 000,024,064 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\win32pipe.pyd
MOD - [2009.07.05 06:35:28 | 000,017,920 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\win32event.pyd
MOD - [2009.07.05 06:35:18 | 000,110,592 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\pywintypes26.dll
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.04.16 14:56:31 | 000,339,968 | ---- | M] () -- C:\Programme\AntiVir PersonalEdition Classic\sqlite3.dll
MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.04.29 04:05:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2007.01.11 10:08:50 | 000,634,880 | ---- | M] () -- C:\Programme\Samsung\Samsung EDS\EDSAgent.exe
MOD - [2006.12.14 16:13:18 | 002,764,800 | ---- | M] () -- C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
MOD - [2006.11.13 18:41:08 | 000,081,920 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
MOD - [2006.09.19 09:52:46 | 000,028,672 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\WinMove.dll
MOD - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
MOD - [2006.08.12 12:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll
MOD - [2006.07.11 01:36:56 | 000,012,288 | ---- | M] () -- C:\WINDOWS\system32\lxctpmrc.dll
MOD - [2006.07.11 01:34:44 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\lxctpmon.dll
MOD - [2006.07.11 00:53:34 | 000,032,768 | ---- | M] () -- C:\Programme\Lexmark 5400 Series\ipcmt.dll
MOD - [2006.06.21 05:44:04 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxctdrpp.dll
MOD - [2006.06.20 15:37:42 | 000,286,720 | ---- | M] () -- C:\Programme\Lexmark 5400 Series\lxctmon.exe
MOD - [2006.06.20 15:37:08 | 000,278,528 | ---- | M] () -- C:\Programme\Lexmark 5400 Series\lxctscw.dll
MOD - [2006.06.09 04:39:54 | 000,143,360 | ---- | M] () -- C:\Programme\Lexmark 5400 Series\lxctdrec.dll
MOD - [2006.05.25 18:20:44 | 000,241,664 | ---- | M] () -- C:\Programme\Lexmark 5400 Series\iptk.dll
MOD - [2005.07.12 16:34:22 | 000,045,056 | ---- | M] () -- C:\Programme\Samsung\MagicKBD\EasyBoxDll.dll
MOD - [2005.05.28 08:35:56 | 000,036,864 | R--- | M] () -- C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe
MOD - [2005.05.27 22:03:06 | 000,364,666 | R--- | M] () -- C:\Programme\Samsung\Samsung Network Manager\SNMCoreDll.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013.04.15 09:08:38 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.07.08 22:32:14 | 000,666,696 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011.06.14 17:57:10 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2011.06.14 11:54:08 | 000,676,016 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2011.06.14 09:11:10 | 000,362,104 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2011.06.14 09:08:24 | 000,056,952 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lktsrv.exe -- (lkTimeSync)
SRV - [2011.06.14 09:00:10 | 000,046,192 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\WINDOWS\system32\lkads.exe -- (lkClassAds)
SRV - [2011.06.10 14:11:20 | 000,121,032 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe -- (NINetworkDiscovery)
SRV - [2011.06.01 16:32:14 | 000,194,224 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2011.05.27 13:44:20 | 000,050,328 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\NI WebServer\SystemWebServer.exe -- (niSvcLoc)
SRV - [2011.05.27 13:43:48 | 000,050,336 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Programme\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer)
SRV - [2010.10.27 09:43:38 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\WINDOWS\system32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2010.08.12 17:45:00 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\capiws.exe -- (OpenVPNAccessClient)
SRV - [2010.08.02 10:00:00 | 001,427,688 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2010.03.29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009.08.10 00:15:36 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP2c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.06.03 10:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\Opcenum.exe -- (OpcEnum)
SRV - [2008.10.23 20:18:31 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008.10.23 20:13:24 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2007.06.12 01:40:40 | 001,489,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\AMT\UNS.exe -- (UNS)
SRV - [2007.06.12 01:40:36 | 000,183,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\AMT\atchksrv.exe -- (atchksrv)
