Trojaner TR/Kazy.mekml.1

Swisstreasure · 28.04.2011, 21:59

Welche Probleme bestehen dann aktuell noch?

gerry10 · 28.04.2011, 22:06

Die Taskleiste ist teilweise noch leer und auf dem Desktop sind auch noch nicht alle sachen.
Sonst gibts glaube ich keine Probleme mehr.

Swisstreasure · 29.04.2011, 15:10

Hast Du Regedit im Adminkonto aufgerufen:
http://www.trojaner-board.de/98343-t...tml#post648681

??

gerry10 · 29.04.2011, 15:34

Hab ich was, wo aufgerufen???

Swisstreasure · 29.04.2011, 15:44

Also du die Schritte machtest aus dem Beitrag 8. Die Regedit Geschichte.

gerry10 · 29.04.2011, 16:01

Da war doch das Problem, das ich auf dem Pfad nicht genau da hin kam wo ich hin sollte

Swisstreasure · 29.04.2011, 16:39

Jo und bist Du als Administrator angemeldet am System?

gerry10 · 29.04.2011, 16:42

Ja bin ich

gerry10 · 29.04.2011, 18:47

Hallo,
also jetzt komme ich bis zum ende des pfades aber da steht nichts von
"no desktop".

sondern nur das auf dem bild

Swisstreasure · 30.04.2011, 16:21

Gemäss dme Screenshot bist Du aber im Pfad EXPLORER/RUN. Aber schau wenn Du links nur bis zu EXPLORER gehst.

gerry10 · 30.04.2011, 16:27

der reiter ist nur bis da offen aber wenn du auf dem screenshot unten schaust, wo der pfad steht, bin ich richtig und auf RUN habe ich nicht geklickt.

Swisstreasure · 01.05.2011, 08:00

Update einmal Malwarebytes und scanne erneut. Poste das Log.

gerry10 · 01.05.2011, 17:30

hier ist der log

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6484

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

01.05.2011 18:28:59
mbam-log-2011-05-01 (18-28-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 413070
Laufzeit: 1 Stunde(n), 20 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Swisstreasure · 01.05.2011, 20:08

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

gerry10 · 02.05.2011, 17:54

hier das ergebnis und extra.txt gab es nicht

Code:

ATTFilter

OTL logfile created on: 02.05.2011 18:40:10 - Run 4
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Toni\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,65 Gb Total Space | 58,37 Gb Free Space | 40,92% Space Free | Partition Type: NTFS
Drive D: | 142,67 Gb Total Space | 22,03 Gb Free Space | 15,44% Space Free | Partition Type: NTFS
 
Computer Name: TONIS-SCHLEPPI | User Name: Toni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Users\Toni\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Users\Toni\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Air Mouse\Air Mouse\Air Mouse.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Programme\XSManager\WTGService.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\maxdome\DCBin\DCService.exe (Entriq, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
PRC - C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Toni\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (WTGService) -- C:\Programme\XSManager\WTGService.exe ()
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Prosieben) -- C:\Program Files\maxdome\DCBin\DCService.exe (Entriq, Inc.)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (TDslMgrService) -- C:\Program Files\T-Online\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH)
SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (NeroMediaHomeService.4) -- C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (cmnsusbser) -- C:\Windows\System32\drivers\cmnsusbser.sys (Mobile Connector)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LHidEqd) -- C:\Windows\System32\drivers\LHidEqd.sys (Logitech, Inc.)
DRV - (LEqdUsb) -- C:\Windows\System32\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) -- C:\Windows\System32\drivers\s217unic.sys (MCCI)
DRV - (s217obex) -- C:\Windows\System32\drivers\s217obex.sys (MCCI Corporation)
DRV - (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) -- C:\Windows\System32\drivers\s217nd5.sys (MCCI Corporation)
DRV - (s217mdm) -- C:\Windows\System32\drivers\s217mdm.sys (MCCI Corporation)
DRV - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\Windows\System32\drivers\s217bus.sys (MCCI Corporation)
DRV - (s217mdfl) -- C:\Windows\System32\drivers\s217mdfl.sys (MCCI Corporation)
DRV - (dsltestSp5) -- C:\Windows\System32\drivers\DslTestSp5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (DslMNLwf) -- C:\Windows\System32\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_5930
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
 
 
[2009.08.21 20:58:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toni\AppData\Roaming\mozilla\Extensions
[2009.08.21 20:58:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toni\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2008.11.26 16:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
 
