LosAlamos Trojaner?

Pfeffermann · 15.02.2010, 18:38

Hallo liebe Trojaner Board Mitglieder, ich habe folgendes Problem:

Als ich mir heute eine kleine .exe Datei heruntergeladen hab, habe ich mir wahrscheinlich einen Trojaner eingefangen. Da ich kein in solchen Dingen sehr erfahrener Computer Nutzer bin, benötige ich nun jemanden der mir dabei hilft.
Ich hab sowohl Windows Defender als auch Kaspersky über das ganze System laufen lassen. Es wurden jedoch keine schädlichen Programme gefunden. Bei einem Neustart kam sofort die Meldung " Windows 32 Dll fehlt..." Im Autostart ist mir eine Anwendung namens LosAlamos aufgefallen, die ich dann auch gleich per CCleaner geöoscht habe. Was nun?
Hier ist mal mein Log:

Zitat:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 18:17:32, on 15.02.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HiJack\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/webhp?hl=de&btnG=Suche
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\Users\Maik\AppData\Local\Temp\Qqx.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O13 - Gopher Prefix:
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.36.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET-Zustandsdienst (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9607 bytes

Als weiteres ist mein Internet Explorer 8 bei jedem Öffnen sofort abgestürzt.
Erst nach einem Neustart war das Problem verschwunden.

Pfeffermann · 16.02.2010, 09:33

Sind meine logs jetzt in Ordnung?
Hilfe wäre sehr nützlich.

Danke schn im Voraus.
Lg Pfeffermann

Chris4You · 16.02.2010, 09:50

Hi,

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\Users\Maik\AppData\Local\Temp\Qqx.exe

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
* Doppelklick auf die OTL.exe
* Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
* Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
* Unter Extra Registry, wähle bitte Use SafeList
* Klicke nun auf Run Scan links oben
* Wenn der Scan beendet wurde werden 2 Logfiles erstellt
* Poste die Logfiles hier in den Thread.

chris

Pfeffermann · 16.02.2010, 17:48

hier ist die Überprüfung von Virustotal:

Zitat:

Datei Qqx.exe empfangen 2010.02.16 16:45:21 (UTC)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt

Ergebnis: 4/40 (10%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 2.
Geschätzte Startzeit ist zwischen 46 und 66 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Drucken der Ergebnisse Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.
SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist. Email:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.02.16 -
AhnLab-V3 5.0.0.2 2010.02.16 -
AntiVir 8.2.1.170 2010.02.16 -
Antiy-AVL 2.0.3.7 2010.02.16 -
Authentium 5.2.0.5 2010.02.16 -
Avast 4.8.1351.0 2010.02.16 -
AVG 9.0.0.730 2010.02.16 -
BitDefender 7.2 2010.02.16 -
CAT-QuickHeal 10.00 2010.02.16 -
ClamAV 0.96.0.0-git 2010.02.16 -
Comodo 3958 2010.02.16 -
DrWeb 5.0.1.12222 2010.02.16 -
eSafe 7.0.17.0 2010.02.16 -
eTrust-Vet 35.2.7305 2010.02.16 -
F-Prot 4.5.1.85 2010.02.16 -
F-Secure 9.0.15370.0 2010.02.16 -
Fortinet 4.0.14.0 2010.02.15 -
GData 19 2010.02.16 -
Ikarus T3.1.1.80.0 2010.02.16 -
Jiangmin 13.0.900 2010.02.16 -
K7AntiVirus 7.10.974 2010.02.15 -
Kaspersky 7.0.0.125 2010.02.16 -
McAfee 5894 2010.02.16 -
McAfee+Artemis 5894 2010.02.16 -
Microsoft 1.5406 2010.02.16 -
NOD32 4871 2010.02.16 a variant of Win32/Kryptik.CKQ
Norman 6.04.08 2010.02.16 -
nProtect 2009.1.8.0 2010.02.16 -
Panda 10.0.2.2 2010.02.16 -
PCTools 7.0.3.5 2010.02.16 -
Prevx 3.0 2010.02.16 High Risk Cloaked Malware
Rising 22.34.01.03 2010.02.11 Packer.Win32.Agent.GEN
Sophos 4.50.0 2010.02.16 -
Sunbelt 5680 2010.02.16 -
Symantec 20091.2.0.41 2010.02.16 Suspicious.Insight
TheHacker 6.5.1.4.195 2010.02.16 -
TrendMicro 9.120.0.1004 2010.02.16 -
VBA32 3.12.12.2 2010.02.16 -
ViRobot 2010.2.16.2188 2010.02.16 -
VirusBuster 5.0.21.0 2010.02.16 -
weitere Informationen
File size: 159232 bytes
MD5...: 7af380f7ebb652cb7ef3b9d456b973e3
SHA1..: d4c875a4df801cc0c9fdb50ed4485740d86f4350
SHA256: e6a3c7406024e5d3bf33d41dfe98667839993abb874f3a6c9efcd839a29ba8d8
ssdeep: 3072:uo02LIuQfypa31jIAQSk1EYVQGq2EyP73PJvF:uruPa3BIAhzT2p7Rt

