| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Antimaleware Doctor entfernt - Logfiles zur AuswertungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.04.2010, 18:07
| #1 |
| |  Antimaleware Doctor entfernt - Logfiles zur Auswertung Guten Abend Liebe trojaner-board.de´ler  habe mir auf meinem Notebook heute den Antimalware Doctor eingefangen... Nach kurzem googlen bin ich dann auch direkt bei Euch gelandet und muss erst mal sagen: Daumen hoch!!! Hatte bisher noch nie probleme mit Viren/Trojanern (auf jeden Fall nie bemerkt  ) und hab hier eine sehr gute Anleitung zum entfernen gefunden.Bin ein totaler PC Laie und konnte trotzdem etwas damit anfangen...Vielen Dank also schon mal!!!! Jetzt meine Bitte / Problem: Bin wie gesagt Eurer Anleitung ( http://www.trojaner-board.de/83172-a...entfernen.html ) gefolgt und denke auch, dass der "Doctor" weg ist (nachdem ich Malwarebytes hab laufen lassen und den Rechner neu gestartet habe, kam kein POP-Up Fenster mehr...) Ihr schreibt ja aber, dass ich noch mal diese LOG-Files zum überprüfen hier hichladen soll. Daher meine Bitte, ob mir jemand sagen kann, ob jetzt alles OK ist und das Programm wirklich entfernt wurde?!?! Hier die Auswertungen: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 4042 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 27.04.2010 17:31:33 mbam-log-2010-04-27 (17-31-33).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 166615 Laufzeit: 34 Minute(n), 0 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 10 Infizierte Registrierungswerte: 29 Infizierte Dateiobjekte der Registrierung: 4 Infizierte Verzeichnisse: 1 Infizierte Dateien: 90 Infizierte Speicherprozesse: C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Trojan.Downloader) -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\_tey-t0nrzt (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ed6a00d8-c592-00a7-0052-022d0a607fcf} (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ed6a00d8-c592-00a7-0052-022d0a607fcf} (Adware.AdRotator) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\intelzeroconfig (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\newupdate1142c.exe (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\newupdate1142c .exe (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hcontrol (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdcpl (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\alcmtr (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asus live update (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nb probe (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wireless console (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syntplpr (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syntpenh (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\atipta (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\intelwireless (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Programme\Intel\Wireless\Bin\EOUWiz.exe (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eouapp (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sunjavaupdatesched (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winampagent (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\opwarese2 (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\easy-printtoolbox (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\NeroCheck.exe (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nerofiltercheck (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adobe reader speed launcher (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fixcamera (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\snpstd3 (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tsnpstd3 (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Downloader) -> Data: c:\dokumente und einstellungen\sven\anwendungsdaten\sdra64.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\sdra64.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot. Infizierte Dateien: C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\B1FCC6ED88EB7E920B847EE6CC15E14F\newupdate1142C.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\Sven\anwendungsdaten\b1fcc6ed88eb7e920b847ee6cc15e14f\newupdate1142c .exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\ATK0100\HControl.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rthdcpl.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\alcmtr.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Asus\ASUS Live Update\alu.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Asus\NB Probe\NBProbe.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Asus\Wireless Console\wcourier.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Intel\Wireless\Bin\EOUWiz.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Java\jre6\bin\jusched.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Winamp\winampa.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Canon\Easy-PrintToolBox\bjpsmain.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\NeroCheck.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\FixCamera.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\vsnpstd3.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\tsnpstd3.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\_TEY-t0nRzT.exe (Adware.AdRotator) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rthdcpl .exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\alcmtr .exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\wmpscfgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Sven\Eigene Dateien\Downloads\Everest Poker(3).exe (PUP.Casino) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Sven\Lokale Einstellungen\Temp\tyysqcc .exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\sdra64.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Internet Explorer\js.mui (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Internet Explorer\wmpscfgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Asus\Power4 Gear\batterylife.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Programme\Windows Live\Messenger\msnmsgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000004.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000005.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000006.EXE (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000007.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000008.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000009.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000010.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000011.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000012.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000013.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000014.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000015.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000016.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000017.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000018.EXE (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000019.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000020.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000021.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000022.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000023.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000024.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000036.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000037.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000039.EXE (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000040.EXE (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000041.EXE (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000042.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000043.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000044.EXE (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000045.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000046.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000047.EXE (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000048.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000049.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000050.EXE (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000051.EXE (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000052.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000053.EXE (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000054.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000055.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000056.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000057.EXE (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000058.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{541A478E-488F-434C-B197-C0FA308CE087}\RP1\A0000059.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Recycled\Dc42.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Recycled\Dc43.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Recycled\Dc67.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Recycled\Dc72.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot. C:\Dokumente und Einstellungen\Sven\Startmenü\Programme\Autostart\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Sven\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Sven\Startmenü\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot. C:\WINDOWS\system32\bU-o24-d__us4.dll (Adware.AdRotator) -> Quarantined and deleted successfully. info.txt logfile of random's system information tool 1.06 2010-04-27 18:42:59 ======Uninstall list====== -->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNNMP.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Acrobat 5.0-->C:\WINDOWS\ISUN0407.EXE -f"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9 Adobe Reader 9.