Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   OTL file auswerten (https://www.trojaner-board.de/87596-otl-file-auswerten.html)

monk111 27.06.2010 02:47
OTL file auswerten
 
Hi
könnte jemand mal bitte dieses OTL file auswerten.
Würde mich sehr freuen. vielen Danke schon mal


OTL Logfile:
Code:
OTL logfile created on: 26.06.2010 21:36:53 - Run 1
OTL by OldTimer - Version 3.2.7.0    Folder = C:\Users\Moritz_2\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 72,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,94 Gb Total Space | 387,34 Gb Free Space | 85,33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MORITZ-LAPTOP
Current User Name: Moritz
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.06.26 21:33:44 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Moritz_2\Downloads\OTL.exe
PRC - [2010.06.02 01:57:48 | 000,945,648 | ---- | M] (Google Inc.) -- C:\Users\Moritz_2\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010.04.06 12:59:29 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.11.19 17:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2009.11.01 19:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009.08.28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
PRC - [2009.08.20 21:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2009.07.03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2009.06.04 23:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008.12.08 14:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008.11.14 14:35:28 | 001,453,992 | R--- | M] (Take-Two Interactive Software, Inc.) -- C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\1_0_0_0\RGSC.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.06.26 21:33:44 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Moritz_2\Downloads\OTL.exe
MOD - [2009.07.13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.04.01 09:11:34 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.04.17 13:01:43 | 000,607,048 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.04.06 12:59:29 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.04.01 09:16:50 | 001,401,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.04.01 09:11:26 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.03.21 01:10:19 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.09.30 13:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.08.28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.25 13:38:06 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.20 21:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.07.17 16:20:34 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.07.13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009.07.13 23:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009.07.13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009.07.03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2008.12.08 14:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.04.28 23:29:44 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV:64bit: - [2010.04.28 23:29:44 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCap)
DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.02.16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.09.18 00:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.15 16:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.08.21 17:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.08.11 12:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.07.13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.02 07:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.07.02 07:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.02 07:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.02 07:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.06.20 08:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.06.19 22:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 22:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.04 20:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.05.05 20:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.05 20:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.04.29 15:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009.04.08 10:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008.06.16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009.10.14 06:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.06.10 17:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009.06.10 17:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2009.03.26 15:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360310i4b6l03h0z185f48k1u695
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360310i4b6l03h0z185f48k1u695
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360310i4b6l03h0z185f48k1u695
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360310i4b6l03h0z185f48k1u695
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360310i4b6l03h0z185f48k1u695
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360310i4b6l03h0z185f48k1u695
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2009.06.10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7EED9A13-A696-46E3-8888-09CDE606B3D1} hxxp://www.sat1.de/service/podcasts/sony_walkman/videoDL.cab (CDownloader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.241.37 24.201.245.77
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.06.24 19:35:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.06.24 19:34:49 | 000,000,000 | ---D | C] -- C:\e25677745c39d3bc83f661
[2010.06.24 11:17:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KaloMa
[2010.05.30 12:22:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010.05.30 12:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010.05.30 12:21:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.05.30 12:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.05.30 12:21:00 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Local\Apple
[2010.05.30 12:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.05.25 22:14:29 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Documents\Rockstar Games
[2010.05.25 17:19:56 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Local\Rockstar Games
[2010.05.18 21:38:13 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.05.17 23:23:16 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Avira
[2010.05.17 23:19:31 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.05.17 23:19:31 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.05.17 23:19:31 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.05.17 23:19:31 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.05.17 23:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.05.17 23:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.05.16 23:18:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.05.10 17:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PixiePack Codec Pack
[2010.05.10 17:40:24 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Documents\gothic3
[2010.05.09 22:34:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RapidSolution
[2010.05.09 22:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution
[2010.05.09 22:33:20 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Local\RapidSolution
[2010.05.09 21:50:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010.05.01 22:03:12 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Local\Microsoft Games
[2010.04.28 23:29:44 | 000,037,480 | ---- | C] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\rrnetcap.sys
[2010.04.20 15:33:04 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\TheLastRipper
[2010.04.19 18:02:40 | 000,000,000 | ---D | C] -- C:\Downloads
[2010.04.19 18:02:20 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Orbit
[2010.04.18 22:08:12 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Malwarebytes
[2010.04.18 22:08:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.18 22:08:02 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.18 22:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.18 22:08:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.04.17 13:01:45 | 000,036,168 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2010.04.17 13:01:45 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2010.04.17 13:01:45 | 000,025,928 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2010.04.17 13:01:45 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2010.04.10 15:43:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Piranha-Bytes
[2010.04.07 23:49:58 | 000,000,000 | ---D | C] -- C:\Programme\DIFX
[2010.04.07 23:08:36 | 000,000,000 | ---D | C] -- C:\drivers
[2010.04.06 21:16:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gothic III
[2010.04.06 21:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010.04.06 12:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010.03.28 22:39:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010.03.28 22:39:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
 