SRV - [2007.06.12 01:40:30 | 000,121,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\AMT\LMS.exe -- (LMS)
SRV - [2006.11.13 18:41:12 | 000,073,728 | ---- | M] () [Auto | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2006.09.30 00:00:00 | 000,071,240 | ---- | M] (Hummingbird Ltd.) [Auto | Running] -- C:\Programme\Hummingbird\Connectivity\12.00\NFS Maestro\expserv.exe -- (HCLExport)
SRV - [2006.07.13 19:27:16 | 000,528,384 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxctcoms.exe -- (lxct_device)
SRV - [2006.06.20 21:08:48 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005.05.28 08:35:56 | 000,036,864 | R--- | M] () [Auto | Running] -- C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe -- (SNM WLAN Service)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\kl1.sys -- (kl1)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\__Samsung_Update\ADDMEM.SYS -- (ADDMEM)
DRV - [2013.01.31 10:19:50 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013.01.31 10:19:50 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011.07.08 22:00:16 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2010.08.03 16:25:28 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tapoas.sys -- (tapoas)
DRV - [2010.05.05 05:30:30 | 000,020,736 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MosIrUsb.sys -- (MosIrUsb)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP2c\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009.08.03 10:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2009.05.28 21:00:36 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.05.28 21:00:33 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009.05.28 21:00:32 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2008.11.11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.11.11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.11.11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008.07.07 17:48:56 | 000,018,240 | ---- | M] (Compuware Corporation - NuMega Lab) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DbgMsg.sys -- (DbgMsg)
DRV - [2008.04.16 14:56:31 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.04.27 04:01:34 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007.04.06 18:27:36 | 000,044,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2007.03.27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2007.02.22 19:40:08 | 000,140,680 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007.01.31 03:57:50 | 004,474,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007.01.24 04:13:26 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007.01.18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.28 23:50:16 | 000,863,402 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006.10.15 23:02:18 | 000,329,901 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006.10.15 23:01:54 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006.10.15 22:59:32 | 000,067,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006.10.12 12:12:48 | 000,028,160 | ---- | M] (Samsung Electronics,.LTD) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS -- (DNSeFilter)
DRV - [2006.10.10 07:00:24 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006.09.30 00:00:00 | 000,300,872 | ---- | M] (Hummingbird Ltd.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\hclnfs.sys -- (HCLNFS)
DRV - [2006.08.30 23:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.05.11 00:00:00 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005.11.16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005.11.01 18:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005.11.01 17:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005.10.27 06:18:05 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO)
DRV - [2005.03.14 07:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2001.08.18 05:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = www.hadiko.de;*.hadiko.de;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.hadiko.de:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/"
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..network.proxy.no_proxies_on: "www.hadiko.de,*.hadiko.de,localhost,127.0.0.1"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Programme\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.15 09:08:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.04.15 09:08:30 | 000,000,000 | ---D | M]
 
