Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
vermutlich Malware infiziert

vermutlich Malware infiziert


Log-Analyse und Auswertung: vermutlich Malware infiziert

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 3 von 3 12 3
Alt 20.09.2010, 16:48   #31
markusg
/// Malware-holic
 
vermutlich Malware infiziert - Standard

vermutlich Malware infiziert


einfach nur auf scan klicken. wir entfernen nachher alles auf einen rutsch :-)

Alt 20.09.2010, 17:28   #32
hamsta23
 
vermutlich Malware infiziert - Standard

vermutlich Malware infiziert


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.09.2010 18:25:14 - Run 3
OTL by OldTimer - Version 3.2.12.1     Folder = M:\Z Neu
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 73,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 78,95 Gb Free Space | 78,95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 100,00 Gb Total Space | 30,16 Gb Free Space | 30,16% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 286,08 Gb Total Space | 57,98 Gb Free Space | 20,27% Space Free | Partition Type: NTFS
Drive P: | 99,99 Gb Total Space | 96,87 Gb Free Space | 96,88% Space Free | Partition Type: NTFS
 
Computer Name: TIMO-PC
Current User Name: Timo
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - M:\Z Neu\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - P:\Wuala Dokan\mounter.exe ()
PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Modules (SafeList) ==========
 
MOD - M:\Z Neu\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (wDokanMounter) -- P:\Wuala Dokan\mounter.exe ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (FirebirdServerMAGIXInstance) -- P:\MAGIX\Common\Database\bin\fbserver.exe (The Firebird Project)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (wDokan) -- C:\Windows\SysNative\drivers\wdokan.sys ()
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1850170355-1748966538-132828878-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1850170355-1748966538-132828878-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1850170355-1748966538-132828878-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1850170355-1748966538-132828878-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 B5 7A C5 FA 04 CB 01  [binary data]
IE - HKU\S-1-5-21-1850170355-1748966538-132828878-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:21.1.10084.997
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.06.24 21:19:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: P:\Firefox\components [2010.09.16 23:39:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: P:\Firefox\plugins [2010.09.16 23:39:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: P:\Thunderbird\components [2010.08.06 15:00:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: P:\Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.06.24 21:19:34 | 000,000,000 | ---D | M]
 
[2010.06.08 18:11:38 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\mozilla\Extensions
[2010.06.08 18:11:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.06.29 18:57:21 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\1o2obwe1.default\extensions
 
