Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trjoaner/Stealer Verdacht

Trjoaner/Stealer Verdacht


Log-Analyse und Auswertung: Trjoaner/Stealer Verdacht

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 14.12.2009, 19:08   #1
BADB0Y
 
Trjoaner/Stealer Verdacht - Standard

Trjoaner/Stealer Verdacht


Das Problem mit dem Bluescrean hab ich nun alleine lösen können.
Ich hab nun ein neues Problem.Als ich mich eben in ICQ einloggte, bekam ich Nachrichten von Freunden, die Fragten, warum ich denen russiche Nachrichten zuschicken. Ich wusste nicht was die wollten hab mich mit Ihnen unterhalten und dann meinte mein Freund, dass ich möglicherweise mit einem ICQ Spam-Trjaoner infiziert bin und möglicherweise der ICQ Trjoaner auch Passwörter stealed/speichert was auch immer... Hier die Loggs:

Zitat:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03:49, on 14.12.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=1108&m=imedia_x5500_ge
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ig?hl=de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=1108&m=imedia_x5500_ge
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=1108&m=imedia_x5500_ge
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O13 - Gopher Prefix:
O16 - DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} (ActiveXControl Object) - http://www.n2030.com/atlas_activex.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealtekUSB - Realtek - C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8465 bytes
Ich hoffe, ich bekomme schnelle Hilfe

Alt 15.12.2009, 13:37   #2
BADB0Y
 
Trjoaner/Stealer Verdacht - Standard

Trjoaner/Stealer Verdacht


Also wenn ihr noch mehr Infos braucht, dann sagt es mir bitte... Ich versuch die dann zu besorgen... Ich kenn mich damit echt nicht so aus...
__________________
Alt 15.12.2009, 14:43   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trjoaner/Stealer Verdacht - Standard

Trjoaner/Stealer Verdacht


Hallo,

Hinweis: Du nutzt ein 64-Bit-Windows. Viele Tools, die wir hier als Hilfsmittel zum Bereinigen einsetzen, sind mit einem 64-Bit-Windows NICHT kompatibel - das macht eine Bereinigung schwerer als sie ohnehin schon ist.

Bitte führe Malwarebytes und OTL (siehe unten) aus.


Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
__________________
Alt 15.12.2009, 20:30   #4
BADB0Y
 
Trjoaner/Stealer Verdacht - Standard

Trjoaner/Stealer Verdacht


Hallo,
danke für die schnelle Antwort

Erstmal die Loggs von Malwarebytes (eine Datei ist infiziert, ich bin so Vorgegangen, wie in dem anderen Thread beschrieben):

Zitat:
Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3366
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865

15.12.2009 19:41:06
mbam-log-2009-12-15 (19-41-06).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Durchsuchte Objekte: 349058
Laufzeit: 39 minute(s), 42 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
OTL Loggs 1 (Extras):

