Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
BDS/Cycbot.B.1491 + TR/Kazy.16727.1 + TR/Crypt.ZPACK.Gen

BDS/Cycbot.B.1491 + TR/Kazy.16727.1 + TR/Crypt.ZPACK.Gen


Log-Analyse und Auswertung: BDS/Cycbot.B.1491 + TR/Kazy.16727.1 + TR/Crypt.ZPACK.Gen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 01.05.2011, 12:39   #1
crow_
 
BDS/Cycbot.B.1491 + TR/Kazy.16727.1 + TR/Crypt.ZPACK.Gen - Pfeil

BDS/Cycbot.B.1491 + TR/Kazy.16727.1 + TR/Crypt.ZPACK.Gen


Hallo zusammen,

mein Bruder hat sich auf seinem Netbook Trojaner/Malware eingefangen die recht umfangreiche Änderungen im System vorgenommen hatte: Sämtliche Ordner waren versteckt und ausgeblendet, im IE wurde ein Proxy-Server festgelegt und bei jedem Neu-Start öffnete sich ein "Windows-Recovery"-Programm das ohne Ende Virus- und kritische Fehlermeldungen auswarf. Außerdem stürzte das Netbook regelmäßig nach kurzer Zeit ab.

AntiVir hat die ausführenden "Schädlinge" wie folgt identifiziert:
Information\_restore{31977D89-4CE6-4C66-8D8E-4A9FA1DDE700}\RP168\A0055525.exe'
enthielt einen Virus oder unerwünschtes Programm 'BDS/Cycbot.B.1491' [backdoor].

In der Datei 'C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sCRrtWXnjAgI.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.16727.1' [trojan] gefunden.

In der Datei 'C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18210612.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden.


Diese Dateien habe ich mit KillBox entfernt, seit dem ist Ruhe. Keine Symptome mehr. Danach habe ich noch SpybotSD laufen lassen, der 1 Problem meldete und behob. Leider, Asche auf mein Haupt, weiß ich nicht mehr welches Problem Spybot entdeckt hatte und Spybot scheint standardmäßig keine Reports zu schreiben, zumindest finde ich keinen. Ein 2. Spybot lauf zeigte kein Problem mehr an.

Ich bezweifle aber, dass jetzt schon alles wieder sauber ist, und würde gern sicher gehen. Könnte sich jemand mal die Logs ansehen?

OTL:
Code:
ATTFilter
OTL logfile created on: 01.05.2011 00:55:15 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Tim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 407,00 Mb Available Physical Memory | 40,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 72,06 Gb Total Space | 19,33 Gb Free Space | 26,83% Space Free | Partition Type: NTFS
Drive D: | 72,05 Gb Total Space | 46,24 Gb Free Space | 64,18% Space Free | Partition Type: NTFS
 