O1 HOSTS File: ([2010.06.07 14:51:06 | 000,000,998 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1850170355-1748966538-132828878-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1850170355-1748966538-132828878-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.22 15:39:09 | 000,000,000 | ---D | M] - P:\AutoGK -- [ NTFS ]
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.17 21:26:04 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Avira
[2010.09.17 21:15:42 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.09.17 21:15:42 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.09.17 21:15:42 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.09.17 21:15:42 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.09.17 21:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.09.17 21:15:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.09.17 21:03:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.09.17 19:15:41 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Malwarebytes
[2010.09.17 19:15:31 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.09.17 19:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.16 23:45:18 | 000,106,224 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2010.09.16 23:40:29 | 000,040,392 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2010.09.16 23:40:14 | 000,057,288 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2010.09.16 23:39:59 | 000,085,960 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2010.09.16 23:39:58 | 000,048,584 | ---- | C] (G DATA Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2010.09.16 23:39:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\G Data
[2010.09.16 23:34:45 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\Downloaded Installations
[2010.09.15 19:44:59 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010.09.15 00:46:13 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.09.15 00:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.09.15 00:30:22 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ATI Technologies
[2010.09.15 00:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2010.09.15 00:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2010.09.15 00:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2010.09.15 00:26:31 | 000,000,000 | ---D | C] -- C:\Programme\ATI
[2010.09.15 00:26:12 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies
[2010.09.15 00:25:42 | 000,000,000 | ---D | C] -- C:\ATI
[2010.09.13 19:17:28 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Creative
[2010.09.12 10:47:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Plugins
[2010.09.12 10:47:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ocr
[2010.09.07 18:28:51 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\dvdcss
[2010.09.02 18:58:17 | 000,000,000 | ---D | C] -- C:\Users\Timo\Documents\NFS SHIFT
[2010.08.31 23:13:37 | 000,000,000 | ---D | C] -- C:\Users\Timo\Documents\StarCraft II
[2010.08.31 23:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.08.31 23:13:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010.08.29 10:40:32 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.08.22 15:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XviD
[2010.05.05 19:59:10 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.20 18:21:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.20 18:21:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.20 18:21:31 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.20 18:20:57 | 000,062,092 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000001-00000000-00000009-00001102-00000005-00311102}.rfx
[2010.09.20 18:20:57 | 000,062,092 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000001-00000000-00000009-00001102-00000005-00311102}.rfx
[2010.09.20 18:20:57 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000001-00000000-00000009-00001102-00000005-00311102}.rfx
[2010.09.20 18:20:54 | 001,835,008 | -HS- | M] () -- C:\Users\Timo\NTUSER.DAT
[2010.09.20 18:20:51 | 004,161,993 | -H-- | M] () -- C:\Users\Timo\AppData\Local\IconCache.db
[2010.09.20 18:03:05 | 000,000,034 | ---- | M] () -- C:\Windows\cdplayer.ini
[2010.09.20 17:45:09 | 000,000,970 | ---- | M] () -- C:\Users\Timo\Desktop\Audiograbber.lnk
[2010.09.20 17:29:55 | 000,000,551 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\AutoGK.ini
[2010.09.20 16:44:06 | 000,318,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.09.20 16:43:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat
[2010.09.17 18:35:18 | 000,057,288 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2010.09.17 18:32:04 | 000,085,960 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2010.09.17 18:32:04 | 000,040,392 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2010.09.16 23:45:18 | 000,106,224 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2010.09.16 23:39:58 | 000,048,584 | ---- | M] (G DATA Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2010.09.13 19:18:17 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.13 19:18:17 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.08 14:02:22 | 000,000,082 | ---- | M] () -- C:\Windows\VideodeLuxe.INI
[2010.09.02 18:57:31 | 000,000,872 | ---- | M] () -- C:\Users\Timo\Desktop\NFS Shift.lnk
[2010.08.31 23:21:49 | 000,000,625 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010.08.31 07:19:12 | 002,441,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010.08.27 23:27:49 | 000,000,553 | ---- | M] () -- C:\Users\Timo\Desktop\CCleaner.lnk
 
========== Files Created - No Company Name ==========
 
[2010.09.20 17:45:09 | 000,000,970 | ---- | C] () -- C:\Users\Timo\Desktop\Audiograbber.lnk
[2010.09.20 16:43:57 | 000,318,040 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.09.20 16:43:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2010.09.20 16:43:21 | 000,062,092 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{00000001-00000000-00000009-00001102-00000005-00311102}.rfx
[2010.09.20 16:43:21 | 000,062,092 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000001-00000000-00000009-00001102-00000005-00311102}.rfx
[2010.09.20 16:43:21 | 000,000,788 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000001-00000000-00000009-00001102-00000005-00311102}.rfx
[2010.09.02 18:57:31 | 000,000,872 | ---- | C] () -- C:\Users\Timo\Desktop\NFS Shift.lnk
[2010.08.31 23:13:37 | 000,000,625 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010.08.27 23:27:49 | 000,000,553 | ---- | C] () -- C:\Users\Timo\Desktop\CCleaner.lnk
[2010.08.22 15:55:12 | 000,000,551 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\AutoGK.ini
[2010.07.17 11:56:40 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.06.29 18:32:19 | 000,000,082 | ---- | C] () -- C:\Windows\VideodeLuxe.INI
[2010.06.29 18:27:07 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\cpuinf32.dll
[2010.06.29 18:20:54 | 000,002,856 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.06.15 21:57:38 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.06.15 21:57:38 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.06.15 21:57:26 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2010.06.10 18:19:05 | 000,007,597 | ---- | C] () -- C:\Users\Timo\AppData\Local\resmon.resmoncfg
[2010.06.06 04:24:16 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.06.06 01:32:43 | 000,000,109 | ---- | C] () -- C:\Windows\disney.ini
[2010.05.20 13:51:12 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\wdokannp.dll
[2010.05.20 13:51:02 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\wdokanusr.dll
[2010.05.05 20:37:52 | 000,021,204 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010.05.05 20:37:50 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010.05.05 19:56:46 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.06 13:47:08 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.01.25 23:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.01.09 01:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008.11.22 10:11:04 | 000,001,607 | ---- | C] () -- C:\Windows\SysWow64\Load.ini
[2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008.06.29 15:24:32 | 000,311,128 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
[2008.06.29 15:24:32 | 000,168,960 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2008.06.29 15:24:31 | 001,526,468 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
[2008.04.28 14:55:27 | 000,162,816 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
 