Zitat:
OTL Extras logfile created on: 15.12.2009 19:49:32 - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\***\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,80 Gb Available Physical Memory | 70,04% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,86 Gb Total Space | 635,45 Gb Free Space | 69,31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ***
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C368F3B-87DF-4CB9-B968-4369A4BC2DAA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2A207024-F7DA-4208-9450-2B37240D6BFE}" = protocol=17 | dir=in | app=c:\programdata\nexon\common\nmservice.exe |
"{6F0DD2AF-0D50-4471-8D3C-F2EFCC96022B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{994E768E-9216-41FD-8B27-76020C2841A7}" = protocol=17 | dir=in | app=c:\programdata\nexon\ngm\ngm.exe |
"{BF195353-9F08-43AE-83A4-A0F80F38DC31}" = protocol=6 | dir=in | app=c:\programdata\nexon\ngm\ngm.exe |
"{D2E688ED-98B6-4260-9DC3-DE9022131C49}" = protocol=6 | dir=in | app=c:\programdata\nexon\common\nmservice.exe |
"{E9342078-7FBC-42E0-ACD1-50C45A522998}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{5793F8D7-3F1A-4073-AAA7-B9F030F7568A}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{C3283D6A-F757-4B34-9F57-4854D34A5940}C:\nexon\nexonplug\nmservice.exe" = protocol=6 | dir=in | app=c:\nexon\nexonplug\nmservice.exe |
"UDP Query User{3DE94044-F753-4C24-8487-8CA8A5BE835B}C:\nexon\nexonplug\nmservice.exe" = protocol=17 | dir=in | app=c:\nexon\nexonplug\nmservice.exe |
"UDP Query User{779EB23A-C808-47C3-9969-CEB82414FE14}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D64BC2CF-0F12-47d7-B412-B4F3FD684253}" = HP Photosmart All-In-One Software 9.0
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F31BB194-C04E-4C63-90F8-5FC50E05B6B8}" = Vegas Pro 9.0 (64-bit)
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"Office2007" = Microsoft Office Home and Student
"Works9" = Microsoft Works 9.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D15456-F679-4AD4-8BD2-56450D4C3F72}" = WarRock
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B7FB6B99-C93C-4818-825B-37EF4B64C80C}" = PS_AIO_02_Software
"{B8BF5CD8-B02D-48f9-96A9-7183F868D6EE}" = C6200_Help
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK USB Wireless LAN Driver and Utility
"{C14266F9-1464-4285-9094-043633EFC3B0}" = C6200
"{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D25BDCF5-19F6-4d9e-B9C9-273FE81446C4}" = PS_AIO_02_ProductContext
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D41EB7A7-1AAA-4282-AD6A-1FAC72BE55C5}" = C6200_doccd
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Age of Empires" = Microsoft Age of Empires
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"EasyBits Magic Desktop" = EasyBits Magic Desktop
"Fahren Lernen_is1" = Fahren Lernen 1.0
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 2" = HyperCam 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"NexonPlug" = ?????
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.0.0
"WarRock" = ??
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06.12.2009 16:32:15 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =

Error - 06.12.2009 17:02:34 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =

Error - 07.12.2009 06:28:24 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =

Error - 07.12.2009 16:09:08 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =

Error - 07.12.2009 16:32:34 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =

Error - 07.12.2009 16:53:29 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =

Error - 07.12.2009 17:02:29 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =

Error - 07.12.2009 17:02:37 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Dwm.exe, Version 6.0.6001.18000, Zeitstempel
0x4791944e, fehlerhaftes Modul nvd3dumx.dll, Version 7.15.11.7824, Zeitstempel
0x48ebe066, Ausnahmecode 0xc0000005, Fehleroffset 0x0000000000480ee3, Prozess-ID
0xac4, Anwendungsstartzeit 01ca77806516532d.

Error - 07.12.2009 17:19:39 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =

Error - 07.12.2009 17:29:57 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Dwm.exe, Version 6.0.6001.18000, Zeitstempel
0x4791944e, fehlerhaftes Modul milcore.dll, Version 6.0.6001.18000, Zeitstempel
0x4791ad23, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000001809ce, Prozess-ID
0xbf0, Anwendungsstartzeit 01ca7782ce86a8fd.

[ System Events ]
Error - 14.12.2009 07:09:50 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =

Error - 14.12.2009 15:58:25 | Computer Name = *** | Source = HTTP | ID = 15016
Description =

Error - 14.12.2009 15:59:57 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =

Error - 15.12.2009 08:28:52 | Computer Name = *** | Source = HTTP | ID = 15016
Description =

Error - 15.12.2009 08:30:28 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =

Error - 15.12.2009 09:06:13 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description =

Error - 15.12.2009 13:43:17 | Computer Name = *** | Source = HTTP | ID = 15016
Description =

Error - 15.12.2009 13:44:51 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =

Error - 15.12.2009 14:44:18 | Computer Name = *** | Source = HTTP | ID = 15016
Description =

Error - 15.12.2009 14:45:53 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =


< End of report >
OTL Loggs 2:

Zitat:
OTL logfile created on: 15.12.2009 19:49:32 - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\***\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,80 Gb Available Physical Memory | 70,04% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,86 Gb Total Space | 635,45 Gb Free Space | 69,31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ***
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
PRC - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWlan.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe (Realtek)
PRC - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll ()
SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\svchost.exe ()
SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (gusvc) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ETService) -- C:\Programme\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe ()
SRV - (NMIndexingService) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (Nero BackItUp Scheduler 3) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (RealtekUSB) -- C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (hpqcxs08) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 14:34:14 | 00,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys ()
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\DRIVERS\RTL8187B.sys ()
DRV:64bit: - (RtlProt) -- C:\Windows\SysNative\DRIVERS\rtlprot.sys ()
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=1108&m=imedia_x5500_ge
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=1108&m=imedia_x5500_ge
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=1108&m=imedia_x5500_ge
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=1108&m=imedia_x5500_ge

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=1108&m=imedia_x5500_ge
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ig?hl=de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009.12.11 13:50:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009.12.11 13:50:36 | 00,000,000 | ---D | M]

[2009.05.03 19:45:57 | 00,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2009.12.15 14:20:39 | 00,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3vkjwety.default\extensions
[2009.08.16 11:59:28 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Users\AlexG\AppData\Roaming\mozilla\Firefox\Profiles\3vkjwety.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.05.29 14:15:22 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.05.28 12:30:40 | 00,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2009.12.11 13:50:32 | 00,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.12.11 13:50:32 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2009.12.11 13:50:32 | 00,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.12.11 13:50:32 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.12.11 13:50:32 | 00,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\PrxerNsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\PrxerDrv.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysNative\PrxerDrv.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\PrxerNsp.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex Software)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} http://www.n2030.com/atlas_activex.dll (ActiveXControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009.12.15 18:52:23 | 00,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.12.15 18:52:20 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009.12.15 18:52:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009.12.15 18:52:19 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.12.09 16:34:49 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2009.12.09 16:34:47 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2009.12.09 15:21:20 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009.12.09 15:21:20 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009.12.09 15:21:20 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009.12.09 15:21:20 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009.12.09 15:21:20 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009.12.09 15:21:19 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2009.12.09 15:21:19 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009.12.09 15:21:19 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009.12.09 15:21:19 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009.12.09 15:21:19 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2009.12.09 15:21:19 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009.12.09 15:21:19 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009.12.09 15:21:19 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009.12.09 15:21:19 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009.12.09 15:21:19 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2009.12.09 15:13:13 | 00,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\raschap.dll
[2009.12.09 15:13:13 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2009.12.03 23:19:46 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2009.11.29 17:51:40 | 00,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\dvdcss
[2009.11.26 18:48:40 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009.11.25 15:16:20 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2004.07.09 03:08:36 | 00,472,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\dxsetup.exe
[2004.07.09 03:08:34 | 02,242,560 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\dsetup32.dll
[2004.07.09 02:03:10 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\DSETUP.dll