Computer Name: TIM85 | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.01 00:43:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tim\Desktop\OTL.exe
PRC - [2011.03.18 19:56:37 | 000,924,632 | -H-- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.03.16 22:19:46 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.12.14 17:44:20 | 000,216,456 | -H-- | M] (Geek Software GmbH) -- C:\Programme\pdf24\pdf24.exe
PRC - [2010.11.16 11:35:01 | 000,135,336 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.16 11:35:00 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.08.20 21:45:26 | 001,164,584 | -H-- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.01.29 12:18:52 | 000,751,592 | -H-- | M] () -- C:\Programme\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | -H-- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.13 21:51:49 | 000,386,872 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\jucheck.exe
PRC - [2009.12.27 21:27:01 | 000,557,056 | -H-- | M] (BitLeader) -- C:\Programme\lg_fwupdate\fwupdate.exe
PRC - [2009.07.27 16:58:38 | 000,397,312 | -H-- | M] () -- C:\Programme\ASUS\Eee Docking\Eee Docking.exe
PRC - [2009.04.16 19:46:30 | 000,630,784 | -H-- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2009.04.16 18:58:54 | 000,118,784 | -H-- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsTray.exe
PRC - [2009.03.25 10:43:40 | 000,376,832 | -H-- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2009.03.13 16:15:02 | 000,098,304 | -H-- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsEPCMon.exe
PRC - [2009.01.26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.13 12:28:46 | 001,528,608 | -H-- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.10.26 14:40:34 | 000,335,872 | -H-- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.01 00:43:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tim\Desktop\OTL.exe
MOD - [2010.08.23 18:11:46 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010.02.09 22:48:00 | 000,043,232 | -H-- | M] (Autodesk, Inc.) -- C:\WINDOWS\system32\AcSignIcon.dll
MOD - [2010.02.09 22:47:42 | 000,515,808 | -H-- | M] (Autodesk, Inc.) -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\AcSignCore16.dll
MOD - [2009.07.12 01:12:06 | 000,632,656 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009.07.12 00:02:02 | 003,780,424 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
MOD - [2009.07.12 00:02:02 | 000,653,120 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009.07.12 00:02:00 | 000,569,664 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2009.07.12 00:02:00 | 000,063,296 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
MOD - [2006.12.01 23:56:00 | 000,096,256 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.05.01 00:46:25 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2011.03.16 22:19:46 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.02.13 13:38:58 | 001,045,256 | -H-- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.11.16 11:35:01 | 000,135,336 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.01.15 14:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.01.13 12:28:46 | 001,528,608 | -H-- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007.08.24 04:19:12 | 000,443,776 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.26 14:40:34 | 000,335,872 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.16 22:19:46 | 000,137,656 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.23 01:48:55 | 000,061,960 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.07.06 11:48:02 | 000,011,448 | -H-- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009.05.11 12:49:19 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.27 13:26:44 | 005,074,944 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.03.13 23:05:26 | 001,528,928 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009.03.13 16:32:18 | 001,759,616 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009.03.02 07:03:47 | 000,038,912 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009.02.06 18:08:42 | 000,055,152 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009.01.13 12:27:38 | 000,306,811 | -H-- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.11.19 10:21:28 | 000,039,040 | -H-- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf)
DRV - [2008.08.28 18:17:38 | 000,131,856 | -H-- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008.08.05 14:10:12 | 001,684,736 | -H-- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.04.08 15:59:28 | 000,010,752 | -H-- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2007.11.20 18:35:48 | 000,049,792 | -H-- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007.11.14 19:05:16 | 000,394,952 | -H-- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007.01.18 20:28:02 | 000,005,275 | -H-- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.01.04 09:41:48 | 001,389,056 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51152
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 51152
FF - prefs.js..network.proxy.type: 1
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.24 17:23:40 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.24 17:23:38 | 000,000,000 | -H-D | M]
 