========== LOP Check ==========
 
[2010.06.06 01:58:08 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Auslogics
[2010.06.21 23:45:11 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\bizarre creations
[2010.06.06 03:39:23 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\DAEMON Tools Lite
[2010.06.06 21:07:03 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\DeepBurner
[2010.09.20 18:21:52 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\ICQ
[2010.06.24 22:27:38 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Nokia
[2010.06.24 22:27:38 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Nokia Ovi Suite
[2010.06.12 18:38:08 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\OpenOffice.org
[2010.06.24 22:19:07 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\PC Suite
[2010.06.21 17:21:48 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\SoundSpectrum
[2010.06.08 18:11:38 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Thunderbird
[2010.06.06 03:38:15 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Ubisoft
[2010.07.09 16:59:16 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Wuala
[2010.08.05 16:46:30 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:80E965A3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:538B96B5
< End of report >
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 20.09.2010 18:25:14 - Run 3
OTL by OldTimer - Version 3.2.12.1     Folder = M:\Z Neu
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 73,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 78,95 Gb Free Space | 78,95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 100,00 Gb Total Space | 30,16 Gb Free Space | 30,16% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 286,08 Gb Total Space | 57,98 Gb Free Space | 20,27% Space Free | Partition Type: NTFS
Drive P: | 99,99 Gb Total Space | 96,87 Gb Free Space | 96,88% Space Free | Partition Type: NTFS
 
Computer Name: TIMO-PC
Current User Name: Timo
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1850170355-1748966538-132828878-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- P:\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "P:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "P:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "P:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "P:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{28A0318C-B98D-B6B1-64D1-4E4755A8E668}" = AMD Drag and Drop Transcoding
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8E3FABF5-C3B9-7F7E-4AAE-977D77D48C51}" = ATI Catalyst Install Manager
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B93D47B2-0862-E2E6-8115-B5DAF7AE3C01}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"Defraggler" = Defraggler
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3127 Banner Remover 1.0
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = oZone3D.Net FurMark v1.8.2
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5662D815-DB58-5082-315B-0326B37EB7CB}" = CCC Help English
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7B01FD07-1790-4EE9-B5E0-149527D70C7D}" = Nokia Ovi Suite
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8C65C65C-530F-B2DB-BBD7-AF554ABEBBA1}" = Catalyst Control Center Graphics Previews Common
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{A0D65C73-F2C5-432F-8788-90F8A2E99B98}" = Nokia Ovi Suite Software Updater
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 5.0
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{D69D4AE5-717C-5E56-A56F-542EF5F6A84C}" = Catalyst Control Center Graphics Previews Vista
"{DB837E02-82D0-3888-6DEC-D29587CCDC2F}" = ccc-core-static
"{F86B6849-38E0-7818-F21E-6DC637932076}" = Catalyst Control Center InstallProxy
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"AutoGK" = Auto Gordian Knot 2.55
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Firebird SQL Server D" = Firebird SQL Server (D)
"Fraps" = Fraps
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"JDownloader" = JDownloader
"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 (D)
"MAGIX Music Manager D" = MAGIX Music Manager (D)
"MAGIX Online Druck Service" = MAGIX Online Druck Service
"MAGIX Video deLuxe 2006 D" = MAGIX Video deLuxe 2006 (D)
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (3.0.6)" = Mozilla Thunderbird (3.0.6)
"Nokia Ovi Suite" = Nokia Ovi Suite
"OpenAL" = OpenAL
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 240" = Counter-Strike: Source
"Steam App 340" = Half-Life 2: Lost Coast
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"VLC media player" = VLC media player 1.0.5
"VobSub" = VobSub v2.23 (Remove Only)
"WaveStudio 7" = Creative WaveStudio 7
"WhiteCap" = WhiteCap
"Wuala Dokan" = Wuala Dokan
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1850170355-1748966538-132828878-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Wuala" = Wuala
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.09.2010 10:44:10 | Computer Name = Timo-PC | Source = ATIeRecord | ID = 16386
Description = ATI EEU Client has failed to start
 