========== Files - Modified Within 30 Days ==========

[2009.12.15 19:49:15 | 01,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009.12.15 19:49:15 | 00,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2009.12.15 19:49:15 | 00,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009.12.15 19:49:15 | 00,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2009.12.15 19:49:15 | 00,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009.12.15 19:48:50 | 02,097,152 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2009.12.15 19:44:21 | 00,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2009.12.15 19:44:18 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.12.15 19:44:18 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.12.15 19:44:17 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.12.15 19:44:15 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.12.15 19:44:11 | 42,931,20000 | -HS- | M] () -- C:\hiberfil.sys
[2009.12.15 19:43:19 | 00,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2009.12.15 19:43:19 | 00,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2009.12.15 19:43:14 | 04,517,878 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2009.12.15 17:23:56 | 00,008,336 | ---- | M] () -- C:\Users\***\AppData\Roaming\Current.prx
[2009.12.14 16:21:19 | 00,000,600 | ---- | M] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2009.12.12 12:04:01 | 14,939,348 | ---- | M] () -- C:\Users\***\Documents\clip0017.avi
[2009.12.11 15:35:16 | 22,173,534 | ---- | M] () -- C:\Users\***\Documents\clip0016.avi
[2009.12.08 18:06:57 | 39,598,7327 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009.12.03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009.12.03 16:13:58 | 00,022,104 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009.11.28 23:29:37 | 00,018,104 | ---- | M] () -- C:\Users\***\Documents\intronew.veg
[2009.11.21 07:52:02 | 01,147,904 | ---- | M] () -- C:\Windows\SysNative\wininet.dll
[2009.11.21 07:50:26 | 00,243,712 | ---- | M] () -- C:\Windows\SysNative\occache.dll
[2009.11.21 07:47:45 | 00,700,928 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll
[2009.11.21 07:47:45 | 00,071,680 | ---- | M] () -- C:\Windows\SysNative\msfeedsbs.dll
[2009.11.21 07:47:02 | 00,031,744 | ---- | M] () -- C:\Windows\SysNative\jsproxy.dll
[2009.11.21 07:46:55 | 01,538,560 | ---- | M] () -- C:\Windows\SysNative\inetcpl.cpl
[2009.11.21 07:46:36 | 02,334,208 | ---- | M] () -- C:\Windows\SysNative\iertutil.dll
[2009.11.21 07:46:36 | 00,219,136 | ---- | M] () -- C:\Windows\SysNative\ieui.dll
[2009.11.21 07:46:36 | 00,132,096 | ---- | M] () -- C:\Windows\SysNative\iesysprep.dll
[2009.11.21 07:46:36 | 00,077,312 | ---- | M] () -- C:\Windows\SysNative\iesetup.dll
[2009.11.21 07:46:35 | 00,072,192 | ---- | M] () -- C:\Windows\SysNative\iernonce.dll
[2009.11.21 07:46:34 | 00,252,416 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll
[2009.11.21 07:46:28 | 00,459,776 | ---- | M] () -- C:\Windows\SysNative\iedkcs32.dll
[2009.11.21 07:40:20 | 00,916,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009.11.21 07:38:17 | 00,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009.11.21 07:35:38 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009.11.21 07:35:38 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009.11.21 07:34:58 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009.11.21 07:34:52 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009.11.21 07:34:39 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009.11.21 07:34:39 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2009.11.21 07:34:39 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009.11.21 07:34:38 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2009.11.21 07:34:38 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009.11.21 07:34:33 | 00,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009.11.21 06:07:24 | 00,162,816 | ---- | M] () -- C:\Windows\SysNative\ieUnatt.exe
[2009.11.21 06:07:08 | 00,070,656 | ---- | M] () -- C:\Windows\SysNative\ie4uinit.exe
[2009.11.21 06:06:35 | 00,012,288 | ---- | M] () -- C:\Windows\SysNative\msfeedssync.exe
[2009.11.21 05:59:58 | 00,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009.11.21 05:59:52 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009.11.21 05:59:14 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2009.11.18 14:59:57 | 00,071,272 | ---- | M] () -- C:\Users\AlexG\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.11.18 14:56:21 | 00,300,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2009.12.15 18:52:19 | 00,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009.12.12 12:03:43 | 14,939,348 | ---- | C] () -- C:\Users\***\Documents\clip0017.avi
[2009.12.11 15:34:44 | 22,173,534 | ---- | C] () -- C:\Users\***\Documents\clip0016.avi