========== Files - Modified Within 90 Days ==========
 
[2010.06.26 21:36:37 | 001,310,720 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT
[2010.06.26 21:28:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3140958396-4004633414-178901765-1000UA.job
[2010.06.26 20:58:00 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3140958396-4004633414-178901765-1002UA.job
[2010.06.26 20:45:01 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3140958396-4004633414-178901765-1003UA.job
[2010.06.26 20:02:20 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.26 20:02:20 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.26 19:55:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.26 19:54:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.26 19:54:51 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.26 11:28:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3140958396-4004633414-178901765-1000Core.job
[2010.06.25 14:59:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3140958396-4004633414-178901765-1002Core.job
[2010.06.24 19:35:38 | 001,507,452 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.06.24 19:35:38 | 000,648,704 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.06.24 19:35:38 | 000,611,332 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.06.24 19:35:38 | 000,128,930 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.06.24 19:35:38 | 000,105,512 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.06.24 18:45:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3140958396-4004633414-178901765-1003Core.job
[2010.06.21 22:14:04 | 004,212,395 | -H-- | M] () -- C:\Users\Moritz\AppData\Local\IconCache.db
[2010.06.11 11:36:40 | 000,350,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.06.04 20:32:04 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{4a5c6135-701b-11df-a305-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms
[2010.06.04 20:32:04 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{4a5c6135-701b-11df-a305-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms
[2010.06.04 20:32:04 | 000,065,536 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{4a5c6135-701b-11df-a305-00262d6e21f2}.TM.blf
[2010.05.30 12:53:20 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{f1e825e4-6c0a-11df-a2bc-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms
[2010.05.30 12:53:20 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{f1e825e4-6c0a-11df-a2bc-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms
[2010.05.30 12:53:20 | 000,065,536 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{f1e825e4-6c0a-11df-a2bc-00262d6e21f2}.TM.blf
[2010.05.29 22:14:47 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{6afd50cb-6b86-11df-aab6-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms
[2010.05.29 22:14:47 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{6afd50cb-6b86-11df-aab6-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms
[2010.05.29 22:14:47 | 000,065,536 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{6afd50cb-6b86-11df-aab6-00262d6e21f2}.TM.blf
[2010.05.23 10:42:44 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\Mediaraptor 4.lnk
[2010.05.17 23:19:38 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.05.16 23:18:40 | 000,001,897 | ---- | M] () -- C:\Users\Moritz\Desktop\CCleaner.lnk
[2010.05.11 23:02:30 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{774c17cb-5d59-11df-9889-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms
[2010.05.11 23:02:30 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{774c17cb-5d59-11df-9889-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms
[2010.05.11 23:02:30 | 000,065,536 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{774c17cb-5d59-11df-9889-00262d6e21f2}.TM.blf
[2010.05.11 07:59:24 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{fc5077e9-5cee-11df-9b85-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms
[2010.05.11 07:59:24 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{fc5077e9-5cee-11df-9b85-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms
[2010.05.11 07:59:24 | 000,065,536 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{fc5077e9-5cee-11df-9b85-00262d6e21f2}.TM.blf
[2010.05.11 07:27:23 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.05.06 07:54:43 | 000,000,701 | ---- | M] () -- C:\Users\Moritz\Documents\computer.rtf
[2010.05.05 11:35:26 | 000,000,379 | ---- | M] () -- C:\Users\Moritz\Documents\phone numbers.rtf
[2010.05.04 20:31:13 | 000,000,250 | ---- | M] () -- C:\Users\Moritz\Documents\Abrechnung mai.rtf
[2010.05.01 21:30:12 | 000,002,230 | ---- | M] () -- C:\Users\Moritz\Desktop\Google Chrome.lnk
[2010.04.29 18:35:30 | 000,000,514 | ---- | M] () -- C:\Users\Moritz\Documents\Abrechnung April.rtf
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.28 23:29:44 | 000,037,480 | ---- | M] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\rrnetcap.sys
[2010.04.27 20:56:53 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{46514c8b-525f-11df-952c-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms
[2010.04.27 20:56:53 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{46514c8b-525f-11df-952c-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms
[2010.04.27 20:56:53 | 000,065,536 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{46514c8b-525f-11df-952c-00262d6e21f2}.TM.blf
[2010.04.26 12:38:07 | 000,000,470 | ---- | M] () -- C:\Users\Moritz\Documents\Abrechnung März.rtf
[2010.04.19 21:53:28 | 000,000,321 | ---- | M] () -- C:\Users\Moritz\Documents\youtube to mp3 anleitung.rtf
[2010.04.18 22:08:06 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.17 13:01:42 | 000,002,219 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.04.17 13:01:42 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.04.17 12:41:29 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.04.15 20:29:52 | 000,011,070 | ---- | M] () -- C:\Users\Moritz\Documents\Lord of the flies.rtf
[2010.04.10 16:11:46 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2010.04.07 23:52:09 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\Dolby Setting.lnk
[2010.04.07 23:08:33 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{04586aa9-42a0-11df-9ae9-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms
[2010.04.07 23:08:33 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{04586aa9-42a0-11df-9ae9-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms
[2010.04.07 23:08:33 | 000,065,536 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{04586aa9-42a0-11df-9ae9-00262d6e21f2}.TM.blf
[2010.04.07 23:08:08 | 000,000,205 | ---- | M] () -- C:\Users\Moritz\Documents\seriennr.rtf
[2010.04.06 12:59:35 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.04.06 12:59:29 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.04.06 12:59:28 | 000,669,184 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.04.06 12:57:58 | 000,001,310 | ---- | M] () -- C:\Users\Public\Desktop\Crysis.lnk
[2010.04.02 17:17:34 | 000,179,091 | ---- | M] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.04.01 09:17:42 | 000,034,632 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2010.04.01 09:11:42 | 000,025,928 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2010.04.01 09:11:38 | 000,021,320 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2010.04.01 09:11:34 | 000,036,168 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2010.04.01 09:11:26 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
 
