Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TR/Crypt.XPACK.Gen3 auf beiden PC's (https://www.trojaner-board.de/91424-tr-crypt-xpack-gen3-beiden-pcs.html)

Pullermann 03.10.2010 17:08
TR/Crypt.XPACK.Gen3 auf beiden PC's
 
Hallo,

ich habe folgendes Problem mit meinem beiden Pc's,
auf meinem Standpc mit Netzwerkstecker mit Internet verbunden & mit
meinem Netbook NC10 mit Wlan verbunden, habe ich mir den Trojaner TR/Crypt.XPACK.Gen3 eingefangen. Endeckt wurde er vom Antivir. Richtiger Schutz wurde eigentlich auf beiden nicht betrieben, nur Antivir & Spyware Doctor. Also bisschen rumgegoogelt und ein paar verschiedene Programme installiert und laufen lassen aber keines hat irgendwie den erwünschten effekt gebracht. Bräuchte irgendwie eine schritt für schritt anleitung, bin irgendwie zu blöde :crazy:...
Nun eBay, Papyal und email account wurde schon geändert, natürlich nicht auf den infizierten Pc's...
Nun meine frage bevor ich mir den Trojaner eingefangen habe hatte ich zuvor Onlinebanking auf, natürlich schön ausgeloggt ccleander drüber laufen lassen, was meint ihr bei der bank neues passwort anfordern, um sicher zu gehen und natürlich die Kontobewegungen beobachten. Und was macht eigentlich der TR/Crypt.XPACK.Gen3, was verursacht er in meinem system?
Hoffe ich kann mir eine neuinstallation sparen.
Bitte um Hilfe...

cosinus 04.10.2010 09:16
Zitat:
Und was macht eigentlich der TR/Crypt.XPACK.Gen3, was verursacht er in meinem system?
Immer die genauen Schädlingsnamen und Pfadangaben notieren und posten!

Aus den Regeln:

5. Beschreibe Dein Problem in einigen Sätzen und arbeite diese Anleitung ab Punkt 2. durch
Auch Funde von deiner Sicherheitssoftware bitte im Thema nennen: (z.B. c:\windows\virus.exe)
Fehlen diese Angaben, kann und wird dir hier niemand helfen.

Pullermann 04.10.2010 14:59
Alle Hinweise am 2.10.10 von AviraAntiVir gemeldet! Auf Standpc mit Lanverbindung

19:14Uhr
In der Datei 'C:\Windows\Temp\TMPA6A1.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

19:13uhr
In der Datei 'C:\Windows\Temp\TMP59FD.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern


19:13uhr

In der Datei 'C:\Windows\Temp\TMP5613.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern


19:06uhr
In der Datei 'C:\Windows\Temp\TMPC243.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

19:06Uhr
In der Datei 'C:\Windows\Temp\TMP95C9.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

19:05Uhr
In der Datei 'C:\Windows\Temp\TMP55E3.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

18:53Uhr
Die Datei 'C:\Windows\Temp\TMP9C2B.tmp'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4eacc2eb.qua' verschoben!

18:53uhr
In der Datei 'C:\Windows\Temp\TMP9C2B.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

18:20uhr
In der Datei 'C:\Windows\Temp\TMP9C2B.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

18:20Uhr
In der Datei 'C:\Windows\Temp\TMP9C2B.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

18:20uhr
In der Datei 'C:\Windows\Temp\TMP9C2B.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

cosinus 04.10.2010 17:59
Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Pullermann 08.10.2010 14:24
Malwarebytes