O1 HOSTS File: ([2011.04.28 22:25:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} -  File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: gamepoint.de ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: navigram.com ([www] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {162247AF-26A7-44FC-A93A-69506EA244F3} https://account.maxdome.de/presentation/script/HWTest.CAB (HWTest.HWTestControl)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan-canvasx.cab (JordanUploader Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226775789563 (MUWebControl Class)
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v911/Navigram.cab (Navigram Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {98474E4F-5229-4CAC-9E28-6D52D992268D} hxxp://kpscdhaendler.ar-live.de/afc-frontend/main/Setup_AFC_ONLINE_2_7_0_3_STANDARD.cab (AS_AR_Control Light Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O24 - Desktop WallPaper: C:\Users\Toni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Toni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.28 23:08:33 | 000,000,000 | ---D | C] -- C:\Users\Toni\Desktop\Virenprogramme
[2011.04.28 22:34:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.04.28 22:34:50 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Local\temp
[2011.04.28 22:34:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.04.28 22:16:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.04.28 22:16:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.04.28 22:16:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.04.28 22:15:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.04.28 22:15:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.04.27 21:14:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.27 21:14:13 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.04.27 21:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.04.27 20:57:16 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Toni\Desktop\OTL.exe
[2011.04.27 17:22:07 | 000,000,000 | ---D | C] -- C:\Users\Toni\AppData\Roaming\Malwarebytes
[2011.04.27 17:22:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.27 17:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.27 17:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.27 17:21:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.27 17:21:55 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.19 07:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.04.19 07:46:24 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.04.19 07:46:21 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.04.19 07:44:17 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2008.10.17 05:15:36 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.02 18:40:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4CA0E136-6AAF-4555-9DA6-79992AB719F2}.job
[2011.05.02 18:00:01 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2011.05.02 16:53:56 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.02 16:53:56 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.02 16:53:55 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.02 16:53:55 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.02 16:46:32 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011.05.02 16:46:31 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.05.02 16:46:18 | 000,169,830 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.05.02 16:46:17 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.02 16:46:17 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.02 16:46:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.02 16:45:57 | 3215,839,232 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.02 09:07:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.30 21:42:37 | 000,169,830 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.04.29 19:41:11 | 002,055,938 | ---- | M] () -- C:\Users\Toni\Desktop\IMG_0154.JPG
[2011.04.28 23:30:31 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.04.28 23:30:31 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.04.28 23:30:25 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.04.28 23:29:58 | 000,001,835 | ---- | M] () -- C:\Users\Toni\Desktop\Avira AntiVir.lnk
[2011.04.28 23:26:49 | 000,001,880 | ---- | M] () -- C:\Users\Toni\Desktop\Skype.lnk
[2011.04.28 23:26:29 | 000,002,687 | ---- | M] () -- C:\Users\Toni\Desktop\Microsoft Office Excel 2007.lnk
[2011.04.28 23:26:22 | 000,002,681 | ---- | M] () -- C:\Users\Toni\Desktop\Microsoft Office Word 2007.lnk
[2011.04.28 23:26:09 | 000,001,862 | ---- | M] () -- C:\Users\Toni\Desktop\maxdome Download Manager.lnk
[2011.04.28 23:25:57 | 000,001,809 | ---- | M] () -- C:\Users\Toni\Desktop\Maus- und Tastatureinstellungen.lnk
[2011.04.28 23:25:47 | 000,001,686 | ---- | M] () -- C:\Users\Toni\Desktop\iTunes.lnk
[2011.04.28 23:25:17 | 000,001,879 | ---- | M] () -- C:\Users\Toni\Desktop\CD-LabelPrint.lnk
[2011.04.28 23:25:06 | 000,001,848 | ---- | M] () -- C:\Users\Toni\Desktop\Solution Menu.lnk
[2011.04.28 23:24:59 | 000,001,820 | ---- | M] () -- C:\Users\Toni\Desktop\My Printer.lnk
[2011.04.28 23:24:52 | 000,001,904 | ---- | M] () -- C:\Users\Toni\Desktop\MP Navigator EX 3.0.lnk
[2011.04.28 23:24:44 | 000,001,902 | ---- | M] () -- C:\Users\Toni\Desktop\Easy-PhotoPrint EX.lnk
[2011.04.28 22:25:24 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.04.27 23:34:32 | 000,000,020 | ---- | M] () -- C:\Users\Toni\defogger_reenable
[2011.04.27 20:57:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Toni\Desktop\OTL.exe
[2011.04.27 08:30:20 | 000,130,048 | ---- | M] () -- C:\Users\Toni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.14 16:40:15 | 000,343,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.13 21:41:12 | 000,000,104 | ---- | M] () -- C:\Users\Toni\Desktop\E-Mail.lnk
[2011.04.05 07:31:32 | 000,001,441 | ---- | M] () -- C:\Users\Toni\Desktop\DivX Movies.lnk
 