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001} Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe" ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\Setup.exe" -l0x7 Asus ChkMail-->C:\WINDOWS\IsUninst.exe -f"C:\Programme\Asus\Asus ChkMail\Uninst.isu" ASUS Live Update-->C:\WINDOWS\IsUninst.exe -f"C:\Programme\ASUS\ASUS Live Update\Uninst.isu" -c"C:\Programme\ASUS\ASUS Live Update\Uninst.dll" Asus_A6_ScreenSaver-->C:\WINDOWS\Asus_A6_ScreenSaver.scr /u ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class  ISPLAY -cleanATI Systemsteuerung-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATK0100 ACPI UTILITY-->C:\WINDOWS\ATK0100\XPunin.exe Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE BeCyBookKeeper-->C:\Programme\BeCyBookKeeper\UnInstall.exe Bullzip PDF Printer 7.1.0.1007-->"C:\Programme\Bullzip\PDF Printer\unins000.exe" Canon CanoScan Toolbox 4.9-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\setup.exe" -l0x7 anything Canon iP5200-->C:\WINDOWS\system32\CNMCP79.exe "-PRINTERNAMECanon iP5200" "-HELPERDLLC:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP5200 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0407.dll" Canon ScanGear Starter-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x7 anything Canon Setup Utility 2.0-->"C:\Programme\Canon\Canon Setup Utility 2.0\Maint.exe" /Uninstall C:\Programme\Canon\Canon Setup Utility 2.0\uninst.ini Canon Utilities Easy-PhotoPrint-->C:\Programme\Canon\Easy-PhotoPrint\uninst.exe uninst.ini Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE CCleaner-->"C:\Programme\CCleaner\uninst.exe" CD-LabelPrint-->"C:\Programme\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application Easy-WebPrint-->C:\WINDOWS\IsUn0407.exe -fC:\Programme\Canon\Easy-WebPrint\Uninst.isu Everest Casino (Remove Only)-->C:\Programme\Everest Casino\cstart.exe /uninstall Everest Poker (Remove Only)-->C:\Programme\Everest Poker\cstart.exe /uninstall GoldWave v5.52-->"C:\Programme\GoldWave\unstall.exe" "GoldWave v5.52" "C:\Programme\GoldWave\unstall.log" Google Earth-->MsiExec.exe /X{08C0729E-3E50-11DF-9D81-005056806466} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} GPL Ghostscript Lite 8.64-->"C:\Programme\Bullzip\PDF Printer\gs\unins000.exe" GTK+ Runtime 2.14.7 rev a (nur entfernen)-->C:\Programme\Gemeinsame Dateien\GTK\2.0\uninst.exe HDAUDIO SoftV92 Data Fax Modem with SmartCP-->C:\Programme\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966\HXFSETUP.EXE -U -IHDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_10431966 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix für Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe" HyperCam 2-->C:\Programme\HyCam2\UnHyCam2.exe Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF} Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" Manual CanoScan LiDE 60-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{23B72D50-1C7E-491C-8086-9E060051D316}\setup.exe" -l0x7 mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A} mDriver-->MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A} mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49} mEoU.msi-->MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F} mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68} Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} MIKSOFT Mobile AMR converter-->"C:\Programme\MIKSOFT\Mobile AMR converter\unins000.exe" mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F} mIWCA-->MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626} mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} Mozilla Firefox (3.6.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (2.0.0.23)-->C:\Programme\Mozilla Thunderbird\uninstall\helper.exe mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9} mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA} mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401} mZConfig-->MsiExec.exe /I{7CD7A451-7224-49C8-95EF-9A1859C66607} NB Probe-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\setup.exe" -l0x9 Nero Suite-->C:\Programme\Gemeinsame Dateien\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID="" OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7} OpenOffice.org 3.1-->MsiExec.exe /I{D765F1CE-5AE5-4C47-B134-AE58AC474740} PC Camera-168-->C:\Programme\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\setup.exe -runfromtemp -l0x0007 -removeonly Pidgin-->C:\Programme\Pidgin\pidgin-uninst.exe Power4 Gear-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4462AD13-F2AA-4CBD-9F95-293C38EED870}\setup.exe" -l0x9 Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x7 -removeonly Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Sicherheitsupdate für Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9L$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB981350)-->"C:\WINDOWS\$NtUninstallKB981350$\spuninst\spuninst.exe" Synaptics Pointing Device Driver-->rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update für Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Update für Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe" Update für Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe" Update für Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe" VLC media player 1.0.2-->C:\Programme\VideoLAN\VLC\uninstall.exe Wacom Tablett-->C:\Programme\Tablet\Wacom\Remove.exe /u WAV to MP3-->C:\WAVTOMP3\Uninstal.exe Winamp-->"C:\Programme\Winamp\UninstWA.exe" Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4} Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6} Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956} Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F} Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB} Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll WinFlash-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe" -l0x9 WinRAR-->C:\Programme\WinRAR\uninstall.exe Wireless Console-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\setup.exe" -l0x9 -removeonly ======Security center information====== AV: AntiVir Desktop ======System event log====== Computer Name: PCSVEN Event Code: 7036 Message: Dienst "Google Update Service (gupdate)" befindet sich jetzt im Status "Beendet". Record Number: 8704 Source Name: Service Control Manager Time Written: 20100302080324.000000+060 Event Type: Informationen User: Computer Name: PCSVEN Event Code: 17 Message: AVGNTFLT successfully loaded Record Number: 8703 Source Name: avgntflt Time Written: 20100302080311.000000+060 Event Type: Informationen User: Computer Name: PCSVEN Event Code: 83 Message: Port A is down Record Number: 8702 Source Name: yukonwxp Time Written: 20100302080311.000000+060 Event Type: Informationen User: Computer Name: PCSVEN Event Code: 7036 Message: Dienst "Computerbrowser" befindet sich jetzt im Status "Beendet". Record Number: 8701 Source Name: Service Control Manager Time Written: 20100302080259.000000+060 Event Type: Informationen User: Computer Name: PCSVEN Event Code: 7036 Message: Dienst "Gatewaydienst auf Anwendungsebene" befindet sich jetzt im Status "Ausgeführt". Record Number: 8700 Source Name: Service Control Manager Time Written: 20100302080257.000000+060 Event Type: Informationen User: =====Application event log===== Computer Name: PCSVEN Event Code: 0 Message: Record Number: 5 Source Name: RegSrvc Time Written: 20091218195228.000000+060 Event Type: Informationen User: Computer Name: PCSVEN Event Code: 0 Message: Record Number: 4 Source Name: OwnershipProtocol Time Written: 20091218195228.000000+060 Event Type: Informationen User: Computer Name: PCSVEN Event Code: 4 Message: The LightScribe Service started successfully. Record Number: 3 Source Name: LightScribeService Time Written: 20091218195227.000000+060 Event Type: Informationen User: Computer Name: PCSVEN Event Code: 0 Message: Record Number: 2 Source Name: gupdate Time Written: 20091218195227.000000+060 Event Type: Informationen User: Computer Name: PCSVEN Event Code: 0 Message: Record Number: 1 Source Name: EvtEng Time Written: 20091218195225.000000+060 Event Type: Informationen User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI Control Panel "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel "PROCESSOR_REVISION"=0d08 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- Logfile of random's system information tool 1.06 (written by random/random) Run by Sven at 2010-04-27 18:42:57 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 25 GB (57%) free of 45 GB Total RAM: 1023 MB (65% free) HijackThis download failed ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\At2.job C:\WINDOWS\tasks\At3.job C:\WINDOWS\tasks\At4.job C:\WINDOWS\tasks\At5.job C:\WINDOWS\tasks\At6.job C:\WINDOWS\tasks\At7.job C:\WINDOWS\tasks\At8.job C:\WINDOWS\tasks\At9.job C:\WINDOWS\tasks\At10.job C:\WINDOWS\tasks\At11.job C:\WINDOWS\tasks\At12.job C:\WINDOWS\tasks\At13.job C:\WINDOWS\tasks\At14.job C:\WINDOWS\tasks\At15.job C:\WINDOWS\tasks\At16.job C:\WINDOWS\tasks\At17.job C:\WINDOWS\tasks\At18.job C:\WINDOWS\tasks\At19.job C:\WINDOWS\tasks\At20.job C:\WINDOWS\tasks\At21.job C:\WINDOWS\tasks\At22.job C:\WINDOWS\tasks\At23.job C:\WINDOWS\tasks\At24.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-09 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-09 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Programme\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] ""= [] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "msnmsgr"=c:\programme\windows live\messenger\msnmsgr .exe [2009-07-26 3883840] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart ASUS ChkMail.lnk - C:\Programme\Asus\Asus ChkMail\ChkMail.exe Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe C:\Dokumente und Einstellungen\Sven\Startmenü\Programme\Autostart OpenOffice.org 3.1.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2005-08-30 46080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless] C:\Programme\Intel\Wireless\Bin\LgNotify.dll [2005-05-31 110592] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Java\jre6\bin\javaw.exe"="C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Programme\Java\jre6\bin\java.exe"="C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{122122cc-b49e-11de-9583-0015f237a387}] shell\AutoRun\command - H:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b602422-b506-11de-b680-0015003e2b44}] shell\AutoRun\command - H:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a0090d8-39c8-11df-b797-0015003e2b44}] shell\AutoRun\command - H:\Get_Started_for_Win.exe ======List of files/folders created in the last 1 months====== 2010-04-27 18:42:57 ----D---- C:\rsit 2010-04-27 18:42:57 ----D---- C:\Programme\trend micro 2010-04-27 18:10:47 ----D---- C:\Programme\CCleaner 2010-04-27 16:52:22 ----D---- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\Malwarebytes 2010-04-27 16:51:35 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-04-27 16:51:35 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-04-27 13:39:56 ----D---- C:\WINDOWS\system32\LogFiles 2010-04-27 13:35:08 ----D---- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\B1FCC6ED88EB7E920B847EE6CC15E14F 2010-04-27 13:35:07 ----A---- C:\feed.txt 2010-04-15 00:27:39 ----HD---- C:\WINDOWS\$NtUninstallKB979683$ 2010-04-15 00:27:27 ----HD---- C:\WINDOWS\$NtUninstallKB980232$ 2010-04-15 00:27:21 ----HD---- C:\WINDOWS\$NtUninstallKB981350$ 2010-04-15 00:27:14 ----HD---- C:\WINDOWS\$NtUninstallKB978338$ 2010-04-15 00:27:08 ----HD---- C:\WINDOWS\$NtUninstallKB977816$ 2010-04-15 00:27:02 ----HD---- C:\WINDOWS\$NtUninstallKB978601$ 2010-04-15 00:26:55 ----HD---- C:\WINDOWS\$NtUninstallKB979309$ 2010-04-15 00:26:38 ----HD---- C:\WINDOWS\$NtUninstallKB979402_WM9L$ 2010-03-31 17:25:32 ----HD---- C:\WINDOWS\$NtUninstallKB980182$ 2010-03-29 12:42:17 ----D---- C:\Programme\BeCyBookKeeper ======List of files/folders modified in the last 1 months====== 2010-04-27 18:29:24 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-04-26 12:08:46 ----A---- C:\WINDOWS\a20.ini 2010-04-21 12:32:56 ----A---- C:\WINDOWS\win.ini 2010-04-14 23:55:12 ----A---- C:\WINDOWS\NeroDigital.