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4754

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

06.10.2010 16:53:14
mbam-log-2010-10-06 (16-53-14).txt

Scan type: Full scan (C:\|)
Objects scanned: 258407
Time elapsed: 1 hour(s), 6 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------
OTLOTL Logfile:
Code:
OTL logfile created on: 06.10.2010 16:03:22 - Run 1
OTL by OldTimer - Version 3.2.14.1    Folder = C:\Users\Tobias\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
7,00 Gb Paging File | 4,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 463,80 Gb Total Space | 374,54 Gb Free Space | 80,75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TOBIAS-PC
Current User Name: Tobias
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Users\Tobias\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Program Files\Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
PRC - C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\PC Tools Security\TFEngine\TFService.exe (PC Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\CPUCooL\CooLSRV.exe ()
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Tobias\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll (Emsi Software GmbH)
MOD - C:\Program Files\PC Tools Security\TFEngine\TFWAH.dll (PC Tools)
MOD - C:\Program Files\PC Tools Security\PCTGMhk.dll (PC Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (ThreatFire) -- C:\Program Files\PC Tools Security\TFEngine\TFService.exe (PC Tools)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (CPUCooLServer) -- C:\Program Files\CPUCooL\CooLSRV.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys File not found
DRV - (cpuz130) -- C:\Users\Tobias\AppData\Local\Temp\cpuz130\cpuz_x32.sys File not found
DRV - (a2acc) -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (a2injectiondriver) -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys (Emsi Software GmbH)
DRV - (pctgntdi) -- C:\Windows\System32\drivers\pctgntdi.sys (PC Tools)
DRV - (pctplsg) -- C:\Windows\System32\drivers\pctplsg.sys (PC Tools)
DRV - (TfSysMon) -- C:\Windows\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\Windows\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys (PC Tools)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (pctEFA) -- C:\Windows\system32\drivers\pctEFA.sys (PC Tools)
DRV - (pctDS) -- C:\Windows\system32\drivers\pctDS.sys (PC Tools)
DRV - (a2util) -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (ntiopnp) -- C:\Windows\System32\drivers\ntiopnp.sys ()
DRV - (ntiomin) -- C:\Windows\System32\drivers\ntiomin.sys ()
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (Promise Technology, Inc.)
DRV - (MarkFun_NT) -- C:\Program Files\Gigabyte\Face_wizard\markfun.w32 (Windows (R) Server 2003 DDK provider)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4F D2 F0 6B 83 D2 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {b66bc4c3-6d25-4a10-8c59-01daa9063051}:1.5.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.2
FF - prefs.js..extensions.enabledItems: CrystalFox_Qute@BigRedBrent:3.7
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2010.09.24 13:24:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Firefox\components [2010.09.19 10:59:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Firefox\plugins [2010.09.17 11:44:56 | 000,000,000 | ---D | M]
 
[2009.01.12 21:42:06 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\mozilla\Extensions
[2010.10.06 15:54:29 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\mwpppe9l.default\extensions
[2010.07.15 18:41:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\mwpppe9l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.02 16:39:45 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\mwpppe9l.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009.01.14 12:19:34 | 000,000,000 | ---D | M] (FoxGame) -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\mwpppe9l.default\extensions\{b66bc4c3-6d25-4a10-8c59-01daa9063051}
[2010.09.14 17:09:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\mwpppe9l.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.06 15:21:20 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\mozilla\Firefox\Profiles\mwpppe9l.default\extensions\CrystalFox_Qute@BigRedBrent
[2010.08.18 18:11:49 | 000,000,873 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\FireFox\Profiles\mwpppe9l.default\searchplugins\conduit.xml
[2010.09.24 13:25:12 | 000,002,689 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\FireFox\Profiles\mwpppe9l.default\searchplugins\search-defender.xml
 