========== Files Created - No Company Name ==========
 
[2011.04.29 19:44:44 | 002,055,938 | ---- | C] () -- C:\Users\Toni\Desktop\IMG_0154.JPG
[2011.04.28 23:30:25 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.04.28 23:29:58 | 000,001,835 | ---- | C] () -- C:\Users\Toni\Desktop\Avira AntiVir.lnk
[2011.04.28 23:26:49 | 000,001,880 | ---- | C] () -- C:\Users\Toni\Desktop\Skype.lnk
[2011.04.28 23:26:29 | 000,002,687 | ---- | C] () -- C:\Users\Toni\Desktop\Microsoft Office Excel 2007.lnk
[2011.04.28 23:26:22 | 000,002,681 | ---- | C] () -- C:\Users\Toni\Desktop\Microsoft Office Word 2007.lnk
[2011.04.28 23:26:09 | 000,001,862 | ---- | C] () -- C:\Users\Toni\Desktop\maxdome Download Manager.lnk
[2011.04.28 23:25:57 | 000,001,809 | ---- | C] () -- C:\Users\Toni\Desktop\Maus- und Tastatureinstellungen.lnk
[2011.04.28 23:25:47 | 000,001,686 | ---- | C] () -- C:\Users\Toni\Desktop\iTunes.lnk
[2011.04.28 23:25:17 | 000,001,879 | ---- | C] () -- C:\Users\Toni\Desktop\CD-LabelPrint.lnk
[2011.04.28 23:25:06 | 000,001,848 | ---- | C] () -- C:\Users\Toni\Desktop\Solution Menu.lnk
[2011.04.28 23:24:59 | 000,001,820 | ---- | C] () -- C:\Users\Toni\Desktop\My Printer.lnk
[2011.04.28 23:24:52 | 000,001,904 | ---- | C] () -- C:\Users\Toni\Desktop\MP Navigator EX 3.0.lnk
[2011.04.28 23:24:44 | 000,001,902 | ---- | C] () -- C:\Users\Toni\Desktop\Easy-PhotoPrint EX.lnk
[2011.04.28 22:16:09 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.04.28 22:16:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.04.28 22:16:09 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.04.28 22:16:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.04.28 22:16:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.04.27 23:34:19 | 000,000,020 | ---- | C] () -- C:\Users\Toni\defogger_reenable
[2011.04.13 21:41:12 | 000,000,104 | ---- | C] () -- C:\Users\Toni\Desktop\E-Mail.lnk
[2011.04.05 07:31:32 | 000,001,441 | ---- | C] () -- C:\Users\Toni\Desktop\DivX Movies.lnk
[2011.01.26 22:57:11 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.01.26 22:57:09 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.01.26 22:57:09 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.01.26 22:57:09 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.07.25 14:27:41 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.22 08:59:31 | 000,000,016 | ---- | C] () -- C:\Users\Toni\AppData\Roaming\kcmdte.dat
[2010.01.29 09:59:15 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll
[2010.01.29 09:59:15 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll
[2010.01.29 09:53:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2010.01.29 09:53:02 | 000,002,412 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010.01.16 18:26:09 | 000,007,592 | ---- | C] () -- C:\Users\Toni\AppData\Local\d3d9caps.dat
[2009.10.31 16:21:19 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.10.30 09:23:22 | 000,000,032 | ---- | C] () -- C:\Windows\azeugnis.INI
[2009.09.12 09:49:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.12 09:49:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.04.08 20:52:04 | 000,208,896 | ---- | C] () -- C:\Windows\System32\OptCVw7.dll
[2009.04.08 20:52:04 | 000,172,032 | ---- | C] () -- C:\Windows\System32\OptCVm6.dll
[2009.04.08 20:52:04 | 000,114,749 | ---- | C] () -- C:\Windows\System32\cxts001.dll
[2009.04.08 20:52:04 | 000,057,400 | ---- | C] () -- C:\Windows\System32\trs.dll
[2009.04.08 20:52:03 | 000,200,704 | ---- | C] () -- C:\Windows\System32\OptCVa6.dll
[2009.04.08 20:51:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\BS_Register.exe
[2009.02.28 21:01:43 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.12.21 20:51:20 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe
[2008.12.21 20:51:20 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008.12.21 20:51:19 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe
[2008.12.21 20:51:18 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe
[2008.12.21 20:51:18 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe
[2008.11.01 22:41:16 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2008.10.30 11:40:15 | 000,130,048 | ---- | C] () -- C:\Users\Toni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.30 09:55:40 | 000,024,064 | ---- | C] () -- C:\Users\Toni\AppData\Roaming\UserTile.png
[2008.10.29 15:36:18 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.10.29 14:39:17 | 000,169,830 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.10.29 14:36:20 | 000,169,830 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.10.29 13:23:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.16 19:38:13 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.10.16 19:36:14 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008.10.16 19:34:44 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008.10.16 19:34:44 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008.10.16 19:34:44 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2008.10.16 19:34:44 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008.10.16 19:30:49 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.10.16 19:30:49 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.10.16 19:30:49 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.10.16 19:30:49 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.10.16 19:26:41 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.07.23 18:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.05.08 05:32:19 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.05.08 05:32:19 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.05.08 05:32:19 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.05.08 05:32:19 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.05.07 20:06:49 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.05.07 20:03:50 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.05.07 20:03:50 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.04.30 10:09:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.04.30 10:09:01 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.04.30 10:09:01 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.04.30 10:09:01 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2007.05.02 18:43:30 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2007.05.02 18:43:30 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
[2007.01.26 08:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,343,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.16 07:58:14 | 000,086,016 | ---- | C] () -- C:\Windows\System32\aspolyzt.dll
[2006.06.29 12:44:32 | 001,826,304 | ---- | C] () -- C:\Windows\System32\asconv3d.dll
[2006.03.23 09:24:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\as_tree2.dll
[2005.07.06 11:59:58 | 000,028,672 | ---- | C] () -- C:\Windows\System32\asdrawli.dll
[2005.07.04 14:17:30 | 000,069,632 | ---- | C] () -- C:\Windows\System32\ASDRAWMA.DLL
[2004.08.17 16:34:52 | 000,036,864 | ---- | C] () -- C:\Windows\System32\AS_SORT.DLL
[2003.05.22 11:31:44 | 000,033,792 | ---- | C] () -- C:\Windows\System32\ASDRAW32.DLL
[2002.07.12 15:29:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\AS_MDB32.DLL
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[2001.06.06 10:59:04 | 000,209,612 | ---- | C] () -- C:\Windows\System32\as_fconv.exe
[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2008.11.15 21:59:37 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Acer