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40192] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-10-09 17801] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-08 56816] R2 ghaio;ghaio; \??\C:\Programme\ASUS\NB Probe\SPM\ghaio.sys [] R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-01-16 13059] R2 s24trans;WLAN-Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-05-03 11354] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-30 1333760] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-01-16 1036928] R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-01-16 163328] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-07 3959808] R3 irsir;Microsoft serieller Infrarottreiber; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688] R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824] R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-12-21 186240] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] R3 w29n51;Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber für Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-04-30 3281408] R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312] R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2008-07-11 13352] R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-01-16 702592] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\yukonwxp.sys [2004-06-01 142464] S3 Asushwio;Asushwio; \??\C:\WINDOWS\system32\drivers\Asushwio.sys [] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2009-06-22 10498688] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 wacmoumonitor;Wacom Mode Helper; C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-30 376832] R2 EvtEng;EvtEng; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [2005-06-03 86016] R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-09 153376] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2005-06-20 53248] R2 OwnershipProtocol;OwnershipProtocol; C:\Programme\Intel\Wireless\Bin\OProtSvc.exe [2005-05-31 98304] R2 RegSrvc;RegSrvc; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [2005-06-03 139264] R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [2005-06-03 372809] R2 spmgr;spmgr; C:\Programme\ASUS\NB Probe\SPM\spmgr.exe [2005-04-20 118784] R2 TabletServiceWacom;TabletServiceWacom; C:\WINDOWS\system32\Wacom_Tablet.exe [2009-03-27 2789672] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe [2009-10-19 133104] S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-01-12 68096] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S4 Dac9frasu-4;Dac9frasu-4; C:\WINDOWS\system32\vssadmin.exe [2004-08-04 33792] S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Vielen Dank schon mal...!!!!!!!!!!!!! |
|
28.04.2010, 11:23
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Antimaleware Doctor entfernt - Logfiles zur Auswertung Hallo und
__________________ Malwarebytes hat da aber eine ganze Menge an infizierten Dateien gefunden  was die Befrüchtung in mir auslöst, dass Du an sowas wie nen Virut oder Sality gelangt sein könntest (beide Schädlinge sind Beispiele für Fileinfectoren)Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
28.04.2010, 13:21
| #3 |
| | Antimaleware Doctor entfernt - Logfiles zur Auswertung OTL Extras logfile created on: 28.04.2010 12:59:39 - Run 2
__________________OTL by OldTimer - Version 3.2.3.0 Folder = C:\Dokumente und Einstellungen\Sven\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 638,00 Mb Available Physical Memory | 62,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 43,64 Gb Total Space | 24,77 Gb Free Space | 56,77% Space Free | Partition Type: FAT32 Drive D: | 29,00 Gb Total Space | 8,73 Gb Free Space | 30,10% Space Free | Partition Type: FAT32 Drive E: | 0,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PCSVEN Current User Name: Sven Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 180 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{044146E4-A924-458A-9948-4B9C7C7D9321}" = LightScribe 1.4.31.1 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView "{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23B72D50-1C7E-491C-8086-9E060051D316}" = Manual CanoScan LiDE 60 "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16 "{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe "{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore "{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA "{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0 "{7CD7A451-7224-49C8-95EF-9A1859C66607}" = mZConfig "{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5 "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch "{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU.msi "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1 "{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash "{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = PC Camera-168 "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Asus ChkMail" = Asus ChkMail "ASUS Live Update" = ASUS Live Update "Asus_A6_ScreenSaver" = Asus_A6_ScreenSaver "ATI Display Driver" = ATI Display Driver "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BeCyBookKeeper" = BeCyBookKeeper "Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1007 "Canon Setup Utility 2.0" = Canon Setup Utility 2.0 "CANONBJ_Deinstall_CNMCP79.DLL" = Canon iP5200 "CCleaner" = CCleaner "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966" = HDAUDIO SoftV92 Data Fax Modem with SmartCP "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox "Easy-WebPrint" = Easy-WebPrint "Everest Casino" = Everest Casino (Remove Only) "Everest Poker" = Everest Poker (Remove Only) "GoldWave v5.52" = GoldWave v5.52 "GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.64 "GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen) "HControl" = ATK0100 ACPI UTILITY "HyperCam 2" = HyperCam 2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MIKSOFT Mobile AMR converter_is1" = MIKSOFT Mobile AMR converter "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23) "NeroMultiInstaller!UninstallKey" = Nero Suite "Pidgin" = Pidgin "ProInst" = Intel(R) PROSet/Wireless Software "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player 1.0.2 "Wacom Tablet Driver" = Wacom Tablett "WAV to MP3" = WAV to MP3 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format Runtime "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 15.03.2010 13:05:32 | Computer Name = PCSVEN | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung IEXPLORE.EXE, Version 6.0.2900.2180, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 25.03.2010 13:40:05 | Computer Name = PCSVEN | Source = Google Update | ID = 20 Description = Error - 04.04.2010 09:07:43 | Computer Name = PCSVEN | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . Error - 09.04.2010 02:40:05 | Computer Name = PCSVEN | Source = Google Update | ID = 20 Description = Error - 09.04.2010 03:40:05 | Computer Name = PCSVEN | Source = Google Update | ID = 20 Description = Error - 27.04.2010 12:40:05 | Computer Name = PCSVEN | Source = Google Update | ID = 20 Description = Error - 27.04.2010 15:40:05 | Computer Name = PCSVEN | Source = Google Update | ID = 20 Description = Error - 28.04.2010 03:40:05 | Computer Name = PCSVEN | Source = Google Update | ID = 20 Description = Error - 28.04.2010 04:40:05 | Computer Name = PCSVEN | Source = Google Update | ID = 20 Description = Error - 28.04.2010 05:40:05 | Computer Name = PCSVEN | Source = Google Update | ID = 20 Description = [ System Events ] Error - 27.04.2010 16:03:31 | Computer Name = PCSVEN | Source = Ftdisk | ID = 262193 Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher abbilden zu können. Error - 27.04.2010 16:23:30 | Computer Name = PCSVEN | Source = Ftdisk | ID = 262189 Description = Das System konnte den Treiber für das Speicherabbild nicht laden. Error - 27.04.2010 16:23:30 | Computer Name = PCSVEN | Source = Ftdisk | ID = 262193 Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher abbilden zu können. Error - 28.04.2010 02:44:55 | Computer Name = PCSVEN | Source = Ftdisk | ID = 262189 Description = Das System konnte den Treiber für das Speicherabbild nicht laden. Error - 28.04.2010 02:44:55 | Computer Name = PCSVEN | Source = Ftdisk | ID = 262193 Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher abbilden zu können. Error - 28.04.2010 03:00:00 | Computer Name = PCSVEN | Source = Schedule | ID = 7901 Description = Der Befehl "At10.job" konnte aufgrund folgenden Fehlers nicht ausgeführt werden: %%2147942402 Error - 28.04.2010 04:00:00 | Computer Name = PCSVEN | Source = Schedule | ID = 7901 Description = Der Befehl "At11.job" konnte aufgrund folgenden Fehlers nicht ausgeführt werden: %%2147942402 Error - 28.04.2010 05:00:00 | Computer Name = PCSVEN | Source = Schedule | ID = 7901 Description = Der Befehl "At12.job" konnte aufgrund folgenden Fehlers nicht ausgeführt werden: %%2147942402 Error - 28.04.2010 06:00:00 | Computer Name = PCSVEN | Source = Schedule | ID = 7901 Description = Der Befehl "At13.job" konnte aufgrund folgenden Fehlers nicht ausgeführt werden: %%2147942402 Error - 28.04.2010 07:00:00 | Computer Name = PCSVEN | Source = Schedule | ID = 7901 Description = Der Befehl "At14.job" konnte aufgrund folgenden Fehlers nicht ausgeführt werden: %%2147942402 < End of report > |
|
28.04.2010, 13:23
| #4 |