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1301
timedatestamp.....: 0x4a3a8aba (Thu Jun 18 18:43:06 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x252b 0x2600 5.68 460cb95fa03310b8fe07cc3e219f50db
.data 0x4000 0xa2e 0xc00 4.49 ec3fc69742ef4e05af6dc2b9ca565315
.edata 0x5000 0x36dab 0x21e00 6.15 309eeeecdeac5611dd1f21891836981a
BSS 0x3c000 0x171b 0x1800 4.82 82428233f6ae7a64e8b2966b3c99a142

( 5 imports )
> ADVAPI32.dll: RegQueryValueExA, RegEnumValueA
> user32.dll: IsWindowVisible, CreatePopupMenu, GetForegroundWindow, GetMenu, GetClientRect, GetIconInfo, GetMenuItemInfoA, CreateIcon, CharToOemA, TrackPopupMenu, GetMenuItemID, GetKeyState, ShowScrollBar, EnableWindow, DefMDIChildProcA, FillRect, EqualRect, GetWindowTextA, IsWindowEnabled, GetMessagePos, SetWindowLongA, DrawIconEx, CharLowerA, DispatchMessageA, GetSysColor, IsChild, EndDeferWindowPos, RegisterClassA, GetActiveWindow, GetCursor, SetTimer, GetClassInfoA, EnumWindows, DeferWindowPos, GetFocus, GetDC, DrawEdge, GetCursorPos
> shlwapi.dll: StrDupA, SHStrDupA, SHEnumValueA, StrCmpCA, StrToInt64ExA, StrCmpNIA, StrTrimA
> kernel32.dll: GetStringTypeW, GetProcAddress, ExitThread, LocalAlloc, GetOEMCP, EnterCriticalSection, SetHandleCount, ReadFile, LocalFree, GetCurrentProcessId, ExitProcess, LoadLibraryA, SetEvent, DeleteFileA, HeapAlloc, GetDateFormatA, VirtualAlloc, GetStartupInfoA, GetLastError, GetCurrentProcess, GetFileAttributesA, GlobalAddAtomA, VirtualFree, GlobalDeleteAtom, GetUserDefaultLCID, VirtualQuery, SetFilePointer, CreateEventA, CloseHandle, LockResource, GetCurrentThread, GetDiskFreeSpaceA, GetVersionExA, GetSystemDefaultLangID, HeapDestroy, WideCharToMultiByte, SizeofResource, GetCPInfo, GetCurrentThreadId, CompareStringA, GetStdHandle, lstrlenA, FindResourceA, lstrcpynA, GetTickCount, MoveFileA, LoadResource, MoveFileExA, CreateFileA
> ole32.dll: OleRun, CoCreateFreeThreadedMarshaler, CoDisconnectObject

( 0 exports )

RDS...: NSRL Reference Data Set
-
trid..: Win32 Executable MS Visual C++ (generic) (62.9%)
Win32 Executable Generic (14.2%)
Win32 Dynamic Link Library (generic) (12.6%)
Clipper DOS Executable (3.3%)
Generic Win/DOS Executable (3.3%)
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=92B775350087FCB96E9B028BB82D5F00BE4C6AE2' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=92B775350087FCB96E9B028BB82D5F00BE4C6AE2</a>
pdfid.: -
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Pfeffermann · 16.02.2010, 18:56

hier is der log von AntiMalware:

Zitat:

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3746
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.02.2010 18:55:23
mbam-log-2010-02-16 (18-55-23).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 247219
Laufzeit: 54 minute(s), 41 second(s)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
C:\Windows\msa.exe (Trojan.Agent) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toy5knq8oc (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Pfeffermann · 16.02.2010, 19:06

hier sind die logs von OLT:

Zitat:

OTL logfile created on: 16.02.2010 19:02:44 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Maik\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 72,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 93,18 Gb Total Space | 8,31 Gb Free Space | 8,92% Space Free | Partition Type: NTFS
Drive D: | 372,58 Gb Total Space | 364,20 Gb Free Space | 97,75% Space Free | Partition Type: NTFS
Drive E: | 0,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAIK-GAME-PC
Current User Name: Maik
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Maik\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Maik\AppData\Local\Temp\Qqx.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe ()