[2008.05.07 20:02:23 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Acer GameZone Console
[2009.04.08 15:44:57 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\ASCON Installer
[2009.04.08 15:48:40 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\ASCON Programme
[2008.12.21 20:28:40 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Ashampoo
[2008.11.04 23:26:41 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Big Fish Games
[2008.11.01 22:44:35 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Buhl Data Service
[2010.12.15 14:52:06 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Canon
[2010.11.21 01:21:47 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Cool Record Edit Deluxe
[2008.12.13 18:43:15 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\CoSoSys
[2008.10.29 17:53:33 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\DAEMON Tools
[2011.02.12 20:56:40 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\elsterformular
[2008.10.29 15:47:10 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\eSobi
[2008.11.01 13:39:56 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Flood Light Games
[2008.10.29 16:07:12 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\FloodLightGames
[2010.12.15 12:38:59 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\FRITZ!
[2010.08.17 21:18:35 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Leadertech
[2009.05.31 10:26:44 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\LG Electronics
[2008.11.29 23:06:03 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\LimeWire
[2008.11.29 23:11:14 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\PeerNetworking
[2008.10.29 23:33:48 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\PlayFirst
[2011.04.01 21:27:02 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Simfy
[2009.02.01 14:24:30 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\T-Online
[2009.08.21 20:58:54 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\TomTom
[2008.10.29 13:09:38 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\TuneUp Software
[2008.11.26 11:12:30 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\TVcentral-Core
[2009.08.31 11:39:50 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Vodafone
[2010.10.16 18:47:03 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\XSManager
[2011.05.02 18:00:01 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2011.05.02 09:07:51 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.05.02 18:40:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4CA0E136-6AAF-4555-9DA6-79992AB719F2}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2009.11.10 10:18:08 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2008.10.27 11:38:10 | 001,348,370 | ---- | M] () -- C:\Apr2005_d3dx9_25_x64.cab
[2008.10.27 11:38:08 | 001,079,978 | ---- | M] () -- C:\Apr2005_d3dx9_25_x86.cab
[2008.10.27 11:38:12 | 001,398,846 | ---- | M] () -- C:\Apr2006_d3dx9_30_x64.cab
[2008.10.27 11:38:10 | 001,116,237 | ---- | M] () -- C:\Apr2006_d3dx9_30_x86.cab
[2008.10.27 11:38:04 | 000,917,446 | ---- | M] () -- C:\Apr2006_MDX1_x86.cab
[2008.10.27 11:38:20 | 004,163,646 | ---- | M] () -- C:\Apr2006_MDX1_x86_Archive.cab
[2008.10.27 11:37:46 | 000,180,149 | ---- | M] () -- C:\Apr2006_XACT_x64.cab
[2008.10.27 11:37:38 | 000,134,119 | ---- | M] () -- C:\Apr2006_XACT_x86.cab
[2008.10.27 11:38:02 | 000,088,117 | ---- | M] () -- C:\Apr2006_xinput_x64.cab
[2008.10.27 11:38:00 | 000,047,026 | ---- | M] () -- C:\Apr2006_xinput_x86.cab
[2008.10.27 11:38:00 | 000,699,628 | ---- | M] () -- C:\APR2007_d3dx10_33_x64.cab