| | Antimaleware Doctor entfernt - Logfiles zur Auswertung Hallo Arne, schon mal vielen Dank für die Hilfe! Habe jetzt alllerdings doch bammel, dass der Virus nicht ganz weg ist....Bzw ich irgendwas an meinem Notebook geschrottet habe. Denn selstdamer Weise funktioniren, nachdem ich Eurer Anleitung zum entfernen des Virus gefolgt bin, nicht mehr alle Hotkeys (heißt das so...oder Short keys?!) an meinem Notebook...(Habe so FN-Tasten an dem Notebook...) Die zum Einstellen der Helligkeit gehen Die zum Einstellen der Lautstärke, zum Ein-/ausschalten des W-Lans aber nicht mehr...?!? DEs weiteren habe ich die Angst, den Virus vielleicht übertragen zu haben?! Nachdem ich gestern die Attacke auf dem Notebook hatte, habe ich sofort das W-Lan ausgeschaltet um das Notebook vom Internet zu trennen... Dann habe ich über den Rechner meines Vaters Eure Anleitung gefunden... Habe über den Rechner dann die entsprechenden Programme runtergeladen, auf einen Stick gezogen, den Stick ins Notebook und dann die Bereinigung durchgeführt. Dann habe ich allerdings die LogFiles, die ich Eurer Anleitung nach hier Posten sollte, vom Notebook auf den Stick, und vom Stick dann auf den Rechner gezogen... Und jetzt die Angst, dass der Virus über diesem Weg auch auf dem REchner meines Vaters gelandet sein könnte?!? Also zicken macht der REchner keine...aber ich habe halt gelesen, dass sich so Viren auch gern mal auf nem Stick breitmachen und so verbreiten...ist die Angst begründet?? wie gesagt...am Rechner sind noch keine Fehlermeldungen oder ähnliches gekommen...dann sollte doch alles OK sein, oder? Hier auf jeden Fall nich die geüwnschten Infos von meinem Notebook: |
|
28.04.2010, 13:54
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antimaleware Doctor entfernt - Logfiles zur AuswertungZitat:
Hast Du auch das andere OTL Log da? Das war nur das extra-Log.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.04.2010, 14:38
| #6 |
| | Antimaleware Doctor entfernt - Logfiles zur Auswertung Hallo Arne, also da der Rechner meines Vaters bisher keine Probleme hat, geh ich mal davon aus, dass ich den Virus nicht übertragen habe... Habe wie gewünscht das OTL programm laufen lassen und dann zwei Auswertungen erhalten. 1. eine Datei Namens OTL 2. eine Datei Namens Extra wenn ich jetzt nur die OTL DAtei posten möchte, kommt bei mir immer folgender Fehler??: Fatal error: Maximum execution time of 30 seconds exceeded in /www/htdocs/tbcom/includes/functions.php on line 1838 Mache ich was falsch...oder ist die auswertung zu lang? versuche es gelich noch mal einzeln...also nur die LOG Datei... |
|
28.04.2010, 14:47
| #7 |
| | Antimaleware Doctor entfernt - Logfiles zur Auswertung hmm...keine Ahnung wieso..aber immer wenn ich diese LOG datei posten will, kommt folgende Fehlermeldung: Fatal error: Maximum execution time of 30 seconds exceeded in /www/htdocs/tbcom/includes/functions.php on line 1838 versuche mal die LOG Datei als Anhang hochzuladen... ok..dann kommt folgende Meldung: OTL.Txt: Die Datei, die Sie anhängen möchten, ist zu groß. Die maximale Dateigröße für diesen Dateityp beträgt 97,7 KB. Ihre Datei ist 108,2 KB groß. dann lad ich die jetzt mal in 2 teilen hoch...hoffe,, dass ist ok?!?! Viele Grüße Sven |
|
28.04.2010, 14:47
| #8 |
| | Antimaleware Doctor entfernt - Logfiles zur Auswertung erster teil: OTL logfile created on: 28.04.2010 12:59:39 - Run 2 OTL by OldTimer - Version 3.2.3.0 Folder = C:\Dokumente und Einstellungen\Sven\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 638,00 Mb Available Physical Memory | 62,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 43,64 Gb Total Space | 24,77 Gb Free Space | 56,77% Space Free | Partition Type: FAT32 Drive D: | 29,00 Gb Total Space | 8,73 Gb Free Space | 30,10% Space Free | Partition Type: FAT32 Drive E: | 0,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PCSVEN Current User Name: Sven Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 180 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Sven\Desktop\OTL(2).exe (OldTimer Tools) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.) PRC - C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Asus\Wireless Console\wcourier .exe () PRC - C:\WINDOWS\ATK0100\ATKOSD.exe () PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\OProtSvc.exe (Intel Corporation) PRC - C:\Programme\Asus\NB Probe\SPM\spmgr.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\ntvdm.exe (Microsoft Corporation) PRC - C:\Programme\Asus\Asus ChkMail\ChkMail.exe (asus) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Sven\Desktop\OTL(2).exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe () SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TabletServiceWacom) -- C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (S24EventMonitor) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (EvtEng) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (OwnershipProtocol) -- C:\Programme\Intel\Wireless\Bin\OProtSvc.exe (Intel Corporation) SRV - (spmgr) -- C:\Programme\Asus\NB Probe\SPM\spmgr.exe () SRV - (Dac9frasu-4) -- C:\WINDOWS\system32\vssadmin.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology) DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology) DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology) DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys () DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (R592) -- C:\WINDOWS\system32\DRIVERS\R592.sys (REDC) DRV - (risdpntk) -- C:\WINDOWS\system32\DRIVERS\risdpntk.sys (REDC) DRV - (IWCA) -- C:\WINDOWS\system32\drivers\iwca.sys (Intel Corporation) DRV - (Changer) -- C:\WINDOWS\system32\drivers\Changer.sys (Microsoft Corporation) DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yukonwxp.sys (Marvell Semiconductor Inc.) DRV - (ghaio) -- C:\Programme\Asus\NB Probe\SPM\ghaio.sys () DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation) DRV - (Asushwio) -- C:\WINDOWS\system32\drivers\asushwio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ASUSTeK Computer IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52 FF - prefs.js..extensions.enabledItems: {5d6ec842-435e-1d47-9304-8392085632dc}:4.6.6.4 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.10.09 17:29:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.10.09 17:29:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2009.11.16 18:05:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2009.10.09 17:29:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\Mozilla\Extensions [2009.10.09 17:29:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\Mozilla\Firefox\Profiles\1t6mploa.default\extensions [2009.11.08 03:54:34 | 000,000,000 | ---D | M] (FlashGot) -- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\Mozilla\Firefox\Profiles\1t6mploa.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2) [2010.03.29 12:45:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\Mozilla\Firefox\Profiles\1t6mploa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.11.16 21:10:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\Mozilla\Firefox\Profiles\1t6mploa.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} [2009.11.08 03:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\Mozilla\Firefox\Profiles\1t6mploa.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}(2) [2009.10.12 18:48:42 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\Mozilla\Firefox\Profiles\1t6mploa.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009.10.09 17:29:08 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.03.14 21:08:20 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Programme\Mozilla Firefox\extensions\{5d6ec842-435e-1d47-9304-8392085632dc} [2010.03.21 19:25:44 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.21 19:25:44 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.21 19:25:44 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.21 19:25:44 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.21 19:25:44 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKCU..\Run: [msnmsgr] c:\programme\windows live\messenger\msnmsgr .exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ASUS ChkMail.lnk = C:\Programme\Asus\Asus ChkMail\ChkMail.exe (asus) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Sven\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\IntelWireless: DllName - C:\Programme\Intel\Wireless\Bin\LgNotify.dll - C:\Programme\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.10.09 00:05:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{122122cc-b49e-11de-9583-0015f237a387}\Shell - "" = AutoRun O33 - MountPoints2\{122122cc-b49e-11de-9583-0015f237a387}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{122122cc-b49e-11de-9583-0015f237a387}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{3b602422-b506-11de-b680-0015003e2b44}\Shell - "" = AutoRun O33 - MountPoints2\{3b602422-b506-11de-b680-0015003e2b44}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3b602422-b506-11de-b680-0015003e2b44}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{9a0090d8-39c8-11df-b797-0015003e2b44}\Shell\AutoRun\command - "" = H:\Get_Started_for_Win.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 180 Days ========== [2010.04.28 12:59:16 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sven\Desktop\OTL(2).exe [2010.04.27 18:42:57 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.04.27 18:42:57 | 000,000,000 | ---D | C] -- C:\rsit [2010.04.27 18:14:04 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Sven\Recent [2010.04.27 18:10:47 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.04.27 16:52:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\Malwarebytes [2010.04.27 16:51:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.27 16:51:35 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.27 16:51:35 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.27 16:51:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.04.27 16:35:24 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Sven\Desktop\mbam-setup-1.45.exe [2010.04.27 14:07:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Windows Server [2010.04.27 13:53:52 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys [2010.04.27 13:44:21 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys [2010.04.27 13:42:50 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Changer.sys [2010.04.27 13:42:50 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys [2010.04.27 13:39:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2010.04.27 13:35:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\B1FCC6ED88EB7E920B847EE6CC15E14F [2010.04.27 13:35:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven\Lokale Einstellungen\Anwendungsdaten\Windows Server [2010.03.29 12:42:17 | 000,000,000 | ---D | C] -- C:\Programme\BeCyBookKeeper [2010.03.15 23:47:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\Meine empfangenen Dateien [2010.03.14 21:11:56 | 000,000,000 | ---D | C] -- C:\Programme\HyCam2 [2010.03.07 11:18:11 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010.03.06 14:30:50 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft [2010.03.06 