========== Modules (SafeList) ==========

MOD - C:\Users\Maik\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (LBTServ) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 04:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 04:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (LightScribeService) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe ()
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Nokia)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab)
DRV:64bit: - (KLBG) -- C:\Windows\SysNative\drivers\klbg.sys (Kaspersky Lab)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation )
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (NPF_devolo) NetGroup Packet Filter Driver (devolo) -- C:\Windows\sysWOW64\drivers\npf_devolo.sys (CACE Technologies)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 CF A7 43 08 16 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2009.11.07 12:23:00 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/st...r_4.0.36.0.cab (Battlefield Heroes Updater)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\kloehk.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.04.29 10:02:01 | 000,000,055 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{ef12c104-8210-11de-a599-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ef12c104-8210-11de-a599-806e6f6e6963}\Shell\AutoRun\command - "" = E:\BlueBirds.exe -- [2009.04.29 10:02:01 | 000,270,336 | R--- | M] (LG Electronics)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.02.16 19:01:43 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Maik\Desktop\OTL.exe
[2010.02.16 17:51:34 | 000,000,000 | ---D | C] -- C:\Users\Maik\AppData\Roaming\Malwarebytes
[2010.02.16 17:51:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.02.16 17:51:29 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.02.16 17:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.02.16 17:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.02.15 18:14:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiJack
[2010.02.15 16:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.02.15 16:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.02.15 16:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010.02.15 16:06:13 | 000,000,000 | ---D | C] -- C:\Users\Maik\AppData\Local\Apple
[2010.02.15 16:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010.02.15 16:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.02.15 15:56:52 | 000,000,000 | ---D | C] -- C:\Users\Maik\AppData\Roaming\Publish Providers
[2010.02.15 15:46:32 | 000,000,000 | ---D | C] -- C:\Users\Maik\AppData\Roaming\Sony
[2010.02.15 15:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2010.02.15 15:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2010.02.15 15:42:43 | 000,000,000 | ---D | C] -- C:\Programme\Sony
[2010.02.15 14:07:00 | 000,000,000 | ---D | C] -- C:\Users\Maik\AppData\Local\Sony
[2010.02.13 20:39:46 | 000,000,000 | R--D | C] -- C:\Users\Maik\Desktop\LG
[2010.02.13 20:38:49 | 000,000,000 | R--D | C] -- C:\Users\Maik\Desktop\MAGIX
[2010.02.13 18:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010.02.13 17:40:22 | 000,000,000 | ---D | C] -- D:\Users\Maik\Documents\MAGIX Downloads
[2010.02.13 17:40:21 | 000,000,000 | ---D | C] -- C:\Users\Maik\AppData\Roaming\MAGIX
[2010.02.13 17:38:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared
[2010.02.13 17:37:59 | 000,618,496 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLAV32.dll
[2010.02.13 17:37:59 | 000,430,080 | ---- | C] (MAGIX AG) -- C:\Windows\SysWow64\MXRestore.exe
[2010.02.13 17:37:59 | 000,192,512 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLRES32.dll
[2010.02.13 17:37:59 | 000,167,936 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDEV32.dll
[2010.02.13 17:37:59 | 000,151,552 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDRV32.dll
[2010.02.13 17:37:59 | 000,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCDA32.dll
[2010.02.13 17:37:59 | 000,098,304 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCPY32.dll
[2010.02.13 17:37:59 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPTL32.dll
[2010.02.13 17:37:59 | 000,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCDF32.dll
[2010.02.13 17:37:59 | 000,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLTPO32.dll
[2010.02.13 17:37:59 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPRJ32.dll
[2010.02.13 17:37:59 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIO32.dll
[2010.02.13 17:37:59 | 000,049,152 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPRF32.dll
[2010.02.13 17:37:59 | 000,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIMG32.dll
[2010.02.13 17:37:59 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll
[2010.02.13 17:37:59 | 000,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLRD32.dll
[2010.02.13 17:37:59 | 000,036,864 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPNT32.dll
[2010.02.13 17:37:59 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\STRING32.dll
[2010.02.13 17:37:59 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLMSC32.dll
[2010.02.13 17:37:59 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLISO32.dll
[2010.02.13 17:37:59 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDIR32.dll
[2010.02.13 17:37:59 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\TTIC32.dll
[2010.02.13 17:37:59 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\TTI32.dll
[2010.02.13 17:37:59 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIX.dll
[2010.02.13 17:37:15 | 000,000,000 | ---D | C] -- D:\Users\Maik\Documents\MAGIX_Filme_auf_DVD_7
[2010.02.13 17:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2010.02.13 17:34:44 | 000,700,416 | ---- | C] (MAGIX AG) -- C:\Windows\SysWow64\mgxoschk.dll
[2010.02.13 17:34:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\MAGIX
[2010.02.13 11:38:15 | 000,000,000 | ---D | C] -- C:\Users\Maik\AppData\Local\Divinity 2
[2010.02.13 11:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2010.02.13 11:31:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2010.02.13 11:30:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010.02.13 11:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Divinity 2
[2010.02.12 15:47:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2010.02.12 15:47:28 | 000,190,992 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\BtCoreIf.dll