[2009.11.29 14:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Tim\Anwendungsdaten\Mozilla\Extensions
[2011.03.23 23:17:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Tim\Anwendungsdaten\Mozilla\Firefox\Profiles\mwimvq2t.default\extensions
[2010.08.16 20:43:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Tim\Anwendungsdaten\Mozilla\Firefox\Profiles\mwimvq2t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.01 15:17:07 | 000,000,000 | ---D | M] (Black Steel) -- C:\Dokumente und Einstellungen\Tim\Anwendungsdaten\Mozilla\Firefox\Profiles\mwimvq2t.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2010.11.24 00:53:23 | 000,000,000 | ---D | M] (FoxTab) -- C:\Dokumente und Einstellungen\Tim\Anwendungsdaten\Mozilla\Firefox\Profiles\mwimvq2t.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2011.03.24 17:23:40 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) -- 
[2010.01.13 21:51:50 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.03.18 19:56:37 | 000,142,296 | -H-- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEESplendidAR] C:\Programme\ASUS\EPC\EeeSplendid\AutoRun.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Programme\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [LiveUpdate] C:\Programme\Asus\LiveUpdate\LiveUpdate.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [snp2uvc]  File not found
O4 - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Programme\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Eee Docking] C:\Programme\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKCU..\Run: [sCRrtWXnjAgI]  File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ SuperHybridEngine.lnk = C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Tim\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Tim\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.02.13 12:55:52 | 000,000,000 | -H-D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.08.13 20:44:49 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5BA1B9D2-D77E-80A6-A638-55EB172FA353} - NetShow
ActiveX: {5E172F99-E07C-FB94-7685-AD0FC672D439} - DirectAnimation
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A607D1E2-E39C-496A-A36A-BBE758CF07F5} - Vektorgrafik-Rendering (VML)
ActiveX: {AA3515BD-2FD3-459C-16C2-AFB0D80C2831} - Microsoft Windows Media Player 6.4
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {AF95A3FF-2FE8-1B3B-379A-1B3D4F7E2A5B} - Microsoft Windows Media Player 6.4
ActiveX: {B447BE65-1346-EF4B-F148-960F1A680C21} - Browseranpassungen
ActiveX: {BC9A9A31-14FD-05C3-F592-249E4EDDF4C3} - Versions-Update für Internet Explorer
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: MsnMsgr - hkey= - key= -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.01 00:53:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.05.01 00:51:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT
[2011.05.01 00:51:56 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.05.01 00:43:11 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Dokumente und Einstellungen\Tim\Desktop\Erunt-setup.exe
[2011.05.01 00:43:11 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tim\Desktop\OTL.exe
[2011.05.01 00:43:11 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tim\Desktop\TFC.exe
[2011.05.01 00:29:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tim\Anwendungsdaten\Avira
[2011.04.23 00:39:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011.04.23 00:37:57 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Tim\Recent
[2011.04.23 00:37:48 | 000,000,000 | ---D | C] -- C:\!KillBox
[2011.04.23 00:30:18 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Tim\Desktop\HiJackThis204.exe
[2011.04.23 00:30:18 | 000,092,672 | ---- | C] (Option^Explicit Software                        vbtechcd@gmail.com) -- C:\Dokumente und Einstellungen\Tim\Desktop\KillBox.exe
[2011.04.08 15:59:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Temp
[2009.08.14 11:37:15 | 000,196,608 | -H-- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009.08.14 11:37:13 | 000,225,280 | -H-- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Tim\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Tim\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.01 00:51:58 | 000,000,591 | ---- | M] () -- C:\Dokumente und Einstellungen\Tim\Desktop\NTREGOPT.lnk
[2011.05.01 00:51:58 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\Tim\Desktop\ERUNT.lnk
[2011.05.01 00:46:46 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2011.05.01 00:46:40 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\lgfwup.ini
[2011.05.01 00:46:10 | 000,001,078 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.01 00:46:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.05.01 00:43:14 | 000,301,568 | ---- | M] () -- C:\Dokumente und Einstellungen\Tim\Desktop\g2m3e4r.exe
[2011.05.01 00:43:13 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Dokumente und Einstellungen\Tim\Desktop\Erunt-setup.exe
[2011.05.01 00:43:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tim\Desktop\OTL.exe
[2011.05.01 00:43:13 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tim\Desktop\TFC.exe
[2011.05.01 00:26:56 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.05.01 00:25:48 | 000,377,282 | ---- | M] () -- C:\Dokumente und Einstellungen\Tim\Desktop\Load.exe
[2011.04.23 03:21:08 | 000,001,082 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.23 00:19:34 | 000,092,672 | ---- | M] (Option^Explicit Software                        vbtechcd@gmail.com) -- C:\Dokumente und Einstellungen\Tim\Desktop\KillBox.exe
[2011.04.23 00:16:30 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Tim\Desktop\HiJackThis204.exe
[2011.04.08 16:08:17 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Tim\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Tim\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.01 00:51:58 | 000,000,591 | ---- | C] () -- C:\Dokumente und Einstellungen\Tim\Desktop\NTREGOPT.lnk
[2011.05.01 00:51:58 | 000,000,572 | ---- | C] () -- C:\Dokumente und Einstellungen\Tim\Desktop\ERUNT.lnk
[2011.05.01 00:43:11 | 000,301,568 | ---- | C] () -- C:\Dokumente und Einstellungen\Tim\Desktop\g2m3e4r.exe
[2011.05.01 00:38:31 | 000,377,282 | ---- | C] () -- C:\Dokumente und Einstellungen\Tim\Desktop\Load.exe
[2011.03.22 20:25:07 | 000,004,851 | ---- | C] () -- C:\Dokumente und Einstellungen\Tim\Anwendungsdaten\2FBE.F0E
[2011.02.02 23:05:08 | 000,011,448 | -H-- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys
[2010.07.22 23:19:56 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Tim\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.09 18:34:12 | 000,997,624 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.05.19 13:14:39 | 000,016,384 | -H-- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2010.05.12 20:34:04 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\ProStab.INI
[2010.01.15 14:13:00 | 000,000,400 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2010.01.11 12:16:18 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.12.28 14:03:41 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009.12.27 21:26:15 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\lgfwup.ini
[2009.12.01 16:54:13 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.11.29 14:46:35 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2009.11.25 22:13:29 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Tim\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.08.14 16:18:40 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2009.08.14 12:03:30 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\uvcrecordfix.exe
[2009.08.14 12:03:30 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\Sleep.exe
[2009.08.14 11:37:15 | 001,759,616 | -H-- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009.08.14 11:37:15 | 000,028,544 | -H-- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009.08.14 11:37:15 | 000,015,497 | -H-- | C] () -- C:\WINDOWS\snp2uvc.ini
[2009.08.14 11:34:32 | 000,021,864 | -H-- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009.08.14 11:34:32 | 000,012,208 | -H-- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009.08.14 11:33:10 | 000,013,930 | -H-- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2009.08.14 11:32:14 | 000,000,712 | -H-- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009.08.14 11:32:14 | 000,000,008 | -H-- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009.08.14 11:18:12 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009.08.13 21:39:30 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.08.13 21:38:47 | 000,381,632 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.08.13 20:47:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.08.13 20:42:59 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.08.13 20:32:36 | 000,005,312 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009.08.13 20:32:31 | 000,463,238 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2009.08.13 20:32:31 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2009.08.13 20:32:31 | 000,086,080 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2009.08.13 20:32:31 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2009.08.13 20:32:25 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009.08.13 20:32:24 | 000,444,676 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009.08.13 20:32:24 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009.08.13 20:32:24 | 000,072,552 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009.08.13 20:32:24 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009.08.13 20:32:23 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009.08.13 20:32:23 | 000,004,562 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009.08.13 20:32:23 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2009.08.13 20:32:21 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009.08.13 20:32:21 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2009.08.13 20:32:19 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009.08.13 20:32:15 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009.01.13 12:29:00 | 000,197,408 | -H-- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009.01.13 12:28:44 | 000,193,312 | -H-- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008.11.05 12:42:45 | 000,062,400 | -H-- | C] () -- C:\WINDOWS\System32\IFC.dll
[2008.11.05 12:41:56 | 000,422,848 | -H-- | C] () -- C:\WINDOWS\System32\PPL.dll
 