O1 HOSTS File: ([2010.10.02 12:55:51 | 000,420,728 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        007guard.com - 007guard and Free Antivirus
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 14512 more lines...
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Tobias\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} hxxp://service.futuremark.com/virtualmark/tc/FMSI.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{96f5c559-e70a-11dd-b69d-001fd0acc8de}\Shell\AutoRun\command - "" = F:\menu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.06 16:00:40 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.10.06 15:47:19 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\Tobias\Desktop\OTL.exe
[2010.10.02 16:53:05 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\Sunbelt Software
[2010.10.02 16:52:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\{437292BE-95BD-4B12-B699-6D217A03ACAF}
[2010.10.02 16:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.10.02 16:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010.10.02 16:51:02 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\EurekaLog
[2010.10.02 16:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2010.10.02 16:49:22 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Documents\Anti-Malware
[2010.10.02 13:08:53 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Malwarebytes
[2010.10.02 13:00:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.02 13:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.02 13:00:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.02 13:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.29 19:00:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.09.24 13:24:16 | 000,068,880 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2010.09.24 13:24:16 | 000,051,984 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2010.09.24 13:24:16 | 000,033,552 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2010.09.24 12:58:59 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010.09.24 12:58:58 | 001,865,680 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.09.24 12:58:58 | 000,739,280 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010.09.24 12:58:48 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2010.09.24 12:58:48 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2010.09.24 12:58:47 | 000,247,824 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010.09.24 12:58:47 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010.09.24 12:58:46 | 000,237,632 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010.09.24 12:58:46 | 000,159,296 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010.09.24 12:58:42 | 000,123,968 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys
[2010.09.24 12:58:42 | 000,087,400 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys
[2010.09.24 12:58:42 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.09.24 12:58:42 | 000,031,960 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys
[2010.09.24 12:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2010.09.24 12:58:29 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\PC Tools
[2010.09.24 12:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010.09.22 21:48:22 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2010.09.22 21:48:22 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2010.09.22 21:48:21 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2010.09.22 21:48:21 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL
[2010.09.22 21:48:21 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2010.09.22 21:48:21 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2010.09.22 21:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2010.09.21 14:14:32 | 000,028,928 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.09.21 14:14:32 | 000,017,152 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.09.21 14:14:30 | 000,361,216 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe
[2010.09.21 11:10:20 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Desktop\Verkäufe
[2010.09.20 21:38:51 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Audacity
[2010.09.20 14:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010.09.20 14:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010.09.16 15:34:06 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Avira
[2010.09.15 16:41:10 | 000,000,000 | ---D | C] -- C:\99c418158ea6ea897f0c
[2010.09.15 15:04:54 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010.09.10 13:56:18 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Picturenaut
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.06 16:08:53 | 007,340,032 | ---- | M] () -- C:\Users\Tobias\ntuser.dat
[2010.10.06 16:00:33 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.10.06 16:00:06 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.10.06 15:48:32 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.10.06 15:48:32 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.06 15:48:32 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.06 15:48:32 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.06 15:48:32 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.06 15:47:23 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Tobias\Desktop\OTL.exe
[2010.10.06 15:41:59 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.06 15:41:59 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.06 15:41:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.06 15:41:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.04 17:38:34 | 000,524,288 | -HS- | M] () -- C:\Users\Tobias\ntuser.dat{9d4b3e18-c556-11df-adc0-001fd0acc8de}.TMContainer00000000000000000001.regtrans-ms
[2010.10.04 17:38:34 | 000,065,536 | -HS- | M] () -- C:\Users\Tobias\ntuser.dat{9d4b3e18-c556-11df-adc0-001fd0acc8de}.TM.blf
[2010.10.04 17:38:32 | 002,447,596 | -H-- | M] () -- C:\Users\Tobias\AppData\Local\IconCache.db
[2010.10.02 17:17:43 | 295,833,193 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.10.02 16:56:01 | 000,001,073 | ---- | M] () -- C:\Users\Tobias\Desktop\Spybot - Search & Destroy.lnk
[2010.10.02 16:52:16 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.10.02 16:49:36 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2010.10.02 13:00:38 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.02 12:55:51 | 000,420,728 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.09.30 19:07:39 | 000,001,056 | ---- | M] () -- C:\Users\Tobias\Documents\cc_20100930_190736.reg
[2010.09.29 18:59:32 | 002,020,120 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2010.09.23 12:09:15 | 000,184,320 | ---- | M] () -- C:\Users\Tobias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.21 15:23:54 | 000,524,288 | -HS- | M] () -- C:\Users\Tobias\ntuser.dat{9d4b3e18-c556-11df-adc0-001fd0acc8de}.TMContainer00000000000000000002.regtrans-ms
[2010.09.21 14:35:23 | 000,524,288 | -HS- | M] () -- C:\Users\Tobias\ntuser.dat{0e954a8a-08d5-11df-b565-001fd0acc8de}.TMContainer00000000000000000001.regtrans-ms
[2010.09.21 14:35:23 | 000,065,536 | -HS- | M] () -- C:\Users\Tobias\ntuser.dat{0e954a8a-08d5-11df-b565-001fd0acc8de}.TM.blf
[2010.09.21 14:14:34 | 000,604,416 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
[2010.09.21 14:14:30 | 000,361,216 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe
[2010.09.20 21:38:39 | 000,001,461 | ---- | M] () -- C:\Users\Tobias\AppData\Local\RecConfig.xml
[2010.09.20 13:46:31 | 000,316,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.09.20 10:08:12 | 000,080,296 | ---- | M] () -- C:\Users\Tobias\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.09.20 10:05:00 | 000,003,712 | ---- | M] () -- C:\Users\Tobias\Documents\cc_20100920_100457.reg
[2010.09.08 14:59:41 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.02 19:35:11 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010.10.02 17:17:43 | 295,833,193 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.10.02 16:56:01 | 000,001,073 | ---- | C] () -- C:\Users\Tobias\Desktop\Spybot - Search & Destroy.lnk
[2010.10.02 16:52:16 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.10.02 16:49:36 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2010.10.02 13:00:38 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.30 19:07:37 | 000,001,056 | ---- | C] () -- C:\Users\Tobias\Documents\cc_20100930_190736.reg
[2010.09.24 12:58:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.09.24 12:58:59 | 000,002,074 | ---- | C] () -- C:\Windows\UDB.zip
[2010.09.24 12:58:59 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010.09.24 12:58:59 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010.09.24 12:58:59 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010.09.24 12:58:56 | 002,020,120 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2010.09.22 21:48:22 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.09.21 14:37:24 | 000,524,288 | -HS- | C] () -- C:\Users\Tobias\ntuser.dat{9d4b3e18-c556-11df-adc0-001fd0acc8de}.TMContainer00000000000000000002.regtrans-ms
[2010.09.21 14:37:24 | 000,524,288 | -HS- | C] () -- C:\Users\Tobias\ntuser.dat{9d4b3e18-c556-11df-adc0-001fd0acc8de}.TMContainer00000000000000000001.regtrans-ms
[2010.09.21 14:37:24 | 000,065,536 | -HS- | C] () -- C:\Users\Tobias\ntuser.dat{9d4b3e18-c556-11df-adc0-001fd0acc8de}.TM.blf
[2010.09.21 14:15:18 | 000,000,522 | ---- | C] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.09.20 21:38:39 | 000,001,461 | ---- | C] () -- C:\Users\Tobias\AppData\Local\RecConfig.xml
[2010.09.20 10:04:59 | 000,003,712 | ---- | C] () -- C:\Users\Tobias\Documents\cc_20100920_100457.reg
[2010.04.26 18:25:53 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.01.06 02:34:45 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2009.11.23 20:09:08 | 000,000,600 | ---- | C] () -- C:\Users\Tobias\AppData\Roaming\winscp.rnd
[2009.08.12 10:22:06 | 000,138,592 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.08.01 15:51:40 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.07.22 16:21:01 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.07.14 17:15:00 | 000,178,432 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.06.28 11:27:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.19 18:14:15 | 000,002,955 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.01.15 13:17:57 | 000,022,328 | ---- | C] () -- C:\Users\Tobias\AppData\Roaming\PnkBstrK.sys
[2009.01.15 13:17:38 | 000,000,300 | ---- | C] () -- C:\Windows\game.ini
[2009.01.12 22:20:41 | 000,184,320 | ---- | C] () -- C:\Users\Tobias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.10 18:13:29 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2009.01.10 17:58:19 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.01.10 16:18:22 | 000,001,356 | ---- | C] () -- C:\Users\Tobias\AppData\Local\d3d9caps.dat
[2008.12.08 13:53:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.12.07 14:08:06 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.12.07 14:08:04 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.12.01 22:46:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.04.12 17:40:28 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\ntiopnp.sys
[2008.04.12 17:40:28 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\ntiomin.sys
[2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:430C6D84
< End of report >
--- --- ---