[2013.05.14 08:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2013.05.14 08:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\net.openvpn.client
[2013.05.22 15:52:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\zh6xro0g.default\extensions
[2010.06.23 18:13:37 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\zh6xro0g.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009.11.04 12:13:25 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\zh6xro0g.default\extensions\moveplayer@movenetworks.com
[2013.04.22 23:17:21 | 000,050,424 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\zh6xro0g.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2013.05.10 21:28:42 | 000,870,680 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\zh6xro0g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.15 09:08:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.15 09:08:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.04.15 09:08:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2006.09.30 00:00:00 | 000,079,432 | ---- | M] (Hummingbird Ltd.) -- C:\Programme\mozilla firefox\plugins\nphclx.dll
[2011.06.22 11:43:54 | 000,026,112 | ---- | M] (National Instruments) -- C:\Programme\mozilla firefox\plugins\nplv2011win32.dll
[2010.10.19 18:15:20 | 000,025,088 | ---- | M] (National Instruments) -- C:\Programme\mozilla firefox\plugins\nplv90win32.dll
[2010.01.12 22:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2012.10.16 20:33:30 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.16 20:33:30 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.10.16 20:33:30 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.16 20:33:30 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.16 20:33:30 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.16 20:33:30 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.11.28 15:56:08 | 000,001,063 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       samsung # LMS GENERATED LINE
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [atchk]  File not found
O4 - HKLM..\Run: [avgnt] C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [DMHotKey] C:\Programme\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [EDS] C:\Programme\Samsung\Samsung EDS\EDSAgent.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Programme\Lexmark 5400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Lexmark 5400 Series Fax Server] C:\Programme\Lexmark 5400 Series\fm3032.exe ()
O4 - HKLM..\Run: [LXCTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxctmon.exe] C:\Programme\Lexmark 5400 Series\lxctmon.exe ()
O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NFSUserSIDGSSLink] C:\Programme\Hummingbird\Connectivity\12.00\NFS Maestro\HumGSS.exe (Hummingbird Ltd.)
O4 - HKLM..\Run: [NI Update Service] C:\Programme\National Instruments\Shared\Update Service\NIUpdateService.exe (National Instruments)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Samsung Common SM] C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe (Samsung Electronics.)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre7\bin\jusched.exe" File not found
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesAirMessage] C:\Programme\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPreload] C:\Programme\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [NIRegistrationWizard] C:\Programme\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe ()
O4 - HKCU..\Run: [Polar Sync]  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NI Error Reporting.lnk = C:\Programme\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OpenVPN Client.lnk = C:\Programme\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Password.lnk =  File not found
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.06.26 16:24:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{45877915-77cb-11e0-8545-001c26e12597}\Shell - "" = AutoRun
O33 - MountPoints2\{45877915-77cb-11e0-8545-001c26e12597}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45877915-77cb-11e0-8545-001c26e12597}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{7b77f095-a266-11dc-a81c-001c26e12597}\Shell - "" = AutoRun
O33 - MountPoints2\{7b77f095-a266-11dc-a81c-001c26e12597}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7b77f095-a266-11dc-a81c-001c26e12597}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif
O33 - MountPoints2\{d954ea97-5a9c-11de-a482-001c26e12597}\Shell - "" = AutoRun
O33 - MountPoints2\{d954ea97-5a9c-11de-a482-001c26e12597}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d954ea97-5a9c-11de-a482-001c26e12597}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{f630ab39-34d4-11df-8049-001c26e12597}\Shell\AutoRun\command - "" = H:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.22 17:39:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2013.05.22 16:11:08 | 000,700,783 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\***\Desktop\dds+.exe