14:30:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\microsoft [2010.03.06 14:30:29 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive [2010.03.06 14:24:20 | 001,167,688 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Sven\Desktop\wlsetup-custom.exe [2010.03.06 12:04:57 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys [2010.03.06 12:04:52 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys [2010.03.06 12:04:50 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys [2010.03.06 12:04:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax [2010.03.06 12:04:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax [2010.03.06 12:04:47 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys [2010.03.06 12:04:44 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys [2010.03.06 12:04:41 | 000,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys [2010.03.06 12:04:38 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys [2010.03.06 12:04:16 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax [2010.03.06 12:04:16 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax [2010.03.06 12:04:16 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax [2010.03.06 12:04:16 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax [2010.03.06 12:04:15 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax [2010.03.06 12:04:15 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax [2010.03.06 12:04:15 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll [2010.03.06 12:04:15 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll [2010.03.06 12:04:12 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax [2010.03.06 12:04:12 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax [2010.03.06 12:03:11 | 010,498,688 | ---- | C] (Sonix Co. Ltd.) -- C:\WINDOWS\System32\drivers\snpstd3.sys [2010.03.06 12:03:10 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll [2010.03.06 12:03:10 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll [2010.03.06 12:03:10 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll [2010.03.06 12:03:10 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll [2010.03.06 12:03:10 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\snpstd3 [2010.03.06 12:03:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\InstallShield [2010.03.06 11:54:16 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\amcap.exe [2010.02.23 20:06:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2010.02.18 17:47:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\CD [2010.02.04 10:29:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\aufnahmen [2010.02.04 10:28:50 | 000,000,000 | ---D | C] -- C:\Programme\MIKSOFT [2010.01.30 20:29:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\League Gothic [2010.01.30 15:54:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\MSNInstaller [2010.01.30 04:43:45 | 000,000,000 | ---D | C] -- C:\Config.Msi [2010.01.27 17:30:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\Photoshop Fonts [2010.01.27 17:21:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\FileZilla [2010.01.27 17:21:31 | 000,000,000 | ---D | C] -- C:\Programme\FileZilla FTP Client [2010.01.13 22:43:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\WTablet [2010.01.13 19:07:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\WTablet [2010.01.13 19:07:13 | 006,561,064 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WacomTablet.cpl [2010.01.13 19:06:56 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys [2010.01.13 19:06:50 | 000,011,440 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\WacomVKHid.sys [2010.01.13 19:06:26 | 000,013,352 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacomvhid.sys [2010.01.13 19:06:26 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacommousefilter.sys [2010.01.13 19:06:22 | 000,015,656 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacmoumonitor.sys [2010.01.13 19:06:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WTablet [2010.01.13 19:06:18 | 000,172,840 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wintab32.dll [2010.01.13 19:06:17 | 000,213,288 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.dll [2010.01.13 19:06:14 | 002,789,672 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.exe [2010.01.13 19:06:07 | 000,000,000 | ---D | C] -- C:\Programme\Tablet [2010.01.12 14:24:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision [2010.01.12 14:24:15 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared [2009.12.28 13:27:28 | 000,000,000 | -HSD | C] -- C:\FOUND.002 [2009.12.23 18:19:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\Media Player Classic [2009.12.11 10:15:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\dvdcss [2009.11.23 19:18:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\gtk-2.0 [2009.11.22 11:48:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\Daten vor reboot [2009.11.18 17:45:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven\Lokale Einstellungen\Anwendungsdaten\PDF Writer [2009.11.18 17:45:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\PDF Writer [2009.11.18 17:45:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PDF Writer [2009.11.18 17:43:55 | 000,227,840 | ---- | C] (Bullzip) -- C:\WINDOWS\System32\bzFlRdr.dll [2009.11.18 17:43:55 | 000,131,072 | ---- | C] (Bullzip) -- C:\WINDOWS\System32\bzpdfc.dll [2009.11.18 17:43:55 | 000,103,424 | ---- | C] (Bullzip) -- C:\WINDOWS\System32\bzDCT.dll [2009.11.18 17:43:55 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Bullzip [2009.11.18 17:43:52 | 000,194,560 | ---- | C] (Bullzip) -- C:\WINDOWS\System32\bzpdf.dll [2009.11.18 17:43:48 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.ocx [2009.11.18 17:43:47 | 000,000,000 | ---D | C] -- C:\Programme\Bullzip [2009.11.16 18:47:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\Photoshop [2009.11.16 18:05:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven\Lokale Einstellungen\Anwendungsdaten\Thunderbird [2009.11.16 18:05:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\Thunderbird [2009.11.16 18:05:18 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [2009.11.16 14:46:44 | 000,000,000 | ---D | C] -- C:\Programme\Everest Casino [2009.11.09 17:42:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven\Anwendungsdaten\Crossword Compiler Deutsch 8 [2009.11.09 11:37:10 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll [2009.11.09 11:36:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE [2009.11.09 11:34:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer [2009.11.09 11:34:12 | 000,000,000 | ---D | C] -- C:\Programme\MSBuild [2009.11.09 11:34:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US [2009.11.09 11:34:00 | 000,000,000 | ---D | C] -- C:\Programme\Reference Assemblies [2009.11.09 11:33:13 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll [2009.11.09 11:33:13 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll [2009.11.09 11:33:13 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe [2009.11.09 11:33:13 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll [2009.11.09 11:33:13 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll [2009.11.09 11:33:13 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll [2009.11.09 11:33:12 | 000,000,000 | ---D | C] -- C:\9ca00c03676b2f739900e5b14d [2009.11.09 11:32:26 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly [2009.11.09 11:32:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET [2009.11.09 11:30:58 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 6.0 [2009.11.09 10:32:23 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2009.11.09 10:32:23 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2009.11.09 10:32:23 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2009.11.09 10:32:23 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2009.11.09 10:32:20 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2009.11.09 10:32:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2009.11.09 10:02:42 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll [2009.11.09 10:02:15 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft CAPICOM 2.1.0.2 [2009.11.09 09:15:22 | 000,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys [2009.11.09 09:03:18 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui [2009.11.08 03:47:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\PixArt(2) [2009.11.08 03:47:14 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\i-Look 110(2) [2009.11.08 03:25:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sven\Tracing [2009.11.08 03:24:43 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live [2009.11.08 03:19:23 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Windows Live [2009.11.03 18:37:37 | 003,059,200 | ---- | C] (Smart Projects) -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\IsoBuster[1].exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] |
|
28.04.2010, 14:48
| #9 |
| | Antimaleware Doctor entfernt - Logfiles zur Auswertung ZWEITER TEIL: ========== Files - Modified Within 180 Days ========== [2010.04.28 13:32:02 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sven\Desktop\OTL(2).exe [2010.04.28 13:00:02 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At14.job [2010.04.28 12:40:06 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.04.28 12:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At13.job [2010.04.28 11:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At12.job [2010.04.28 10:00:02 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At11.job [2010.04.28 09:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At10.job [2010.04.28 08:58:50 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.04.28 08:44:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.04.28 08:44:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.04.28 08:44:28 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys [2010.04.27 22:39:06 | 004,980,736 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\ntuser.dat [2010.04.27 22:39:06 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Sven\ntuser.ini [2010.04.27 22:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At23.job [2010.04.27 19:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At20.job [2010.04.27 18:29:26 | 000,781,909 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Desktop\RSIT.exe [2010.04.27 18:27:22 | 000,000,712 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\cc_20100427_182715.reg [2010.04.27 18:27:02 | 000,227,892 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\cc_20100427_182635.reg [2010.04.27 18:10:50 | 000,001,416 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Desktop\CCleaner.lnk [2010.04.27 18:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At19.job [2010.04.27 17:00:40 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At18.job [2010.04.27 16:51:42 | 000,000,580 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.27 16:34:20 | 000,363,520 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Desktop\iExplore.exe [2010.04.27 16:30:18 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Sven\Desktop\mbam-setup-1.45.exe [2010.04.27 16:28:00 | 000,363,520 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Desktop\rkill.com [2010.04.27 16:00:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At17.job [2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At9.job [2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At8.job [2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At7.job [2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At6.job [2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At5.job [2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At24.job [2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At22.job [2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At21.job [2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At16.job [2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At15.job [2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2010.04.26 19:34:48 | 000,084,992 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.26 12:08:46 | 000,000,798 | ---- | M] () -- C:\WINDOWS\a20.ini [2010.04.26 00:35:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.04.22 16:58:22 | 000,213,129 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Desktop\Verteilerschlüssel Köln-Bonn-Aachen.pdf [2010.04.21 21:30:06 | 000,023,552 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Desktop\Aktenvermerk.doc [2010.04.21 21:28:44 | 000,023,552 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\Aktenvermerk.doc [2010.04.21 12:32:56 | 000,001,640 | ---- | M] () -- C:\WINDOWS\win.ini [2010.04.19 22:44:26 | 000,001,791 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2010.04.15 17:11:12 | 000,011,493 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\Anrufliste Donnerstag 15.04.2010.odt [2010.04.15 16:29:18 | 000,439,061 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Desktop\Themenvorschau 3-2010.pdf [2010.04.14 23:55:12 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.04.14 20:52:30 | 000,108,478 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Desktop\(Buchungsbestätigung papa).pdf [2010.04.14 19:49:06 | 000,012,288 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\passwörter1.doc [2010.04.11 00:04:48 | 000,000,520 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\spider.sav [2010.04.08 11:22:34 | 000,081,569 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Desktop\Meine Buchungen.pdf [2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.03.29 12:42:18 | 000,000,574 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BeCyBookKeeper.lnk [2010.03.29 08:30:52 | 000,157,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.03.10 20:14:48 | 000,010,847 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\LAHM.odt [2010.03.10 19:54:04 | 000,013,824 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\Dienstfahrten 2009.doc [2010.03.10 10:02:30 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll [2010.03.10 10:02:30 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll [2010.03.10 07:18:54 | 001,506,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll [2010.03.10 07:18:42 | 001,023,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll [2010.03.06 14:24:26 | 001,167,688 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Sven\Desktop\wlsetup-custom.exe [2010.03.04 14:51:18 | 000,019,579 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\504young.odt [2010.02.28 19:26:02 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat [2010.02.26 08:10:32 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll [2010.02.26 08:10:30 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll [2010.02.26 08:10:30 | 000,474,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll [2010.02.26 08:10:30 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx [2010.02.26 08:10:26 | 003,086,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2010.02.26 08:10:26 | 000,532,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll [2010.02.26 08:10:26 | 000,532,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll [2010.02.26 08:10:26 | 000,449,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll [2010.02.26 08:10:26 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll [2010.02.26 08:10:26 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll [2010.02.26 08:10:26 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll [2010.02.26 08:10:26 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll [2010.02.26 08:10:22 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inseng.dll [2010.02.26 08:10:22 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inseng.dll [2010.02.26 08:10:22 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll [2010.02.26 08:10:22 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll [2010.02.26 08:10:20 | 001,056,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\danim.dll [2010.02.26 08:10:20 | 001,056,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\danim.dll [2010.02.26 08:10:20 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll [2010.02.26 08:10:20 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll [2010.02.26 08:10:20 | 000,251,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll [2010.02.26 08:10:20 | 000,251,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll [2010.02.26 08:10:20 | 000,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll [2010.02.26 08:10:20 | 000,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll [2010.02.26 08:10:20 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdfview.dll [2010.02.26 08:10:20 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll [2010.02.26 08:10:20 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll [2010.02.26 08:10:20 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll [2010.02.26 07:53:06 | 000,371,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec [2010.02.26 02:58:32 | 000,375,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll [2010.02.25 12:53:10 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe [2010.02.24 14:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2010.02.16 21:30:58 | 002,183,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe [2010.02.16 21:30:58 | 002,183,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2010.02.16 21:30:58 | 002,060,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe [2010.02.16 21:30:58 | 002,060,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2010.02.16 21:30:54 | 002,139,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2010.02.16 21:30:52 | 002,019,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2010.02.16 07:27:26 | 004,734,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.dll [2010.02.12 11:03:04 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010.02.12 06:45:14 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll [2010.02.11 14:01:44 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys [2010.02.11 14:01:44 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys [2010.02.07 16:35:46 | 000,019,031 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\hintereingagn.odt [2010.02.04 19:05:04 | 006,916,992 | -H-- | M] () -- C:\Dokumente und Einstellungen\Sven\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.01.30 21:58:40 | 000,014,712 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\norbert mail.odt [2010.01.30 21:21:18 | 000,027,808 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.01.29 16:43:36 | 000,307,260 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codeca.acm [2010.01.29 16:43:36 | 000,143,422 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codecx.ax [2010.01.22 16:16:40 | 000,017,972 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\ROYAL.odt [2010.01.20 00:23:38 | 000,029,057 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\Mails mit flo.odt [2010.01.18 15:29:40 | 000,013,612 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\m4o.odt [2010.01.15 15:55:54 | 000,019,233 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\Freak.odt [2010.01.15 02:29:30 | 000,017,615 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\SPACKO.odt [2010.01.14 10:56:38 | 000,021,463 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\grubham.odt [2010.01.13 16:08:54 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll [2010.01.13 14:43:04 | 000,117,587 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Desktop\Opodo2.pdf [2010.01.12 14:24:14 | 000,001,840 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk [2010.01.04 12:50:08 | 000,115,368 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Desktop\Opodo.pdf [2009.12.31 17:14:12 | 000,352,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys [2009.12.24 09:05:48 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll [2009.12.17 08:57:56 | 000,346,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe [2009.12.17 08:57:56 | 000,346,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe [2009.12.14 08:35:34 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll [2009.12.14 08:35:34 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll [2009.12.11 08:30:28 | 001,050,554 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009.12.11 08:30:28 | 000,451,898 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2009.12.11 08:30:28 | 000,435,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009.12.11 08:30:28 | 000,082,068 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2009.12.11 08:30:28 | 000,068,916 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009.12.08 11:09:02 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2009.12.01 20:46:12 | 000,000,218 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\.recently-used.xbel [2009.11.27 18:33:40 | 001,296,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\quartz.dll [2009.11.27 18:33:40 | 001,296,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quartz.dll [2009.11.27 18:33:40 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll [2009.11.27 17:37:28 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll [2009.11.27 17:37:28 