[2008.10.27 11:37:58 | 000,696,881 | ---- | M] () -- C:\APR2007_d3dx10_33_x86.cab
[2008.10.27 11:38:18 | 001,608,374 | ---- | M] () -- C:\APR2007_d3dx9_33_x64.cab
[2008.10.27 11:38:16 | 001,607,055 | ---- | M] () -- C:\APR2007_d3dx9_33_x86.cab
[2008.10.27 11:37:48 | 000,196,782 | ---- | M] () -- C:\APR2007_XACT_x64.cab
[2008.10.27 11:37:44 | 000,152,241 | ---- | M] () -- C:\APR2007_XACT_x86.cab
[2008.10.27 11:38:08 | 000,097,833 | ---- | M] () -- C:\APR2007_xinput_x64.cab
[2008.10.27 11:38:02 | 000,054,318 | ---- | M] () -- C:\APR2007_xinput_x86.cab
[2008.10.27 11:38:12 | 001,351,558 | ---- | M] () -- C:\Aug2005_d3dx9_27_x64.cab
[2008.10.27 11:38:08 | 001,078,660 | ---- | M] () -- C:\Aug2005_d3dx9_27_x86.cab
[2008.10.27 11:37:48 | 000,183,919 | ---- | M] () -- C:\AUG2006_XACT_x64.cab
[2008.10.27 11:37:42 | 000,138,251 | ---- | M] () -- C:\AUG2006_XACT_x86.cab
[2008.10.27 11:38:02 | 000,088,158 | ---- | M] () -- C:\AUG2006_xinput_x64.cab
[2008.10.27 11:38:02 | 000,047,074 | ---- | M] () -- C:\AUG2006_xinput_x86.cab
[2008.10.27 11:38:04 | 000,853,302 | ---- | M] () -- C:\AUG2007_d3dx10_35_x64.cab
[2008.10.27 11:38:00 | 000,797,883 | ---- | M] () -- C:\AUG2007_d3dx10_35_x86.cab
[2008.10.27 11:38:18 | 001,801,176 | ---- | M] () -- C:\AUG2007_d3dx9_35_x64.cab
[2008.10.27 11:38:18 | 001,709,168 | ---- | M] () -- C:\AUG2007_d3dx9_35_x86.cab
[2008.10.27 11:37:52 | 000,199,112 | ---- | M] () -- C:\AUG2007_XACT_x64.cab
[2008.10.27 11:37:46 | 000,154,028 | ---- | M] () -- C:\AUG2007_XACT_x86.cab
[2008.10.27 11:38:04 | 000,868,628 | ---- | M] () -- C:\Aug2008_d3dx10_39_x64.cab
[2008.10.27 11:38:02 | 000,850,183 | ---- | M] () -- C:\Aug2008_d3dx10_39_x86.cab
[2008.10.27 11:38:18 | 001,795,100 | ---- | M] () -- C:\Aug2008_d3dx9_39_x64.cab
[2008.10.27 11:38:14 | 001,465,688 | ---- | M] () -- C:\Aug2008_d3dx9_39_x86.cab
[2008.10.27 11:37:40 | 000,122,840 | ---- | M] () -- C:\Aug2008_XACT_x64.cab
[2008.10.27 11:38:02 | 000,094,028 | ---- | M] () -- C:\Aug2008_XACT_x86.cab
[2008.10.27 11:37:58 | 000,272,384 | ---- | M] () -- C:\Aug2008_XAudio_x64.cab
[2008.10.27 11:37:58 | 000,270,858 | ---- | M] () -- C:\Aug2008_XAudio_x86.cab
[2008.10.27 11:38:10 | 001,156,507 | ---- | M] () -- C:\BDANT.cab
[2008.10.27 11:38:04 | 000,976,164 | ---- | M] () -- C:\BDAXP.cab
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.02.06 01:25:41 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011.04.28 22:34:48 | 000,020,272 | ---- | M] () -- C:\ComboFix.txt
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008.10.27 11:38:14 | 001,358,992 | ---- | M] () -- C:\Dec2005_d3dx9_28_x64.cab
[2008.10.27 11:38:10 | 001,080,472 | ---- | M] () -- C:\Dec2005_d3dx9_28_x86.cab
[2008.10.27 11:37:50 | 000,213,823 | ---- | M] () -- C:\DEC2006_d3dx10_00_x64.cab
[2008.10.27 11:37:48 | 000,192,736 | ---- | M] () -- C:\DEC2006_d3dx10_00_x86.cab
[2008.10.27 11:38:16 | 001,572,170 | ---- | M] () -- C:\DEC2006_d3dx9_32_x64.cab
[2008.10.27 11:38:16 | 001,575,392 | ---- | M] () -- C:\DEC2006_d3dx9_32_x86.cab
[2008.10.27 11:37:50 | 000,193,491 | ---- | M] () -- C:\DEC2006_XACT_x64.cab
[2008.10.27 11:37:42 | 000,146,615 | ---- | M] () -- C:\DEC2006_XACT_x86.cab
[2008.10.27 11:38:54 | 000,095,056 | ---- | M] (Microsoft Corporation) -- C:\DSETUP.dll
[2008.10.27 11:37:34 | 001,692,496 | ---- | M] (Microsoft Corporation) -- C:\dsetup32.dll
[2008.10.27 11:38:04 | 000,045,464 | ---- | M] () -- C:\dxdllreg_x86.cab
[2008.10.27 11:38:20 | 013,265,184 | ---- | M] () -- C:\dxnt.cab
[2008.10.27 11:36:58 | 000,526,160 | ---- | M] (Microsoft Corporation) -- C:\DXSETUP.exe
[2008.10.27 11:38:04 | 000,096,053 | ---- | M] () -- C:\dxupdate.cab
[2008.10.27 11:38:10 | 001,248,515 | ---- | M] () -- C:\Feb2005_d3dx9_24_x64.cab