Error - 20.09.2010 10:44:11 | Computer Name = Timo-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
 
Error - 20.09.2010 10:47:47 | Computer Name = Timo-PC | Source = ATIeRecord | ID = 16386
Description = ATI EEU Client has failed to start
 
Error - 20.09.2010 10:47:48 | Computer Name = Timo-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
 
Error - 20.09.2010 11:13:35 | Computer Name = Timo-PC | Source = ATIeRecord | ID = 16386
Description = ATI EEU Client has failed to start
 
Error - 20.09.2010 11:13:36 | Computer Name = Timo-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
 
Error - 20.09.2010 11:20:58 | Computer Name = Timo-PC | Source = ATIeRecord | ID = 16386
Description = ATI EEU Client has failed to start
 
Error - 20.09.2010 11:20:59 | Computer Name = Timo-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
 
Error - 20.09.2010 12:21:43 | Computer Name = Timo-PC | Source = ATIeRecord | ID = 16386
Description = ATI EEU Client has failed to start
 
Error - 20.09.2010 12:21:45 | Computer Name = Timo-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
 
[ System Events ]
Error - 18.09.2010 13:29:25 | Computer Name = Timo-PC | Source = DCOM | ID = 10001
Description = 
 
Error - 18.09.2010 17:32:33 | Computer Name = Timo-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 18.09.2010 17:34:59 | Computer Name = Timo-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
 
Error - 19.09.2010 03:43:52 | Computer Name = Timo-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 19.09.2010 03:46:20 | Computer Name = Timo-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
 
Error - 19.09.2010 03:51:15 | Computer Name = Timo-PC | Source = Microsoft-Windows-Time-Service | ID = 4
Description = Der Zeitanbieter "VMICTimeProvider" wurde aufgrund des folgenden Fehlers
 nicht gestartet: Das angegebene Modul wurde nicht gefunden. (0x8007007E)
 
Error - 19.09.2010 13:12:30 | Computer Name = Timo-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 19.09.2010 13:15:02 | Computer Name = Timo-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
 
Error - 19.09.2010 13:15:49 | Computer Name = Timo-PC | Source = DCOM | ID = 10001
Description = 
 
Error - 19.09.2010 13:15:56 | Computer Name = Timo-PC | Source = Microsoft-Windows-Time-Service | ID = 4
Description = Der Zeitanbieter "VMICTimeProvider" wurde aufgrund des folgenden Fehlers
 nicht gestartet: Das angegebene Modul wurde nicht gefunden. (0x8007007E)
 
 
< End of report >
--- --- ---
__________________
Alt 20.09.2010, 17:35   #33
markusg
/// Malware-holic
 
vermutlich Malware infiziert - Standard

vermutlich Malware infiziert


ok sieht gut aus jetzt, hab ich richtig verstanden, kein problem mehr?
__________________
Alt 20.09.2010, 17:38   #34
hamsta23
 
vermutlich Malware infiziert - Standard

vermutlich Malware infiziert


jep, was war das denn jetzt genau?

kann ich den ordner "movedfiles" löschen?

Alt 20.09.2010, 17:50   #35
markusg
/// Malware-holic
 
vermutlich Malware infiziert - Standard

vermutlich Malware infiziert


kannst du den ordner mal mit winzip oder rar packen und hochladen
http://www.trojaner-board.de/54791-a...ner-board.html
dann kann ichs dir vllt sagen


Alt 20.09.2010, 18:03   #36
hamsta23
 
vermutlich Malware infiziert - Standard

vermutlich Malware infiziert


habs hochgeladen

Alt 21.09.2010, 17:41   #37
hamsta23
 
vermutlich Malware infiziert - Standard

vermutlich Malware infiziert


ist die RAR online? ich finde sie nicht, oder hab ich es falsch hochgeladen?