[2013.05.22 16:00:39 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\TFC.exe
[2013.05.22 15:46:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\LOGS
[2013.05.22 12:11:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2013.05.22 12:10:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.05.22 12:10:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.05.22 12:10:40 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.05.22 12:10:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.05.22 12:09:55 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Programme\mbam-setup-1.75.0.1300.exe
[2013.05.22 09:11:52 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Programme\HiJackThis204.exe
[2013.05.22 08:48:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia
[2013.05.14 08:41:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\OpenVPN Technologies
[2013.05.14 08:41:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenVPN Technologies
[2013.05.14 08:41:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OpenVPN Client
[2013.05.14 08:40:48 | 000,000,000 | ---D | C] -- C:\Programme\OpenVPN Technologies
[2013.02.26 22:30:04 | 068,912,208 | ---- | C] (Samsung Electronics Co., Ltd.                                ) -- C:\Programme\KiesSetup.exe
[2012.09.26 11:33:02 | 029,112,669 | ---- | C] (InstallShield Software Corporation) -- C:\Programme\Polar_Pro_5.exe
[2012.09.22 11:58:27 | 029,112,669 | ---- | C] (InstallShield Software Corporation) -- C:\Programme\setup.exe
[2012.05.21 22:46:18 | 000,892,360 | ---- | C] (Oracle Corporation) -- C:\Programme\jxpiinstall.exe
[2011.09.23 09:16:23 | 035,746,429 | ---- | C] (inkscape.org) -- C:\Programme\Inkscape-0.48.2-1-win32.exe
[2011.06.04 02:31:50 | 056,127,696 | ---- | C] (SiSoftware                                                  ) -- C:\Programme\san2011-1760-BQR.exe
[2011.04.12 20:42:31 | 001,474,048 | ---- | C] (Irfan Skiljan) -- C:\Programme\irfanview428_setup.exe
[2011.01.14 14:53:49 | 005,622,112 | ---- | C] (Uniblue Systems Ltd                                         ) -- C:\Programme\speedupmypc3plc.exe
[2010.12.10 14:17:44 | 002,832,544 | ---- | C] (Adobe Systems, Inc.) -- C:\Programme\install_flash_player.exe
[2010.11.09 20:08:19 | 000,889,416 | ---- | C] (Microsoft Corporation) -- C:\Programme\dotNetFx40_Full_setup.exe
[2010.09.17 21:11:57 | 000,958,856 | ---- | C] (Skype Technologies S.A.) -- C:\Programme\SkypeSetup-Beta.exe
[2010.03.28 11:24:31 | 011,300,136 | ---- | C] (Nullsoft, Inc.) -- C:\Programme\winamp5572_full_emusic-7plus_de-de.exe
[2009.05.08 20:08:44 | 000,915,080 | ---- | C] (Steffen Schirmer                                            ) -- C:\Programme\Setup-Foto-Mosaik.exe
[2009.05.06 21:35:06 | 001,976,104 | ---- | C] (Skype Technologies S.A.) -- C:\Programme\SkypeSetup.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.22 17:39:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2013.05.22 17:36:13 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2013.05.22 17:33:14 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2013.05.22 17:10:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.22 16:24:38 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.05.22 16:11:08 | 000,700,783 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\***\Desktop\dds+.exe
[2013.05.22 16:06:16 | 000,000,860 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013.05.22 16:04:53 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.22 16:04:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.22 16:04:28 | 2112,212,992 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.22 16:00:40 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\TFC.exe
[2013.05.22 15:48:09 | 000,632,031 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\adwcleaner.exe
[2013.05.22 15:31:16 | 000,001,594 | ---- | M] () -- C:\WINDOWS\VPNUnInstall.MIF
[2013.05.22 15:20:18 | 000,534,950 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.05.22 15:20:18 | 000,493,360 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.05.22 15:20:18 | 000,127,082 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.05.22 15:20:18 | 000,108,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.05.22 12:10:42 | 000,000,775 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.22 12:09:55 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Programme\mbam-setup-1.75.0.1300.exe
[2013.05.22 09:11:52 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Programme\HiJackThis204.exe
[2013.05.22 08:46:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.05.14 08:41:38 | 000,001,997 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OpenVPN Client.lnk
[2013.05.14 08:41:38 | 000,001,064 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenVPN Client.lnk
[2013.05.14 08:39:29 | 016,289,280 | ---- | M] () -- C:\Programme\openvpn-client.msi
[2013.04.22 23:16:05 | 000,000,574 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Dropbox_12_Diplomarbeit FSM.lnk
 