[2008.10.27 11:38:08 | 001,014,241 | ---- | M] () -- C:\Feb2005_d3dx9_24_x86.cab
[2008.10.27 11:38:14 | 001,363,812 | ---- | M] () -- C:\Feb2006_d3dx9_29_x64.cab
[2008.10.27 11:38:08 | 001,085,736 | ---- | M] () -- C:\Feb2006_d3dx9_29_x86.cab
[2008.10.27 11:37:46 | 000,179,375 | ---- | M] () -- C:\Feb2006_XACT_x64.cab
[2008.10.27 11:37:40 | 000,133,425 | ---- | M] () -- C:\Feb2006_XACT_x86.cab
[2008.10.27 11:37:48 | 000,195,691 | ---- | M] () -- C:\FEB2007_XACT_x64.cab
[2008.10.27 11:37:42 | 000,148,999 | ---- | M] () -- C:\FEB2007_XACT_x86.cab
[2011.05.02 16:45:57 | 3215,839,232 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.27 18:43:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.03.16 15:21:00 | 000,470,480 | ---- | M] (IPLabs GmbH) -- C:\JordanApplet.dll
[2008.10.27 11:38:10 | 001,337,018 | ---- | M] () -- C:\Jun2005_d3dx9_26_x64.cab
[2008.10.27 11:38:08 | 001,065,941 | ---- | M] () -- C:\Jun2005_d3dx9_26_x86.cab
[2008.10.27 11:37:46 | 000,181,801 | ---- | M] () -- C:\JUN2006_XACT_x64.cab
[2008.10.27 11:37:40 | 000,134,687 | ---- | M] () -- C:\JUN2006_XACT_x86.cab
[2008.10.27 11:38:00 | 000,700,060 | ---- | M] () -- C:\JUN2007_d3dx10_34_x64.cab
[2008.10.27 11:37:58 | 000,699,488 | ---- | M] () -- C:\JUN2007_d3dx10_34_x86.cab
[2008.10.27 11:38:16 | 001,608,790 | ---- | M] () -- C:\JUN2007_d3dx9_34_x64.cab
[2008.10.27 11:38:16 | 001,608,302 | ---- | M] () -- C:\JUN2007_d3dx9_34_x86.cab
[2008.10.27 11:37:50 | 000,198,138 | ---- | M] () -- C:\JUN2007_XACT_x64.cab
[2008.10.27 11:37:44 | 000,153,925 | ---- | M] () -- C:\JUN2007_XACT_x86.cab
[2008.10.27 11:38:04 | 000,868,844 | ---- | M] () -- C:\JUN2008_d3dx10_38_x64.cab
[2008.10.27 11:38:04 | 000,850,935 | ---- | M] () -- C:\JUN2008_d3dx10_38_x86.cab
[2008.10.27 11:38:18 | 001,793,624 | ---- | M] () -- C:\JUN2008_d3dx9_38_x64.cab
[2008.10.27 11:38:14 | 001,464,894 | ---- | M] () -- C:\JUN2008_d3dx9_38_x86.cab
[2008.10.27 11:38:02 | 000,056,170 | ---- | M] () -- C:\JUN2008_X3DAudio_x64.cab
[2008.10.27 11:38:02 | 000,022,921 | ---- | M] () -- C:\JUN2008_X3DAudio_x86.cab
[2008.10.27 11:37:40 | 000,122,070 | ---- | M] () -- C:\JUN2008_XACT_x64.cab
[2008.10.27 11:38:04 | 000,094,144 | ---- | M] () -- C:\JUN2008_XACT_x86.cab
[2008.10.27 11:37:58 | 000,270,644 | ---- | M] () -- C:\JUN2008_XAudio_x64.cab
[2008.10.27 11:37:52 | 000,270,040 | ---- | M] () -- C:\JUN2008_XAudio_x86.cab
[2008.10.27 11:38:02 | 000,845,900 | ---- | M] () -- C:\Mar2008_d3dx10_37_x64.cab
[2008.10.27 11:38:02 | 000,819,276 | ---- | M] () -- C:\Mar2008_d3dx10_37_x86.cab
[2008.10.27 11:38:18 | 001,770,878 | ---- | M] () -- C:\Mar2008_d3dx9_37_x64.cab
[2008.10.27 11:38:12 | 001,444,298 | ---- | M] () -- C:\Mar2008_d3dx9_37_x86.cab
[2008.10.27 11:38:02 | 000,056,074 | ---- | M] () -- C:\Mar2008_X3DAudio_x64.cab
[2008.10.27 11:38:00 | 000,022,883 | ---- | M] () -- C:\Mar2008_X3DAudio_x86.cab
[2008.10.27 11:37:40 | 000,123,352 | ---- | M] () -- C:\Mar2008_XACT_x64.cab
[2008.10.27 11:38:08 | 000,094,750 | ---- | M] () -- C:\Mar2008_XACT_x86.cab
[2008.10.27 11:37:52 | 000,252,210 | ---- | M] () -- C:\Mar2008_XAudio_x64.cab
[2008.10.27 11:37:52 | 000,227,266 | ---- | M] () -- C:\Mar2008_XAudio_x86.cab
[2008.10.16 19:30:37 | 000,000,020 | ---- | M] () -- C:\Medion.ini
[2010.11.27 18:43:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007.03.12 18:59:00 | 000,299,008 | ---- | M] () -- C:\navigram_register.exe
[2008.10.27 11:38:04 | 000,865,616 | ---- | M] () -- C:\Nov2007_d3dx10_36_x64.cab
[2008.10.27 11:38:00 | 000,804,900 | ---- | M] () -- C:\Nov2007_d3dx10_36_x86.cab
[2008.10.27 11:38:20 | 001,803,074 | ---- | M] () -- C:\Nov2007_d3dx9_36_x64.cab
[2008.10.27 11:38:18 | 001,710,376 | ---- | M] () -- C:\Nov2007_d3dx9_36_x86.cab