========== LOP Check ==========
 
[2011.02.13 15:01:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk
[2010.09.28 11:13:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EBI
[2010.05.19 13:16:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LEICA Geosystems
[2009.08.14 11:33:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ralink Driver
[2010.09.28 11:13:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RSMR
[2009.12.27 21:26:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp
[2011.02.19 18:29:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tim\Anwendungsdaten\Autodesk
[2011.03.16 23:13:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tim\Anwendungsdaten\ProtectDISC
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.04.23 00:57:43 | 000,000,000 | ---D | M] -- C:\!KillBox
[2011.02.13 12:55:52 | 000,000,000 | -H-D | M] -- C:\Autodesk
[2010.01.11 11:33:20 | 000,000,000 | -H-D | M] -- C:\Civil 3D Projects
[2009.11.25 22:13:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.02.27 23:11:16 | 000,000,000 | -H-D | M] -- C:\HCU
[2009.08.14 11:17:36 | 000,000,000 | -H-D | M] -- C:\Intel
[2010.02.21 03:52:26 | 000,000,000 | -H-D | M] -- C:\Krümel
[2011.02.28 18:32:43 | 000,000,000 | -H-D | M] -- C:\Lohn-Abrechnun-SiggiMüller
[2009.08.14 12:16:19 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.02.13 13:34:08 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.05.01 00:51:56 | 000,000,000 | RH-D | M] -- C:\Programme
[2009.11.25 22:32:28 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2009.11.25 22:12:57 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.05.01 00:53:12 | 000,000,000 | -H-D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 14:00:00 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 14:00:00 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.04.14 14:00:00 | 000,153,600 | -H-- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\I386\REGEDIT.EXE
[2008.04.14 14:00:00 | 000,153,600 | -H-- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 14:00:00 | 000,153,600 | -H-- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\system32\dllcache\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 14:00:00 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.04.14 14:00:00 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-25 14:52:01
 