========== Files Created - No Company Name ==========
 
[2013.05.22 17:36:13 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2013.05.22 17:33:13 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2013.05.22 15:48:08 | 000,632,031 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\adwcleaner.exe
[2013.05.22 15:30:18 | 000,001,594 | ---- | C] () -- C:\WINDOWS\VPNUnInstall.MIF
[2013.05.22 12:10:42 | 000,000,775 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.14 08:41:38 | 000,001,997 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OpenVPN Client.lnk
[2013.05.14 08:41:38 | 000,001,064 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\OpenVPN Client.lnk
[2013.05.14 08:39:21 | 016,289,280 | ---- | C] () -- C:\Programme\openvpn-client.msi
[2013.04.22 23:16:05 | 000,000,574 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Dropbox_12_Diplomarbeit FSM.lnk
[2013.03.10 19:26:38 | 035,371,971 | ---- | C] () -- C:\Programme\texmakerwin32_install.exe
[2013.02.27 00:05:07 | 000,440,008 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2013.02.05 18:52:54 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2013.02.05 18:52:50 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2013.02.05 18:52:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2013.02.05 18:52:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2013.02.05 18:52:50 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012.12.03 19:37:02 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{9ED8C2D3-0228-4810-8E72-81DDE39F4F70}
[2012.12.03 19:37:02 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{0651FDCF-D405-42A5-A568-145CF27BA22D}
[2012.09.26 11:46:52 | 020,184,204 | ---- | C] () -- C:\Programme\p540172_update.zip
[2012.09.22 12:20:28 | 000,020,736 | R--- | C] () -- C:\WINDOWS\System32\drivers\MosIrUsb.sys
[2012.09.22 12:14:10 | 000,028,672 | ---- | C] () -- C:\WINDOWS\dbgmsgcfg.dll
[2012.07.09 13:20:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.05.21 22:55:22 | 005,248,881 | ---- | C] () -- C:\Programme\sqlitestudio.zip
[2012.05.21 22:44:29 | 005,685,371 | ---- | C] () -- C:\Programme\Mobile Atlas Creator 1.9.7.zip
[2011.12.07 22:37:09 | 000,004,099 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel
[2011.10.04 22:53:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxctvs.dll
[2011.10.04 22:53:31 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\lxctcoin.dll
[2011.10.04 22:52:33 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxctdrs.dll
[2011.10.04 22:52:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxctcaps.dll
[2011.10.04 22:52:32 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxctcnv4.dll
[2011.10.04 22:51:39 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxctpmon.dll
[2011.10.04 22:51:39 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXCTFXPU.DLL
[2011.10.04 22:51:19 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\lxctpmrc.dll
[2011.10.04 22:47:07 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctinpa.dll
[2011.10.04 22:47:07 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCTinst.dll
[2011.10.04 22:47:06 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctiesc.dll
[2011.10.04 22:47:05 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctserv.dll
[2011.10.04 22:47:05 | 000,983,040 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctusb1.dll
[2011.10.04 22:47:04 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctprox.dll
[2011.10.04 22:47:04 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctpplc.dll
[2011.10.04 22:47:03 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctpmui.dll
[2011.10.04 22:47:03 | 000,528,384 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctlmpm.dll
[2011.10.04 22:46:59 | 000,380,928 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctih.exe
[2011.10.04 22:46:58 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcthbn3.dll
[2011.10.04 22:46:58 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\lxctgrd.dll
[2011.10.04 22:46:55 | 000,528,384 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcoms.exe
[2011.10.04 22:46:54 | 000,667,648 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcomc.dll
[2011.10.04 22:46:54 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcomm.dll
[2011.10.04 22:46:53 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcfg.exe
[2011.08.13 14:27:37 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{A514002D-6045-4A9A-A81A-2BB6EBBF215F}
[2011.08.13 14:27:18 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{4DE5201E-EDCF-41D9-ACF4-383E19D938B1}
[2011.06.10 13:52:52 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini
[2011.06.04 13:01:20 | 000,000,064 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sandra.ldb
[2011.06.04 02:41:44 | 011,042,816 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sandra.mdb
[2011.01.13 16:43:48 | 002,460,344 | ---- | C] () -- C:\Programme\icq_7.2_build_3525_banner_remover.zip
[2011.01.13 16:20:16 | 002,445,086 | ---- | C] () -- C:\Programme\icq_6.5_build_2026_banner_remover.zip
[2011.01.11 22:13:24 | 000,001,214 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.flrecent
[2010.12.09 19:08:06 | 000,000,054 | ---- | C] () -- C:\Dokumente und Einstellungen\***\gambit.fnl
[2010.11.09 20:09:27 | 000,293,216 | ---- | C] () -- C:\Programme\SoftonicDownloader_fuer_langenscheidt-vokabeltrainer-spanisch.exe
[2010.11.09 20:05:02 | 035,822,479 | ---- | C] () -- C:\Programme\strokes_vt_spanisch.exe
[2010.10.28 17:14:55 | 000,499,801 | ---- | C] () -- C:\Programme\gp.xpi
[2010.10.02 00:15:29 | 013,525,424 | ---- | C] () -- C:\Programme\Dropbox 0.7.110.exe
[2009.05.26 00:59:20 | 160,193,808 | ---- | C] () -- C:\Programme\eclipse-SDK-3.4.2-win32.zip
[2009.05.26 00:46:03 | 016,283,032 | ---- | C] () -- C:\Programme\jre-6u13-windows-i586-p.exe
[2009.05.26 00:45:51 | 000,001,228 | ---- | C] () -- C:\Programme\jre-6u13-windows-i586-p.exe.sdm
[2009.05.26 00:44:38 | 000,001,261 | ---- | C] () -- C:\Programme\1243291479090-integrated.jnlp
[2009.03.02 16:17:14 | 001,038,976 | ---- | C] () -- C:\Programme\Google_Updater50.exe
[2009.03.01 19:34:12 | 001,046,648 | ---- | C] () -- C:\Programme\Google Updater.exe
[2008.11.27 15:55:05 | 014,622,342 | ---- | C] () -- C:\Programme\vlc-0.9.6-win32.exe
[2008.10.30 19:06:56 | 027,580,296 | ---- | C] (                                   ) -- C:\Programme\AdbeRdr90_de_DE.exe
[2008.02.09 20:28:11 | 000,014,852 | ---- | C] () -- C:\Programme\settings.dat
[2007.10.16 11:29:45 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.10.16 11:25:55 | 000,004,655 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Maple10.ini
[2007.10.14 19:32:24 | 000,062,464 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.05.02 00:40:08 | 006,949,550 | ---- | C] () -- C:\Programme\BIOS&MICOM 04AY for XP.zip
 