========== Files Created - No Company Name ==========
 
[2010.06.04 20:32:03 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{4a5c6135-701b-11df-a305-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms
[2010.06.04 20:32:03 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{4a5c6135-701b-11df-a305-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms
[2010.06.04 20:32:03 | 000,065,536 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{4a5c6135-701b-11df-a305-00262d6e21f2}.TM.blf
[2010.05.30 12:53:20 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{f1e825e4-6c0a-11df-a2bc-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms
[2010.05.30 12:53:20 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{f1e825e4-6c0a-11df-a2bc-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms
[2010.05.30 12:53:20 | 000,065,536 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{f1e825e4-6c0a-11df-a2bc-00262d6e21f2}.TM.blf
[2010.05.29 22:14:47 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{6afd50cb-6b86-11df-aab6-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms
[2010.05.29 22:14:47 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{6afd50cb-6b86-11df-aab6-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms
[2010.05.29 22:14:47 | 000,065,536 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{6afd50cb-6b86-11df-aab6-00262d6e21f2}.TM.blf
[2010.05.23 10:42:44 | 000,001,165 | ---- | C] () -- C:\Users\Public\Desktop\Mediaraptor 4.lnk
[2010.05.18 22:49:47 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2010.05.17 23:19:38 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.05.16 23:18:40 | 000,001,897 | ---- | C] () -- C:\Users\Moritz\Desktop\CCleaner.lnk
[2010.05.11 23:02:02 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{774c17cb-5d59-11df-9889-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms
[2010.05.11 23:02:02 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{774c17cb-5d59-11df-9889-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms
[2010.05.11 23:02:02 | 000,065,536 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{774c17cb-5d59-11df-9889-00262d6e21f2}.TM.blf
[2010.05.11 07:58:42 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{fc5077e9-5cee-11df-9b85-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms
[2010.05.11 07:58:42 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{fc5077e9-5cee-11df-9b85-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms
[2010.05.11 07:58:42 | 000,065,536 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{fc5077e9-5cee-11df-9b85-00262d6e21f2}.TM.blf
[2010.05.10 18:40:25 | 000,001,130 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3140958396-4004633414-178901765-1003UA.job
[2010.05.10 18:40:24 | 000,001,078 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3140958396-4004633414-178901765-1003Core.job
[2010.05.06 07:54:43 | 000,000,701 | ---- | C] () -- C:\Users\Moritz\Documents\computer.rtf
[2010.05.05 11:32:16 | 000,000,379 | ---- | C] () -- C:\Users\Moritz\Documents\phone numbers.rtf
[2010.05.04 20:31:13 | 000,000,250 | ---- | C] () -- C:\Users\Moritz\Documents\Abrechnung mai.rtf
[2010.04.27 20:56:43 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{46514c8b-525f-11df-952c-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms
[2010.04.27 20:56:43 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{46514c8b-525f-11df-952c-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms
[2010.04.27 20:56:43 | 000,065,536 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{46514c8b-525f-11df-952c-00262d6e21f2}.TM.blf