[2010.02.12 15:46:54 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Logishrd
[2010.02.10 13:33:05 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010.02.10 13:33:05 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010.02.10 13:33:05 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010.02.10 13:33:05 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010.02.10 13:33:05 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010.02.10 13:33:05 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010.02.10 13:33:05 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010.02.10 13:33:05 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010.02.10 13:33:05 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010.02.10 13:33:05 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010.02.10 13:33:05 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010.02.10 13:33:05 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010.02.10 13:33:05 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010.02.10 13:33:05 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010.02.10 13:33:05 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010.02.10 13:33:05 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010.02.10 13:32:52 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010.02.10 13:32:52 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010.02.10 13:32:51 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010.02.10 13:32:51 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010.02.10 13:32:51 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010.02.10 13:32:51 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010.02.10 13:32:51 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010.02.10 13:32:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010.02.10 13:32:51 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010.02.09 16:18:45 | 000,000,000 | R--D | C] -- C:\Users\Maik\Desktop\Super Konverter
[2010.02.09 16:10:59 | 000,000,000 | R-SD | C] -- C:\assembly
[2010.02.09 15:52:46 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2010.02.09 15:52:46 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2010.02.09 15:52:46 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2010.02.09 15:52:46 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax
[2010.02.09 15:52:46 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2010.02.09 15:52:46 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2010.02.09 15:52:46 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2010.02.09 15:52:46 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2010.02.09 15:52:46 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2010.02.09 15:52:46 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2010.02.09 15:52:46 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2010.02.09 15:52:46 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2010.02.09 15:52:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2010.02.08 20:20:55 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2010.02.08 20:20:55 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2010.02.08 20:20:54 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2010.02.08 20:20:54 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2010.02.08 20:20:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2010.02.08 19:18:51 | 000,000,000 | ---D | C] -- C:\Users\Maik\AppData\Roaming\AnvSoft
[2010.02.07 20:14:30 | 000,000,000 | ---D | C] -- C:\Users\Maik\AppData\Roaming\Xfire
[2010.02.07 20:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2010.02.07 20:14:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xfire
[2010.02.07 17:49:03 | 000,000,000 | ---D | C] -- C:\Users\Maik\AppData\Local\gctmp
[2010.02.07 17:49:02 | 000,000,000 | ---D | C] -- C:\Users\Maik\AppData\Local\Xenocode
[2010.02.02 19:37:09 | 000,000,000 | ---D | C] -- C:\Users\Maik\AppData\Roaming\skypePM
[2010.02.02 19:35:22 | 000,000,000 | ---D | C] -- C:\Users\Maik\AppData\Roaming\Skype
[2010.02.02 19:34:58 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010.02.02 19:34:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.02.02 19:34:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.01.28 13:23:51 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.01.28 13:23:50 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010.01.28 13:23:50 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010.01.26 20:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia
[2010.01.26 20:37:36 | 000,000,000 | ---D | C] -- C:\Users\Maik\AppData\Roaming\Nokia Ovi Suite
[2010.01.22 16:38:38 | 000,000,000 | R--D | C] -- C:\Users\Maik\Desktop\Nokia
[2010.01.22 16:35:15 | 000,000,000 | ---D | C] -- C:\Users\Maik\AppData\Roaming\PC Suite
[2010.01.22 16:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010.01.22 16:35:13 | 000,000,000 | ---D | C] -- C:\Users\Maik\AppData\Local\NokiaAccount
[2010.01.22 16:35:12 | 000,000,000 | ---D | C] -- C:\Users\Maik\AppData\Roaming\Nokia
[2010.01.22 16:33:50 | 000,000,000 | ---D | C] -- C:\Users\Maik\AppData\Local\Nokia
[2010.01.22 16:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaMusic
[2010.01.22 16:32:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\muvee Technologies
[2010.01.22 16:32:33 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010.01.22 16:31:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia
[2010.01.22 16:31:37 | 000,000,000 | ---D | C] -- C:\Programme\DIFX
[2010.01.22 16:31:36 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2010.01.22 16:31:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010.01.22 16:31:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2010.01.22 16:31:14 | 000,067,584 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdclsx64.dll
[2010.01.22 16:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\OviInstallerCache
[2010.01.22 16:30:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2010.01.22 16:29:41 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.01.22 16:29:41 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.01.22 16:29:41 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010.01.22 16:29:41 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010.01.22 16:29:41 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010.01.22 16:29:41 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll

========== Files - Modified Within 30 Days ==========

[2010.02.16 19:01:49 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Maik\Desktop\OTL.exe
[2010.02.16 18:59:33 | 002,359,296 | -HS- | M] () -- C:\Users\Maik\NTUSER.DAT
[2010.02.16 18:58:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.02.16 18:58:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.02.16 18:58:39 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2010.02.16 18:57:57 | 001,856,048 | -H-- | M] () -- C:\Users\Maik\AppData\Local\IconCache.db
[2010.02.16 17:51:32 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.02.16 17:47:25 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.02.16 17:47:25 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.02.15 18:42:51 | 000,009,608 | ---- | M] () -- D:\Users\Maik\Documents\hijackthis 2
[2010.02.15 18:14:36 | 000,002,983 | ---- | M] () -- C:\Users\Maik\Desktop\HiJackThis.lnk
[2010.02.15 16:43:43 | 000,128,864 | ---- | M] () -- C:\Users\Maik\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.02.15 16:07:54 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.02.15 15:56:37 | 000,002,556 | ---- | M] () -- D:\Users\Maik\Documents\Vegas Pro registrieren.htm
[2010.02.15 15:43:05 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Pro 9.0 (64-bit).lnk
[2010.02.15 09:47:48 | 001,525,050 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.02.15 09:47:48 | 000,662,422 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.02.15 09:47:48 | 000,624,086 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.02.15 09:47:48 | 000,134,342 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.02.15 09:47:48 | 000,110,786 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.02.14 08:19:15 | 000,190,160 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.02.14 08:19:15 | 000,190,160 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.02.14 08:05:39 | 000,456,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.02.13 20:37:12 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.02.13 18:20:12 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.02.13 17:39:49 | 000,006,768 | ---- | M] () -- C:\Windows\mgxoschk.ini
[2010.02.12 17:26:40 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.02.12 17:26:39 | 002,395,944 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_heroes.exe
[2010.02.12 15:49:55 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010.02.12 15:47:31 | 000,001,751 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010.02.06 17:45:26 | 000,001,345 | ---- | M] () -- C:\Users\Public\Desktop\xVST.lnk
[2010.02.02 19:37:09 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.02.02 19:34:58 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.01.26 20:34:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
[2010.01.22 16:37:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.01.22 16:37:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01007.Wdf
[2010.01.22 16:33:58 | 001,528,554 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.01.22 02:37:16 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.01.22 02:37:16 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2010.01.19 10:05:57 | 000,424,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010.01.19 10:05:57 | 000,422,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010.01.19 10:05:57 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010.01.19 10:05:57 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010.01.19 10:00:44 | 000,305,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010.01.19 10:00:43 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010.01.19 10:00:37 | 000,356,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010.01.19 10:00:37 | 000,306,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010.01.19 00:29:31 | 000,365,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010.01.19 00:29:31 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010.01.19 00:29:31 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010.01.19 00:29:30 | 000,369,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010.01.19 00:28:33 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010.01.19 00:28:33 | 000,277,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010.01.19 00:28:30 | 000,320,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010.01.19 00:28:30 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe

========== Files Created - No Company Name ==========

[2010.02.16 17:51:32 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.02.15 18:42:51 | 000,009,608 | ---- | C] () -- D:\Users\Maik\Documents\hijackthis 2
[2010.02.15 18:14:36 | 000,002,983 | ---- | C] () -- C:\Users\Maik\Desktop\HiJackThis.lnk
[2010.02.15 16:07:54 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.02.15 15:56:37 | 000,002,556 | ---- | C] () -- D:\Users\Maik\Documents\Vegas Pro registrieren.htm
[2010.02.15 15:43:05 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Vegas Pro 9.0 (64-bit).lnk
[2010.02.13 19:14:21 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.02.13 18:20:12 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.02.13 17:37:59 | 000,014,182 | ---- | C] () -- C:\Windows\SysWow64\DLLAV32.lib
[2010.02.13 17:36:20 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.02.13 17:34:44 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.02.12 15:49:55 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010.02.09 15:52:46 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2010.02.09 15:52:46 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2010.02.09 15:52:46 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2010.02.09 15:52:46 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2010.02.09 15:52:46 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2010.02.09 15:52:46 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2010.02.09 15:52:46 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2010.02.09 15:52:46 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2010.02.08 20:20:54 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.02.06 17:45:26 | 000,001,345 | ---- | C] () -- C:\Users\Public\Desktop\xVST.lnk
[2010.02.02 19:37:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.02.02 19:34:58 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.01.26 20:34:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
[2010.01.22 16:37:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.01.22 16:37:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01007.Wdf
[2010.01.22 02:37:16 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.01.22 02:37:16 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2009.11.07 12:17:59 | 001,528,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.09.08 16:01:11 | 000,000,760 | ---- | C] () -- C:\Users\Maik\AppData\Roaming\setup_ldm.iss
[2009.09.05 11:59:26 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll
[2009.08.19 17:45:47 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.08.06 11:32:40 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
< End of report >

Pfeffermann · 16.02.2010, 19:09

hier der zweite log von OLT:

Zitat:

OTL Extras logfile created on: 16.02.2010 19:02:44 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Maik\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 72,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 93,18 Gb Total Space | 8,31 Gb Free Space | 8,92% Space Free | Partition Type: NTFS
Drive D: | 372,58 Gb Total Space | 364,20 Gb Free Space | 97,75% Space Free | Partition Type: NTFS
Drive E: | 0,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAIK-GAME-PC
Current User Name: Maik
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{850C7AF6-7376-464D-A69C-E8419EC7ACA7}" = Microsoft IntelliType Pro 7.0
"{88EAF577-71FA-46F2-8E42-AEA33E35AFB1}" = Vegas Pro 9.0 (64-bit)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{903029FE-FA82-427B-916C-AD08185DA3C2}" = Microsoft Xbox 360 Accessories 1.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{047FF126-C31C-4763-B0D1-F9836B4CE4B3}" = NBA 2K10
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}" = Unreal Anthology
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{44163681-DA34-441F-A5E6-C81AFC4FDA40}" = xVideoServiceThief
"{4A9849CA-E11C-4F24-8BB1-97C717A1C898}" = LightScribe System Software
"{4CE6B3C4-D8E2-4A5D-BEF5-5B69AF843B0C}" = PC Connectivity Solution
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}" = Nokia Ovi Suite Software Updater
"{567C9882-843D-4188-A181-00E2CC3E1031}" = LG Burning Tools
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = LG CyberLink PowerDVD 7.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8D100E0C-1A5A-43AD-93EF-76F94AE61C30}" = OviMPlatform
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{9F59C3AE-81B0-4EF6-9762-D674BB079705}" = Nokia Software Updater
"{A528306A-C5EC-481C-A619-6106334E6800}" = Nokia Ovi Player
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}" = Nokia Ovi Suite
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C4B045DB-C2C0-4A05-8DA5-754B4733EE31}" = Nokia Ovi One Touch Access
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C3541D-5B93-4131-B440-692FBA3DD250}" = Ovi Desktop Sync Engine
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CCleaner" = CCleaner (remove only)
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"easyshare" = devolo EasyShare
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"MAGIX Filme auf DVD 7 D" = MAGIX Filme auf DVD 7 7.0.3.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3019
"Nokia Ovi Suite" = Nokia Ovi Suite
"PunkBusterSvc" = PunkBuster Services
"Steam App 10500" = Empire: Total War
"Steam App 12210" = Grand Theft Auto IV
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ShockWave V0.95" = ShockWave V0.95

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Pfeffermann · 16.02.2010, 19:12

is mein System jetzt sauber?

vielen dank für die schnelle Hilfe

LG Pfeffermann

Chris4You · 17.02.2010, 07:43

Hi,

lösche die Datei:
C:\Users\Maik\AppData\Local\Temp\Qqx.exe

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\Windows\SysWow64\DLLDEV32i.dll

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Die Datei "DLLDEV32i.dll" ist sehr neu, was hast Du am 2010.02.13 17:36:20
installiert?

Abschließend Prevx:
http://www.prevx.com/freescan.asp
Falls das Tool was findet, nicht das Log posten sondern einen Screenshot des dann angezeigten Fensters...

chris

Pfeffermann · 17.02.2010, 10:12

so habe die datei Qqx.exe, Qqy.exe und Qqv.exe gelöscht.

Hier ist die auswertung von Virus total:

Zitat:

Datei DLLDEV32i.dll empfangen 2010.02.17 09:08:16 (UTC)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt

Ergebnis: 0/40 (0%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 3.
Geschätzte Startzeit ist zwischen 54 und 77 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Drucken der Ergebnisse Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.
SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist. Email:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.02.17 -
AhnLab-V3 5.0.0.2 2010.02.16 -
AntiVir 8.2.1.170 2010.02.17 -
Antiy-AVL 2.0.3.7 2010.02.17 -
Authentium 5.2.0.5 2010.02.17 -
Avast 4.8.1351.0 2010.02.16 -
AVG 9.0.0.730 2010.02.16 -
BitDefender 7.2 2010.02.17 -
CAT-QuickHeal 10.00 2010.02.17 -
ClamAV 0.96.0.0-git 2010.02.17 -
Comodo 3966 2010.02.17 -
DrWeb 5.0.1.12222 2010.02.17 -
eSafe 7.0.17.0 2010.02.16 -
eTrust-Vet 35.2.7308 2010.02.17 -
F-Prot 4.5.1.85 2010.02.16 -
F-Secure 9.0.15370.0 2010.02.17 -
Fortinet 4.0.14.0 2010.02.15 -
GData 19 2010.02.17 -
Ikarus T3.1.1.80.0 2010.02.17 -
Jiangmin 13.0.900 2010.02.17 -
K7AntiVirus 7.10.974 2010.02.15 -
Kaspersky 7.0.0.125 2010.02.17 -
McAfee 5894 2010.02.16 -
McAfee+Artemis 5894 2010.02.16 -
Microsoft 1.5406 2010.02.17 -
NOD32 4872 2010.02.16 -
Norman 6.04.08 2010.02.16 -
nProtect 2009.1.8.0 2010.02.17 -
Panda 10.0.2.2 2010.02.16 -
PCTools 7.0.3.5 2010.02.17 -
Prevx 3.0 2010.02.17 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.17 -
Sunbelt 5682 2010.02.17 -
Symantec 20091.2.0.41 2010.02.17 -
TheHacker 6.5.1.4.197 2010.02.17 -
TrendMicro 9.120.0.1004 2010.02.17 -
VBA32 3.12.12.2 2010.02.16 -
ViRobot 2010.2.17.2189 2010.02.17 -
VirusBuster 5.0.21.0 2010.02.16 -
weitere Informationen
File size: 120200 bytes
MD5...: a0193025f23f4509c561d3358f4a149f
SHA1..: 021405d0736d915a78c92ec5ae729df21094d897
SHA256: dc9dbacad120ca4c9a0fae0fd872fdd53bc9c7d8a8a0588d92d94b71a290cae7
ssdeep: 1536:i+rNzWTf8wp25uarD9LlIYVCL8bVT5SU6o1DiJEkE903xu:bZqytLlgyeo1
DqEkEy3xu