<           >

< End of report >
OTL Extras:
Code:
ATTFilter
OTL Extras logfile created on: 01.05.2011 00:55:15 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Tim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 407,00 Mb Available Physical Memory | 40,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 72,06 Gb Total Space | 19,33 Gb Free Space | 26,83% Space Free | Partition Type: NTFS
Drive D: | 72,05 Gb Total Space | 46,24 Gb Free Space | 64,18% Space Free | Partition Type: NTFS
 
Computer Name: TIM85 | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"1052:TCP" = 1052:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\World of Warcraft\WoW-3.2.0-deDE-downloader.exe" = D:\World of Warcraft\WoW-3.2.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\World of Warcraft\Launcher.exe" = D:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"D:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe" = D:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"D:\World of Warcraft\WoW-3.3.5.12340-x86-Win-enGB-BKGND-downloader.exe" = D:\World of Warcraft\WoW-3.3.5.12340-x86-Win-enGB-BKGND-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe" = D:\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\World of Warcraft\Launcher.patch.exe" = D:\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{26E81B5B-AC9A-47A0-AEBC-B45932C29B41}" = LEICA FlexOffice
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = ASUS USB2.0 UVC VGA WebCam
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}" = Windows Live Family Safety
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA
"{567C9882-843D-4188-A181-00E2CC3E1031}" = LG Burning Tools
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
"{5783F2D7-9004-0407-0002-0060B0CE6BBA}" = AutoCAD Architecture 2011 - Deutsch
"{5783F2D7-9004-0407-1002-0060B0CE6BBA}" = AutoCAD Architecture 2011 Language Pack - Deutsch
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = LG CyberLink PowerDVD 7.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B4D193B-D76D-308B-8B12-5D9BB1CBCE6C}" = Microsoft Visual Basic Power Packs 3.0
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.0
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D806E63B-0C11-4061-8DA9-1E980FB9A9EB}" = Data Sync
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Akamai" = Akamai NetSession Interface
"ASUS VIBE" = ASUS VIBE
"AutoCAD Architecture 2011 - Deutsch" = AutoCAD Architecture 2011 - Deutsch
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"DWG TrueView 2010" = DWG TrueView 2010
"Eee Docking_is1" = Eee Docking 1.3.6.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"ISRF1_14_669076" = Interaktive Sprachreise - Français Sprachkurs 1
"JGeoPro_is1" = 9.9.21
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
Gmer:
Code:
ATTFilter
GMER 1.0.15.15572 - hxxp://www.gmer.net
Rootkit scan 2011-05-01 04:04:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.PBBO
Running: g2m3e4r.exe; Driver: C:\DOKUME~1\Tim\LOKALE~1\Temp\pxtdipow.sys


---- System - GMER 1.0.15 ----

SSDT            A4909E6E                                 ZwCreateKey
SSDT            A4909E64                                 ZwCreateThread
SSDT            A4909E73                                 ZwDeleteKey
SSDT            A4909E7D                                 ZwDeleteValueKey
SSDT            A4909E82                                 ZwLoadKey
SSDT            A4909E50                                 ZwOpenProcess
SSDT            A4909E55                                 ZwOpenThread
SSDT            A4909E8C                                 ZwReplaceKey
SSDT            A4909E87                                 ZwRestoreKey
SSDT            A4909E78                                 ZwSetValueKey

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0  wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1  wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device          \FileSystem\Fastfat \Fat                 A24F6D20
Device          \FileSystem\Fastfat \Fat                 A2506428

AttachedDevice  \FileSystem\Fastfat \Fat                 fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


crow

 

Themen zu BDS/Cycbot.B.1491 + TR/Kazy.16727.1 + TR/Crypt.ZPACK.Gen
0x00000001, akamai, avgntflt.sys, avira, backdoor, bho, black, c:\windows\system32\rundll32.exe, downloader, error, excel, firefox, fontcache, google earth, hijack, hijackthis, home, homepage, installation, location, logfile, microsoft office word, mozilla, oldtimer, plug-in, problem, proxy-server, realtek, registry, rundll, safer networking, saver, scan, searchplugins, security, security scan, security update, software, super, system, udp, usb, windows internet