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\avifil32.dll [2009.11.27 17:37:28 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll [2009.11.27 17:37:28 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidc32.dll [2009.11.27 17:37:28 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll [2009.11.27 17:37:28 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll [2009.11.21 17:38:28 | 001,196,000 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb [2009.11.21 17:38:00 | 000,470,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll [2009.11.16 18:53:06 | 000,001,498 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Everest Casino.lnk [2009.11.16 18:34:52 | 000,009,366 | ---- | M] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\passwöwrter.odt [2009.11.16 18:05:22 | 000,001,536 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Thunderbird.lnk [2009.11.09 10:32:34 | 000,001,575 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk [2009.11.08 03:57:44 | 000,230,432 | ---- | M] () -- C:\PA207.DAT [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.04.27 18:42:16 | 000,781,909 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Desktop\RSIT.exe [2010.04.27 18:27:17 | 000,000,712 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\cc_20100427_182715.reg [2010.04.27 18:26:39 | 000,227,892 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\cc_20100427_182635.reg [2010.04.27 18:10:48 | 000,001,416 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Desktop\CCleaner.lnk [2010.04.27 16:51:41 | 000,000,580 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.27 16:35:24 | 000,363,520 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Desktop\iExplore.exe [2010.04.27 16:35:23 | 000,363,520 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Desktop\rkill.com [2010.04.27 13:36:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At9.job [2010.04.27 13:36:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At8.job [2010.04.27 13:36:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At7.job [2010.04.27 13:36:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At6.job [2010.04.27 13:36:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At5.job [2010.04.27 13:36:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At4.job [2010.04.27 13:36:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At3.job [2010.04.27 13:36:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At24.job [2010.04.27 13:36:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At23.job [2010.04.27 13:36:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At22.job [2010.04.27 13:36:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At21.job [2010.04.27 13:36:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At20.job [2010.04.27 13:36:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At2.job [2010.04.27 13:36:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At19.job [2010.04.27 13:36:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At18.job [2010.04.27 13:36:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At17.job [2010.04.27 13:36:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At16.job [2010.04.27 13:36:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At15.job [2010.04.27 13:36:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At14.job [2010.04.27 13:36:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At13.job [2010.04.27 13:36:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At12.job [2010.04.27 13:36:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At11.job [2010.04.27 13:36:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At10.job [2010.04.27 13:36:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At1.job [2010.04.22 16:58:21 | 000,213,129 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Desktop\Verteilerschlüssel Köln-Bonn-Aachen.pdf [2010.04.21 21:30:07 | 000,023,552 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Desktop\Aktenvermerk.doc [2010.04.21 21:13:16 | 000,023,552 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\Aktenvermerk.doc [2010.04.19 22:44:25 | 000,001,791 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2010.04.15 16:29:13 | 000,439,061 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Desktop\Themenvorschau 3-2010.pdf [2010.04.15 15:59:42 | 000,011,493 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\Anrufliste Donnerstag 15.04.2010.odt [2010.04.14 20:52:28 | 000,108,478 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Desktop\(Buchungsbestätigung papa).pdf [2010.04.08 11:22:33 | 000,081,569 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Desktop\Meine Buchungen.pdf [2010.03.29 12:42:17 | 000,000,574 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BeCyBookKeeper.lnk [2010.03.10 20:14:46 | 000,010,847 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\LAHM.odt [2010.03.10 19:54:00 | 000,013,824 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\Dienstfahrten 2009.doc [2010.03.06 14:40:00 | 000,012,288 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\passwörter1.doc [2010.03.06 12:03:13 | 000,835,584 | ---- | C] () -- C:\WINDOWS\vsnpstd3 .exe [2010.03.06 12:03:13 | 000,360,448 | ---- | C] () -- C:\WINDOWS\tsnpstd3 .exe [2010.03.06 12:03:13 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini [2010.03.06 12:03:13 | 000,013,023 | ---- | C] () -- C:\WINDOWS\snpstd3.src [2010.03.06 12:03:10 | 000,003,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\DeNoise.sys [2010.03.06 11:54:16 | 000,020,480 | ---- | C] () -- C:\WINDOWS\fixcamera .exe [2010.03.04 14:51:07 | 000,019,579 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\504young.odt [2010.02.28 19:26:00 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2010.02.06 16:57:09 | 000,019,031 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\hintereingagn.odt [2010.01.30 21:58:36 | 000,014,712 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\norbert mail.odt [2010.01.27 08:37:10 | 004,980,736 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\ntuser.dat [2010.01.19 16:28:16 | 000,029,057 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\Mails mit flo.odt [2010.01.18 13:58:23 | 000,013,612 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\m4o.odt [2010.01.17 14:40:18 | 000,017,972 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\ROYAL.odt [2010.01.15 01:26:43 | 000,017,615 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\SPACKO.odt [2010.01.14 10:56:34 | 000,021,463 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\grubham.odt [2010.01.14 01:56:55 | 000,019,233 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\Freak.odt [2010.01.13 19:07:17 | 001,651,768 | ---- | C] () -- C:\WINDOWS\System32\WacomTablet.znc [2010.01.13 19:06:07 | 000,000,112 | ---- | C] () -- C:\WINDOWS\System32\WacomTabletUserDefaults.xml [2010.01.13 14:43:03 | 000,117,587 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Desktop\Opodo2.pdf [2010.01.12 14:24:13 | 000,001,840 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk [2010.01.04 12:50:06 | 000,115,368 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Desktop\Opodo.pdf [2009.12.01 20:46:11 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\.recently-used.xbel [2009.11.16 18:34:49 | 000,009,366 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\passwöwrter.odt [2009.11.16 18:05:21 | 000,001,536 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Thunderbird.lnk [2009.11.16 14:47:07 | 000,001,498 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Everest Casino.lnk [2009.11.12 15:55:16 | 000,000,520 | ---- | C] () -- C:\Dokumente und Einstellungen\Sven\Eigene Dateien\spider.sav [2009.11.09 10:32:33 | 000,001,575 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk [2009.11.08 03:57:43 | 000,230,432 | ---- | C] () -- C:\PA207.DAT [2009.10.19 20:30:37 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.10.16 00:29:59 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\asushwio.sys [2009.10.09 20:38:58 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS79.DLL [2009.10.09 20:23:42 | 000,000,516 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2009.10.09 16:59:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009.10.09 16:57:51 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll [2009.10.09 16:56:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2009.10.09 08:48:11 | 000,000,798 | ---- | C] () -- C:\WINDOWS\a20.ini [2009.10.09 00:10:06 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2009.10.08 23:44:32 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys [2004.09.07 16:34:59 | 000,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS [2004.09.07 16:34:59 | 000,002,540 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004.09.07 16:34:02 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys < End of report > |
|
28.04.2010, 15:31
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antimaleware Doctor entfernt - Logfiles zur AuswertungZitat:
Starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O33 - MountPoints2\{122122cc-b49e-11de-9583-0015f237a387}\Shell - "" = AutoRun
O33 - MountPoints2\{122122cc-b49e-11de-9583-0015f237a387}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{122122cc-b49e-11de-9583-0015f237a387}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3b602422-b506-11de-b680-0015003e2b44}\Shell - "" = AutoRun
O33 - MountPoints2\{3b602422-b506-11de-b680-0015003e2b44}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3b602422-b506-11de-b680-0015003e2b44}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9a0090d8-39c8-11df-b797-0015003e2b44}\Shell\AutoRun\command - "" = H:\Get_Started_for_Win.exe -- File not found
[2009.12.28 13:27:28 | 000,000,000 | -HSD | C] -- C:\FOUND.002
[2010.04.28 13:00:02 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010.04.28 12:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010.04.28 11:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010.04.28 10:00:02 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010.04.28 09:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010.04.27 22:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010.04.27 19:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010.04.27 18:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010.04.27 17:00:40 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010.04.27 16:00:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010.04.27 15:50:54 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
:Commands
[PURITY]
[RESETHOSTS]
[EMPTYTEMP]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte.