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2897
timedatestamp.....: 0x4631c5dd (Fri Apr 27 09:43:57 2007)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xfe02 0x10000 6.66 3a91b79bbaa0be2a8b5ab0d618bca2d2
.rdata 0x11000 0x3e15 0x4000 5.03 a826d3a7cade343f8612d1b1f78a41d3
.data 0x15000 0x6ec0 0x4000 1.85 fdcd8c13a39c01d6574a3c1cdecd9258
.rsrc 0x1c000 0x338 0x1000 0.85 7f6787b410c14f704e3c949859ee8aab
.reloc 0x1d000 0x2b64 0x3000 3.62 dd939d3a3000d8cbbcc203a1d2d58f15

( 5 imports )
> KERNEL32.dll: RtlUnwind, GetCommandLineA, HeapAlloc, HeapFree, RaiseException, HeapSize, HeapReAlloc, ExitProcess, TerminateProcess, GetACP, SetHandleCount, GetStdHandle, GetFileType, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, SetStdHandle, FlushFileBuffers, WriteFile, GetCurrentProcess, GetOEMCP, GetCPInfo, GlobalFlags, lstrcmpA, GetProcessVersion, LoadLibraryA, FreeLibrary, lstrcatA, GlobalGetAtomNameA, lstrcmpiA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, lstrcpyA, GetModuleHandleA, GetProcAddress, SetFilePointer, GetCurrentThreadId, GetVersion, TlsGetValue, LocalReAlloc, TlsSetValue, GlobalAlloc, GlobalReAlloc, GlobalLock, TlsFree, GlobalHandle, GlobalUnlock, GlobalFree, TlsAlloc, LocalAlloc, GetModuleFileNameA, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, lstrcpynA, GetLastError, SetLastError, LocalFree, MultiByteToWideChar, WideCharToMultiByte, lstrlenA, InterlockedDecrement, InterlockedIncrement, CloseHandle, GetStartupInfoA
> USER32.dll: GetClientRect, AdjustWindowRectEx, SetFocus, GetSysColor, MapWindowPoints, PostMessageA, LoadIconA, SetWindowTextA, LoadCursorA, GetSysColorBrush, ReleaseDC, GetDC, GetClassNameA, PtInRect, ClientToScreen, PostQuitMessage, DestroyMenu, TabbedTextOutA, DrawTextA, GrayStringA, GetTopWindow, CopyRect, GetCapture, WinHelpA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetDlgItem, GetWindowTextA, GetDlgCtrlID, DestroyWindow, CreateWindowExA, GetClassLongA, SetPropA, GetPropA, CallWindowProcA, RemovePropA, DefWindowProcA, GetMessageTime, GetMessagePos, GetForegroundWindow, SetForegroundWindow, GetWindow, SetWindowLongA, SetWindowPos, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindowRect, GetSystemMetrics, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, DispatchMessageA, GetKeyState, CallNextHookEx, PeekMessageA, SetWindowsHookExA, UnhookWindowsHookEx, LoadStringA, GetParent, GetLastActivePopup, IsWindowEnabled, GetWindowLongA, SendMessageA, MessageBoxA, EnableWindow, RegisterWindowMessageA
> GDI32.dll: RestoreDC, SelectObject, GetStockObject, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, SaveDC, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, DeleteDC, DeleteObject, GetDeviceCaps, GetObjectA, SetBkColor, SetTextColor, GetClipBox, CreateBitmap
> WINSPOOL.DRV: DocumentPropertiesA, ClosePrinter, OpenPrinterA
> COMCTL32.dll: -