[2010.04.26 12:33:28 | 000,000,470 | ---- | C] () -- C:\Users\Moritz\Documents\Abrechnung März.rtf
[2010.04.19 21:56:39 | 000,000,514 | ---- | C] () -- C:\Users\Moritz\Documents\Abrechnung April.rtf
[2010.04.19 21:53:28 | 000,000,321 | ---- | C] () -- C:\Users\Moritz\Documents\youtube to mp3 anleitung.rtf
[2010.04.18 22:08:06 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.15 20:29:51 | 000,011,070 | ---- | C] () -- C:\Users\Moritz\Documents\Lord of the flies.rtf
[2010.04.10 16:11:46 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.04.07 23:52:09 | 000,001,160 | ---- | C] () -- C:\Users\Public\Desktop\Dolby Setting.lnk
[2010.04.07 23:08:36 | 000,006,088 | ---- | C] () -- C:\Windows\SysNative\drivers\CDConfig.bin
[2010.04.07 23:08:32 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{04586aa9-42a0-11df-9ae9-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms
[2010.04.07 23:08:32 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{04586aa9-42a0-11df-9ae9-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms
[2010.04.07 23:08:32 | 000,065,536 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{04586aa9-42a0-11df-9ae9-00262d6e21f2}.TM.blf
[2010.04.07 23:08:08 | 000,000,205 | ---- | C] () -- C:\Users\Moritz\Documents\seriennr.rtf
[2010.04.06 12:59:31 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.04.06 12:59:29 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.04.06 12:59:28 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.04.06 12:57:58 | 000,001,310 | ---- | C] () -- C:\Users\Public\Desktop\Crysis.lnk
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.03.23 16:05:50 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2010.03.21 05:27:29 | 000,001,695 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009.11.25 13:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.10.30 01:54:34 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009.10.30 01:54:34 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.10.30 01:54:34 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009.07.13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.03.02 11:33:32 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010.04.19 18:06:57 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Orbit
[2010.04.20 15:33:23 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\TheLastRipper
[2010.05.05 12:31:17 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Tobit
[2010.03.21 14:26:12 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\TuneUp Software
[2010.06.11 11:36:47 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---
[/spoiler]

Larusso 27.06.2010 10:26
Irgendwelche Probleme

monk111 27.06.2010 15:17
gehackt...

Larusso 27.06.2010 15:23
Mit deinen Angaben an Informationen kann ich dezent nichts anfangen.

monk111 27.06.2010 16:10
ok sorry.
Was brauchst du denn?
also meine pws im intenet wurden glaube ich gehackt. Malwarebytes und avira zeigen nichts an dh hab ich hier mal das OTL file hochgeladen.
viele grüße

Larusso 27.06.2010 16:17
Bitte
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter
    (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Gmer ist geeignet für => NT/W2K/XP/VISTA.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf "Save" und speichere das Log als "Gmer.txt" auf dem Desktop, Mit "Ok" wird Gmer beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Larusso 04.07.2010 09:45
Fehlende Rückmeldung

Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.

PN an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere eröffnet bitte einen eigenen Thread.


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:46 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131