========== ZeroAccess Check ==========
 
[2010.09.13 20:42:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010.04.16 17:20:25 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:18:19 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004.08.04 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.10.04 22:50:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5400 Series
[2013.05.22 08:46:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
[2011.04.11 18:48:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hummingbird
[2013.05.22 15:52:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2011.10.24 23:42:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Juniper Networks
[2010.11.15 21:42:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Langenscheidt
[2007.10.26 20:40:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
[2012.10.23 19:47:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\National Instruments
[2013.02.26 22:42:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2011.07.20 21:59:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2011.07.20 21:58:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011.10.05 08:09:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\5400 Series
[2013.05.22 16:06:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox
[2011.04.11 19:05:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Hummingbird
[2007.10.12 21:22:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ Toolbar
[2011.09.23 09:20:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\inkscape
[2011.10.24 23:43:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Juniper Networks
[2010.11.15 21:42:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Langenscheidt
[2009.09.08 13:21:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\LG Electronics
[2012.05.21 22:50:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mobile Atlas Creator
[2013.05.14 08:41:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenVPN Technologies
[2012.05.21 22:49:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Oracle
[2010.09.14 04:09:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Pro Cycling Manager 2008 - Demo
[2013.02.26 22:46:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Samsung
[2011.07.20 21:59:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuneUp Software
[2010.11.11 17:23:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Unigraphics Solutions
[2013.03.10 19:33:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\xm1
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Programme\AdbeRdr90_de_DE.exe:SummaryInformation

< End of report >

Ich hoffe, dass mir damit nun jemand weiterhelfen kann, da ich persönlich aus den Logfiles nicht herauslesen kann, ob der Trojaner schon komplett eliminiert wurde. Im Anhang befinden sich noch die OTL Extra und GMER Logs (da über 120000 Zeilen). Was richtet der genannte Trojaner an, bzw. hat er bspweise PW ausspioniert? Ich freue mich über jede Hilfe, danke.

Viele Grüße
Sebastian

Avira Guard meldet TR/Crypt.XPACK.Gen3 - Trojaner

Log-Analyse und Auswertung: Avira Guard meldet TR/Crypt.XPACK.Gen3 - Trojaner

Avira Guard meldet TR/Crypt.XPACK.Gen3 - Trojaner

Ähnliche Themen: Avira Guard meldet TR/Crypt.XPACK.Gen3 - Trojaner