« Probleme mit Firefox und Windows Update | Win 7 Recovery Fake - Wieso keine Antwort? »


Ähnliche Themen: BDS/Cycbot.B.1491 + TR/Kazy.16727.1 + TR/Crypt.ZPACK.Gen


  1. TR/Crypt.ZPACK.*, TR.Crypt.XPACK.*, nicht gefundene AdWare
    Log-Analyse und Auswertung - 12.11.2015 (10)
  2. TR/Crypt.Zpack.96184 und TR/Crypt.Zpack.96450 entgültig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 14.09.2014 (13)
  3. Vermute TR/Crypt.ZPACK.47328 und TR/Crypt.ZPACK.56424 auf dem Rechner
    Log-Analyse und Auswertung - 12.05.2014 (10)
  4. avira findet : tr/crypt.zpack.36522 ,tr/crypt.xpack.gen ,adware/installcore.gen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (4)
  5. AntiVir hat folgede Viren gefunden: TR/Crypt.ZPACK.Gen2' & 'TR/Crypt.XPACK.Gen5' [trojan
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (33)
  6. Avira findet TR/Kazy.81861, TR/Crypt.ZPACK.Gen2, TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 02.08.2012 (1)
  7. Wie entferne ich TR/Small.Fl, TR/KAZY.77458,TR.ATRAPS.Gen2, TR/Crypt.ZPACK.Gen8?
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (9)
  8. TR/Crypt.XPACK.Gen5, TR/Crypt.ZPACK.Gen2, TR/Fake.Rean.3394, TR/PSW.Fareit.A.64
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (30)
  9. Mehrere Viren - kazy.mekml1, kazy.20967, crypt.zpack.gen,... Win Vista
    Plagegeister aller Art und deren Bekämpfung - 25.10.2011 (3)
  10. TR/Crypt.XPACK.Gen und TR/Crypt.ZPACK.Gen2 gefunden PC extrem langsam
    Log-Analyse und Auswertung - 19.10.2011 (8)
  11. Folgende Funde: TR/Kazy.11544, Trojan.Hiloti.Gen, TR/Dldr.CodecPack.ahan, TR/Crypt.ZPACK.Gen, etc.
    Plagegeister aller Art und deren Bekämpfung - 17.02.2011 (22)
  12. Kurze Fragen zu TR/Crypt.XPACK.Gen + TR/Crypt.ZPACK.Gen + Avira Scan
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (3)
  13. W32/Induc.A, TR/Dropper.Gen, TR/Crypt.ZPACK.Gen, TR/Crypt.XPACK.Gen3 gefunden - wie entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  14. TR/dldr.swizzor.gen2, TR/crypt.xpack.gen, TR/crypt.zpack.gen unter Windows XP
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (15)
  15. 3 Trojaner: TR/FraudPack.240128 TR/Crypt.XPACK.Gen TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 10.01.2010 (1)
  16. Computer infiziert: Crypt.ZPACK.Gen, Vundo.Gen (3mal), Crypt.ZPACK.Gen, Alureon.CZ
    Log-Analyse und Auswertung - 25.12.2009 (11)
  17. Trojaner TR/Crypt.ASPM.Gen und TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 25.10.2009 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema BDS/Cycbot.B.1491 + TR/Kazy.16727.1 + TR/Crypt.ZPACK.Gen - Hallo zusammen, mein Bruder hat sich auf seinem Netbook Trojaner/Malware eingefangen die recht umfangreiche Änderungen im System vorgenommen hatte: Sämtliche Ordner waren versteckt und ausgeblendet, im IE wurde ein Proxy-Server - BDS/Cycbot.B.1491 + TR/Kazy.16727.1 + TR/Crypt.ZPACK.Gen...
Archiv
Du betrachtest: BDS/Cycbot.B.1491 + TR/Kazy.16727.1 + TR/Crypt.ZPACK.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27