[2008.10.27 11:38:02 | 000,047,160 | ---- | M] () -- C:\NOV2007_X3DAudio_x64.cab
[2008.10.27 11:38:02 | 000,019,512 | ---- | M] () -- C:\NOV2007_X3DAudio_x86.cab
[2008.10.27 11:37:48 | 000,197,778 | ---- | M] () -- C:\NOV2007_XACT_x64.cab
[2008.10.27 11:37:42 | 000,149,280 | ---- | M] () -- C:\NOV2007_XACT_x86.cab
[2008.10.27 11:38:08 | 000,995,154 | ---- | M] () -- C:\Nov2008_d3dx10_40_x64.cab
[2008.10.27 11:38:04 | 000,966,445 | ---- | M] () -- C:\Nov2008_d3dx10_40_x86.cab
[2008.10.27 11:38:20 | 001,907,944 | ---- | M] () -- C:\Nov2008_d3dx9_40_x64.cab
[2008.10.27 11:38:14 | 001,551,228 | ---- | M] () -- C:\Nov2008_d3dx9_40_x86.cab
[2008.10.27 11:38:04 | 000,055,538 | ---- | M] () -- C:\Nov2008_X3DAudio_x64.cab
[2008.10.27 11:38:02 | 000,022,867 | ---- | M] () -- C:\Nov2008_X3DAudio_x86.cab
[2008.10.27 11:38:08 | 000,122,810 | ---- | M] () -- C:\Nov2008_XACT_x64.cab
[2008.10.27 11:38:02 | 000,093,700 | ---- | M] () -- C:\Nov2008_XACT_x86.cab
[2008.10.27 11:37:54 | 000,274,976 | ---- | M] () -- C:\Nov2008_XAudio_x64.cab
[2008.10.27 11:37:54 | 000,273,627 | ---- | M] () -- C:\Nov2008_XAudio_x86.cab
[2008.10.27 11:38:02 | 000,087,053 | ---- | M] () -- C:\Oct2005_xinput_x64.cab
[2008.10.27 11:38:02 | 000,046,375 | ---- | M] () -- C:\Oct2005_xinput_x86.cab
[2008.10.27 11:38:14 | 001,413,918 | ---- | M] () -- C:\OCT2006_d3dx9_31_x64.cab
[2008.10.27 11:38:10 | 001,128,233 | ---- | M] () -- C:\OCT2006_d3dx9_31_x86.cab
[2008.10.27 11:37:48 | 000,183,377 | ---- | M] () -- C:\OCT2006_XACT_x64.cab
[2008.10.27 11:37:42 | 000,139,033 | ---- | M] () -- C:\OCT2006_XACT_x86.cab
[2011.05.02 16:45:56 | 3529,629,696 | -HS- | M] () -- C:\pagefile.sys
[2008.10.16 19:27:07 | 000,000,058 | ---- | M] () -- C:\Partition.txt
[2008.08.28 07:49:24 | 000,004,676 | -HS- | M] () -- C:\Patch.rev
[2008.10.17 05:05:05 | 000,000,147 | RHS- | M] () -- C:\preload.rev
[2009.02.06 15:04:15 | 000,000,091 | ---- | M] () -- C:\PS.log
[2008.10.16 19:31:34 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2011.04.27 18:11:42 | 000,069,572 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_27.04.2011_18.06.39_log.txt
[2011.04.28 22:02:49 | 000,068,910 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_28.04.2011_22.02.02_log.txt
[2009.04.15 07:59:58 | 000,004,863 | ---- | M] () -- C:\WirelessDiagLog.csv
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.09.13 12:15:15 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009.05.26 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPDA2.DLL
[2009.05.26 05:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPPA2.DLL
[2006.11.02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2010.10.23 22:42:46 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-29 17:26:43
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D88D995C

< End of report >

28.04.2011, 21:59	#16
Swisstreasure /// Malwareteam	Trojaner TR/Kazy.mekml.1 Welche Probleme bestehen dann aktuell noch?

29.04.2011, 15:10	#18
Swisstreasure /// Malwareteam	Trojaner TR/Kazy.mekml.1 Hast Du Regedit im Adminkonto aufgerufen: http://www.trojaner-board.de/98343-t...tml#post648681 ?? __________________

29.04.2011, 15:44	#20
Swisstreasure /// Malwareteam	Trojaner TR/Kazy.mekml.1 Also du die Schritte machtest aus dem Beitrag 8. Die Regedit Geschichte.

29.04.2011, 16:39	#22
Swisstreasure /// Malwareteam	Trojaner TR/Kazy.mekml.1 Jo und bist Du als Administrator angemeldet am System?

30.04.2011, 16:21	#25
Swisstreasure /// Malwareteam	Trojaner TR/Kazy.mekml.1 Gemäss dme Screenshot bist Du aber im Pfad EXPLORER/RUN. Aber schau wenn Du links nur bis zu EXPLORER gehst.

Trojaner TR/Kazy.mekml.1

Log-Analyse und Auswertung: Trojaner TR/Kazy.mekml.1