( 38 exports )
__0CImageImportBase@@QAE@ABV0@@Z, __0CImageImportBase@@QAE@XZ, __0IImageConversionInterface@@QAE@ABV0@@Z, __0IImageConversionInterface@@QAE@XZ, __0IImageExportInterface@@QAE@ABV0@@Z, __0IImageExportInterface@@QAE@XZ, __0IImageExportOptions@@QAE@ABV0@@Z, __0IImageExportOptions@@QAE@XZ, __0IImageImportInterface@@QAE@ABV0@@Z, __0IImageImportInterface@@QAE@XZ, __1CImageImportBase@@UAE@XZ, __1IImageConversionInterface@@UAE@XZ, __1IImageExportInterface@@UAE@XZ, __1IImageExportOptions@@UAE@XZ, __1IImageImportInterface@@UAE@XZ, __4CImageImportBase@@QAEAAV0@ABV0@@Z, __4IImageConversionInterface@@QAEAAV0@ABV0@@Z, __4IImageExportInterface@@QAEAAV0@ABV0@@Z, __4IImageExportOptions@@QAEAAV0@ABV0@@Z, __4IImageImportInterface@@QAEAAV0@ABV0@@Z, ___7CImageImportBase@@6B@, ___7IImageConversionInterface@@6B@, ___7IImageExportInterface@@6B@, ___7IImageExportOptions@@6B@, ___7IImageImportInterface@@6B@, _AllocMem@CImageImportBase@@UAEPAXHH@Z, _CanLoad@CImageImportBase@@UAE_AW4ImageInterfaceReturn@@PBD@Z, _FillDefaultLoadParam@CImageImportBase@@UAEXAAULoadImageParameter@@@Z, _FreeMem@CImageImportBase@@UAEXPAXHH@Z, _GetSpecificData@IImageExportOptions@@UAE_AW4ImageInterfaceReturn@@PBDPAPAX@Z, _InitDev6464@@YAHK@Z, _LoadImageA@CImageImportBase@@UAE_AW4ImageInterfaceReturn@@PAEHPAULoadImageParameter@@@Z, _LoadImageAlloc@CImageImportBase@@UAE_AW4ImageInterfaceReturn@@PAPAEPAHPAULoadImageParameter@@@Z, _LoadImageAlloc@CImageImportBase@@UAE_AW4ImageInterfaceReturn@@PAPAUtagBITMAPINFOHEADER@@PAPAEPAHPAULoadImageParameter@@@Z, _Release@CImageImportBase@@UAEXXZ, _ijlFree@4, _ijlInit@4, _ijlRead@8

RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....:
copyright....:
product......: DLLDEV32i
description..:
original name: DLLDEV32i.dll
internal name:
file version.: 3, 7, 0, 12
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned

trid..: Win64 Executable Generic (54.6%)
Win32 Executable MS Visual C++ (generic) (24.0%)
Windows Screen Saver (8.3%)
Win32 Executable Generic (5.4%)
Win32 Dynamic Link Library (generic) (4.8%)
pdfid.: -

Pfeffermann · 17.02.2010, 10:20

die Datei DLLDEV32i.dll kommt mir trotzdem verdächtig vor da bereits ein DLLDEV32.dll vorhanden ist.
Soll ich die datei löschen?

Chris4You · 17.02.2010, 10:27

Hi,

sie kann nicht eindeutig zugeordnet werden, scheint aber auf infizierten Systemen vorzukommen...

Zitat:

File Behavior

DLLDRV32.DLL has been seen to perform the following behavior:
* The Process is packed and/or encrypted using a software packing process
* Uses rootkit techniques to conceal its presence, interrogation or removal
* Uses low level functions to hide itself from the user and from system/security processes
* Found on infected systems and resists interrogation by security products
DLLDRV32.DLL has been the subject of the following behavior:
* Created as a process on disk

Statt löschen, hänge hinten an den Dateinamen (die Erweiterung) ein vir an -> DLLDEV32i.dll.vir

Damit kann Windows sie nicht mehr finden und ausführen und falls Du sie doch brauchst, ist sie schnell wieder "umbenannt"...

Lass noch Prevx los, bitte nicht gleich Funde löschen, erst bei virustotal.com prüfen lassen, da Prevx zu Falschalarmen neigt!

chris

Pfeffermann · 17.02.2010, 10:34

Prevx hat nur Otl als High Rik Cloaked malware gefundn ------> also nicht löschen

Ist mein System jetzt clean?

Pfeffermann · 17.02.2010, 10:40

anti alware at nochmal des hier gefunden:

Zitat:

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3746
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17.02.2010 10:39:24
mbam-log-2010-02-17 (10-39-24).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 103867
Laufzeit: 3 minute(s), 26 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Pfeffermann · 17.02.2010, 10:43

soll ich bei AntiMalware alle Dateien in Quarantäne löschen?

LosAlamos Trojaner?

Log-Analyse und Auswertung: LosAlamos Trojaner?