Alt 21.09.2010, 17:44   #38
markusg
/// Malware-holic
 
vermutlich Malware infiziert - Standard

vermutlich Malware infiziert


ist angekommen

Alt 22.09.2010, 20:44   #39
hamsta23
 
vermutlich Malware infiziert - Standard

vermutlich Malware infiziert


und was ist es?

Alt 24.09.2010, 16:30   #40
hamsta23
 
vermutlich Malware infiziert - Standard

vermutlich Malware infiziert


kann ich den ordner "movedfiles" löschen?

Alt 24.09.2010, 16:34   #41
markusg
/// Malware-holic
 
vermutlich Malware infiziert - Standard

vermutlich Malware infiziert


den ordner kannst du löschen

Antwort
Seite 3 von 3 12 3

Themen zu vermutlich Malware infiziert
antivir, antivirus, bho, dateisystem, explorer, firefox, firewall, g-data, helper, hijack, hijackthis, infiziert, internet, internet explorer, logfile, malware, nero.bat, object, plug-in, problem, programme, proxy, security, software, syswow64, windows, wmp, zugriff verweigert, öffnet


« über icq kontakt diesen .scr virus bekommen | Google Suchergebnisse und Links werden umgeleitet »


Ähnliche Themen: vermutlich Malware infiziert


  1. Laptop sehr langsam, vermutlich infiziert; Avast + Malewarebytes finden nichts (mehr)
    Plagegeister aller Art und deren Bekämpfung - 14.07.2016 (34)
  2. Malware trotz Neuinstallation vermutlich noch vorhanden
    Log-Analyse und Auswertung - 18.08.2015 (5)
  3. Windows Vista incredibar-search ASK-Toolbar vermutlich Malware, Rechner sehr langsam
    Log-Analyse und Auswertung - 28.04.2015 (11)
  4. Windows 7: Vermutlich Malware (istartsurf.com, Search Protect, ...?) heruntergeladen
    Log-Analyse und Auswertung - 28.08.2014 (15)
  5. Ich habe vermutlich Adware, Spyware und Malware auf meinem Rechner
    Plagegeister aller Art und deren Bekämpfung - 13.08.2014 (27)
  6. Vermutlich infiziert, "VIS_DE-2013-12-13.exe" (und mehr) gefunden
    Plagegeister aller Art und deren Bekämpfung - 15.02.2014 (17)
  7. vermutlich von einem Trojaner infiziert - TR/Crypt.XPACK.Gen3 wurde von Antivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 13.08.2013 (9)
  8. Malware trotz OS X Internet Reccovery - VM Malware? Ubuntu in EFI ? Win7 im gleichen Netz infiziert
    Alles rund um Mac OSX & Linux - 26.06.2013 (5)
  9. Datei Vodafone_MMS.jpg.exe ausgeführt, vermutlich Trojaner oder Malware
    Log-Analyse und Auswertung - 05.11.2012 (8)
  10. Google lädt nur sehr langsam und öffnet manchmal Werbeseiten (vermutlich durch Facebook infiziert)
    Log-Analyse und Auswertung - 02.11.2011 (8)
  11. Vermutlich Problem mit Malware/Viurs
    Log-Analyse und Auswertung - 18.03.2011 (19)
  12. Vermutlich Problem mit Viren oder Malware
    Log-Analyse und Auswertung - 07.03.2011 (35)
  13. vermutlich infiziert, geld von Itunes weg ect.
    Plagegeister aller Art und deren Bekämpfung - 30.10.2010 (9)
  14. Vermutlich Rechner infiziert / Symptome genau wie M3driver
    Plagegeister aller Art und deren Bekämpfung - 21.12.2009 (2)
  15. Vermutlich mit TR/Crypt.XPACK.Gen infiziert ...
    Plagegeister aller Art und deren Bekämpfung - 11.07.2009 (1)
  16. Hilfe bei der Auswertung des JiJackThis Log-File vermutlich Malware
    Mülltonne - 14.10.2008 (0)
  17. Hilfe bin infiziert vermutlich ntos.exe
    Plagegeister aller Art und deren Bekämpfung - 03.10.2007 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema vermutlich Malware infiziert - einfach nur auf scan klicken. wir entfernen nachher alles auf einen rutsch :-) - vermutlich Malware infiziert...
Archiv
Du betrachtest: vermutlich Malware infiziert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55