__________________ Logfiles bitte immer in CODE-Tags posten Geändert von cosinus (28.04.2010 um 15:45 Uhr) Grund: OTL Fix |
|
28.04.2010, 15:43
| #11 |
| | Antimaleware Doctor entfernt - Logfiles zur Auswertung Ok behalte ich im Hinterkopf... Habe im letzten Oktober das erste Mal mein Notebook (zu dem Zeitpunkt war es bereits 3 Jahre alt) das erste mal platt gemacht und alles neu installiert... Ein Bekannter sagte mir damals auch etwas von NTFS...ist mir dann aber wohl durchgegangen  ...kannst du denn schon etwas zu dieser OTL Auswertung sagen...? Kann man daran erkennen, ob mein Rechner jetzt sauber ist? ...und noch ne FRage: bin noch nie in die Verlegenheit gekommen, einen konstenlosen onlinehilfdienst wie diesen zu nutzen. Bin von Eurer Leistung aber schwer angetan. WEnn ich mich da jetzt in Form von ner Spende erkenntlich zeigen möchte, landet davon denn dann auch was bei dir? würde diesen Dienst gerne meinen Möglichkeiten entsprechend honorieren! Schöne Grüße Sven Sven |
|
28.04.2010, 15:47
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antimaleware Doctor entfernt - Logfiles zur Auswertung Ups, da kam mein Edit etwas zu spät. Hab den OTL Fix per Edit im vorherigen Beitrag eingebaut.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.04.2010, 16:36
| #13 |
| | Antimaleware Doctor entfernt - Logfiles zur Auswertung Hallo Arne, habe nun Deine Anleitung befolgt und folgender OTL ist dabei rausgekommen: All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{122122cc-b49e-11de-9583-0015f237a387}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{122122cc-b49e-11de-9583-0015f237a387}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{122122cc-b49e-11de-9583-0015f237a387}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{122122cc-b49e-11de-9583-0015f237a387}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{122122cc-b49e-11de-9583-0015f237a387}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{122122cc-b49e-11de-9583-0015f237a387}\ not found. File H:\LaunchU3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b602422-b506-11de-b680-0015003e2b44}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b602422-b506-11de-b680-0015003e2b44}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b602422-b506-11de-b680-0015003e2b44}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b602422-b506-11de-b680-0015003e2b44}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b602422-b506-11de-b680-0015003e2b44}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b602422-b506-11de-b680-0015003e2b44}\ not found. File H:\LaunchU3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a0090d8-39c8-11df-b797-0015003e2b44}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a0090d8-39c8-11df-b797-0015003e2b44}\ not found. File H:\Get_Started_for_Win.exe not found. C:\FOUND.002 folder moved successfully. C:\WINDOWS\tasks\At14.job moved successfully. C:\WINDOWS\tasks\At13.job moved successfully. C:\WINDOWS\tasks\At12.job moved successfully. C:\WINDOWS\tasks\At11.job moved successfully. C:\WINDOWS\tasks\At10.job moved successfully. C:\WINDOWS\tasks\At23.job moved successfully. C:\WINDOWS\tasks\At20.job moved successfully. C:\WINDOWS\tasks\At19.job moved successfully. C:\WINDOWS\tasks\At18.job moved successfully. C:\WINDOWS\tasks\At17.job moved successfully. C:\WINDOWS\tasks\At9.job moved successfully. C:\WINDOWS\tasks\At8.job moved successfully. C:\WINDOWS\tasks\At7.job moved successfully. C:\WINDOWS\tasks\At6.job moved successfully. C:\WINDOWS\tasks\At5.job moved successfully. C:\WINDOWS\tasks\At4.job moved successfully. C:\WINDOWS\tasks\At3.job moved successfully. C:\WINDOWS\tasks\At24.job moved successfully. C:\WINDOWS\tasks\At22.job moved successfully. C:\WINDOWS\tasks\At21.job moved successfully. C:\WINDOWS\tasks\At2.job moved successfully. C:\WINDOWS\tasks\At16.job moved successfully. C:\WINDOWS\tasks\At15.job moved successfully. C:\WINDOWS\tasks\At1.job moved successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Default User ->Temp folder emptied: 8917715 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 75 bytes User: All Users User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 501719 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Sven ->Temp folder emptied: 2008528 bytes ->Temporary Internet Files folder emptied: 194224 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 73571159 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 2951 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 79627086 bytes RecycleBin emptied: 3499457 bytes Total Files Cleaned = 161,00 mb OTL by OldTimer - Version 3.2.3.0 log created on 04282010_170055 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
28.04.2010, 19:25
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antimaleware Doctor entfernt - Logfiles zur AuswertungZitat:
ich mache aber diesen Dienst freiwillig - die Spenden landen zu 100% in die Finanzierung des Trojaner-Boards (der Seiteninhaber muss jährlich eine vierstellige Summe dafür aufbringen um das zu betreiben)Mach bitte nun einen Durchgang mit CF, das Tool nimmt uns eine Menge Arbeit ab: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Antimaleware Doctor entfernt - Logfiles zur Auswertung |
| .com, adobe, adware.adrotator, antimaleware, antimaleware doctor, antimalware doctor, antivir, antivir guard, appdatalow, auswertung, avg, avgntflt.sys, browser, canon, desktop, einstellungen, entfernen, firefox, flash player, fontcache, google, gupdate, helper, home, installation, jusched.exe, log file, log-file, log-files, logfile, msiexec.exe, photoshop, plug-in, pop-up, pop-up fenster, port, programm, pup.casino, registry, rogue.antimalwaredoctor, rundll, software, spyware.zbot, stolen.data, svchost.exe, system, tablet, trojan.downloader, trojan.dropper, windows xp |
Linear-Darstellung