[2009.12.09 16:34:49 | 00,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll
[2009.12.09 16:34:48 | 00,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys
[2009.12.09 16:34:48 | 00,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll
[2009.12.09 15:21:22 | 12,462,080 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2009.12.09 15:21:22 | 09,237,504 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009.12.09 15:21:20 | 02,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2009.12.09 15:21:20 | 01,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2009.12.09 15:21:20 | 01,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2009.12.09 15:21:20 | 01,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2009.12.09 15:21:20 | 00,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2009.12.09 15:21:20 | 00,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2009.12.09 15:21:20 | 00,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2009.12.09 15:21:19 | 01,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2009.12.09 15:21:19 | 00,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2009.12.09 15:21:19 | 00,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2009.12.09 15:21:19 | 00,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2009.12.09 15:21:19 | 00,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2009.12.09 15:21:19 | 00,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2009.12.09 15:21:19 | 00,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2009.12.09 15:21:19 | 00,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2009.12.09 15:21:19 | 00,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2009.12.09 15:21:19 | 00,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2009.12.09 15:21:19 | 00,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2009.12.09 15:18:20 | 00,442,368 | ---- | C] () -- C:\Windows\SysNative\winhttp.dll
[2009.12.09 15:13:13 | 00,295,936 | ---- | C] () -- C:\Windows\SysNative\raschap.dll
[2009.12.09 15:13:13 | 00,280,576 | ---- | C] () -- C:\Windows\SysNative\rastls.dll
[2009.11.28 23:29:37 | 00,018,104 | ---- | C] () -- C:\Users\***\Documents\intronew.veg
[2009.11.26 18:48:13 | 39,598,7327 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009.11.25 18:05:45 | 00,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2009.11.25 15:17:25 | 01,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2009.11.25 15:17:25 | 01,794,560 | ---- | C] () -- C:\Windows\SysNative\msxml6.dll
[2009.11.25 15:16:20 | 00,880,640 | ---- | C] () -- C:\Windows\SysNative\timedate.cpl
[2009.10.26 14:28:45 | 00,422,946 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI0B30.txt
[2009.10.26 14:28:45 | 00,011,462 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI0B30.txt
[2009.10.26 14:28:37 | 00,425,730 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI0B12.txt
[2009.10.26 14:28:37 | 00,011,446 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI0B12.txt
[2009.10.23 15:30:33 | 00,000,816 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.10.21 16:11:19 | 00,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2009.10.14 13:07:40 | 00,008,336 | ---- | C] () -- C:\Users\***\AppData\Roaming\Current.prx
[2009.10.02 20:05:36 | 00,092,914 | ---- | C] () -- C:\Users\***\AppData\Local\dd_depcheck_VB_EXP_90.txt
[2009.10.02 20:05:33 | 00,095,296 | ---- | C] () -- C:\Users\***\AppData\Local\dd_install_vb_xcor_90.txt
[2009.10.02 20:05:33 | 00,006,158 | ---- | C] () -- C:\Users\***\AppData\Local\uxeventlog.txt
[2009.10.02 20:05:33 | 00,000,002 | ---- | C] () -- C:\Users\***\AppData\Local\dd_error_vb_xcor_90.txt
[2009.10.01 16:39:06 | 00,000,190 | ---- | C] () -- C:\Windows\WinInit.Ini
[2009.08.13 22:39:36 | 00,001,308 | ---- | C] () -- C:\Windows\Vince'vD3D.ini
[2009.07.05 14:03:34 | 00,000,552 | ---- | C] () -- C:\Users\***\AppData\Local\d3d8caps.dat
[2009.01.15 20:12:18 | 00,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2009.01.14 20:00:04 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.01.14 17:44:15 | 00,053,760 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.21 13:08:41 | 00,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.01.21 03:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.01.21 03:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2004.07.22 09:51:34 | 03,432,656 | ---- | C] () -- C:\Program Files (x86)\ManagedDX.CAB
[2004.07.19 21:58:36 | 01,156,363 | ---- | C] () -- C:\Program Files (x86)\BDANT.cab
[2004.07.19 21:53:26 | 00,976,020 | ---- | C] () -- C:\Program Files (x86)\BDAXP.cab
[2004.07.09 13:17:16 | 13,265,040 | ---- | C] () -- C:\Program Files (x86)\dxnt.cab
[2004.07.09 08:13:48 | 15,493,481 | ---- | C] () -- C:\Program Files (x86)\DirectX.cab
[2004.07.09 08:13:46 | 00,703,080 | ---- | C] () -- C:\Program Files (x86)\BDA.cab
< End of report >
Die Einstellungen hab ich bei OTL VERWENDET --> Bild

Sind die HJT Loggs in ordnung gewesen ?

Alt 16.12.2009, 10:47   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trjoaner/Stealer Verdacht - Standard

Trjoaner/Stealer Verdacht


Die Logs sehen okay aus und der Fund von Malwarebytes sah auch eher kosmetischer Natur aus

Wie komplex ist Dein ICQ-Passwort? Nutzt Du ICQ auch mit diesem Account auch auf unsicheren PC, möglicherweise fremden PCs, die befallen sind?

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.12.2009, 13:40   #6
BADB0Y
 
Trjoaner/Stealer Verdacht - Standard

Trjoaner/Stealer Verdacht


Zitat:
Zitat von cosinus Beitrag anzeigen
Die Logs sehen okay aus und der Fund von Malwarebytes sah auch eher kosmetischer Natur aus

Wie komplex ist Dein ICQ-Passwort? Nutzt Du ICQ auch mit diesem Account auch auf unsicheren PC, möglicherweise fremden PCs, die befallen sind?
kosmetischer Natur ? Also ungefährlich ? Ich nutze ICQ nich auf anderen PC's nur auf meinem privaten.Das Passwort ist nicht das beste es ist so, wie á la "qwertz"

Aber trotzdem sagt mein Freund (der sich damit anscheinend gut auskennt), dass das ein ICQ Trjoaner ist und der auch Passwort "stealed" (Keylogger oder so kp) ... Zusätzlich meint er, dass der Trojaner anscheinend "unsichtbar" für die Virenprogramme ist "FUD", wie er selbst zu mir geschrieben hat ...

Antwort

Themen zu Trjoaner/Stealer Verdacht
adobe, bho, explorer, google, hijack, hijackthis, icq, infiziert, internet, internet explorer, logfile, lsass.exe, microsoft, nvidia, object, packard bell, photoshop, problem, rundll, schnelle hilfe, senden, software, syswow64, trjoaner, vista, warum, windows, wireless lan, wmp


« Trojaner - isser weg? | Lahmender PC + Verbindung ohne offensichtlichen Grund »


Ähnliche Themen: Trjoaner/Stealer Verdacht


  1. FileZilla Stealer?
    Plagegeister aller Art und deren Bekämpfung - 17.11.2014 (14)
  2. Trjoaner angeblich auf dem rechner =(
    Log-Analyse und Auswertung - 14.08.2014 (5)
  3. GVU Trojaner und FTP Stealer
    Log-Analyse und Auswertung - 07.12.2012 (21)
  4. Trjoaner Alarm, Nur welcher?
    Plagegeister aller Art und deren Bekämpfung - 02.09.2012 (2)
  5. Passwörter werden ohne Kenntnis geändert/Verdacht auf RAT oder Stealer
    Log-Analyse und Auswertung - 21.05.2012 (5)
  6. Hackhound Stealer?
    Plagegeister aller Art und deren Bekämpfung - 14.10.2009 (9)
  7. C:\Stealer.exe
    Plagegeister aller Art und deren Bekämpfung - 25.08.2009 (15)
  8. Password Stealer ??
    Mülltonne - 23.11.2008 (0)
  9. Trjoaner? Wlan Karte dekativiert!
    Mülltonne - 10.10.2008 (0)
  10. Virus, Trjoaner oder sonst was?
    Plagegeister aller Art und deren Bekämpfung - 18.09.2008 (3)
  11. Verdacht auf Stealer (Bitte Log auswerten)
    Log-Analyse und Auswertung - 27.06.2008 (0)
  12. Stealer analysieren
    Plagegeister aller Art und deren Bekämpfung - 24.05.2008 (1)
  13. Pw stealer
    Mülltonne - 04.05.2008 (1)
  14. Trjoaner befall ?
    Mülltonne - 09.01.2008 (0)
  15. Trjoaner in ZIP-File gefunden
    Mülltonne - 29.12.2007 (1)
  16. Trjoaner im Win 2000 System ?
    Mülltonne - 15.03.2003 (19)
  17. Trjoaner im Win 2000 System ?
    Mülltonne - 10.03.2003 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trjoaner/Stealer Verdacht - Das Problem mit dem Bluescrean hab ich nun alleine lösen können. Ich hab nun ein neues Problem.Als ich mich eben in ICQ einloggte, bekam ich Nachrichten von Freunden, die Fragten, - Trjoaner/Stealer Verdacht...
Archiv
Du betrachtest: Trjoaner/Stealer Verdacht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131