OTL ExtrasOTL Logfile:
Code:
OTL Extras logfile created on: 06.10.2010 16:03:23 - Run 1
OTL by OldTimer - Version 3.2.14.1    Folder = C:\Users\Tobias\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
7,00 Gb Paging File | 4,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 463,80 Gb Total Space | 374,54 Gb Free Space | 80,75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TOBIAS-PC
Current User Name: Tobias
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{70BCDEC4-6ACA-4CD0-87AF-58204A994CE0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{A2779FB7-C453-4DA8-8E50-3FA703093186}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D800485F-A820-40BD-ACD0-2126150D0B6C}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DE7AFD41-26CD-4A0C-922F-913EC60C5CBC}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E2994545-823D-43B7-88CD-78ECB7A8C645}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02DFABA1-DC1D-401C-ADC7-1144E64A6290}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0523CD64-FA72-42FE-A701-C063F2AC853B}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{0DB70632-62A6-4A35-84E4-FAA5F141DC9B}" = protocol=6 | dir=in | app=c:\games\gta4\grand theft auto iv\launchgtaiv.exe |
"{2478FA3E-D674-49C9-8CCE-D1D6577BF5F6}" = protocol=17 | dir=in | app=c:\games\gta4\grand theft auto iv\launchgtaiv.exe |
"{2B2A01A2-09E8-41ED-BF5C-A9E2CE9671D6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{3CA0E172-EF20-49AD-A159-F6B21665637E}" = protocol=6 | dir=in | app=c:\games\unreal tournament 3\binaries\ut3.exe |
"{3EA939B0-5838-438B-B60E-93FD3CB99A65}" = protocol=17 | dir=in | app=c:\games\ gta4\rockstar games social club\rgsclauncher.exe |
"{4731976C-7D7F-4108-8019-48E4922E2D3D}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{4C4B0FCE-53DE-4C1D-A382-686B06961B59}" = protocol=6 | dir=in | app=c:\games\ gta4\rockstar games social club\rgsclauncher.exe |
"{4D10A37F-5911-4012-99D9-2BA0B0962049}" = protocol=17 | dir=in | app=c:\games\call of duty 4 - modern warfare\iw3mp.exe |
"{616A10AB-1CD1-47E5-A985-47376E576207}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{6950E824-EBFE-45A3-AA77-4F9988878DC2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{7589EF70-6DA5-4099-A3A9-FA49348B7797}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7914B4FB-5227-4140-A839-7E6DF390F8F6}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{7967077E-E2E4-4F8F-B3FF-0987DE5633F6}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{8A85D433-899E-4C6A-9F45-000CBC6C16D9}" = protocol=6 | dir=in | app=c:\games\call of duty 4 - modern warfare\iw3mp.exe |
"{8E2E852E-319B-448D-85B6-FD6C7FC1196A}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{912C1659-5F58-44E9-842B-61EA0A0FBAC4}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{921461FC-B3DD-4201-8205-3B51C75F6928}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{97C21A23-DC91-499E-98C4-B3BCB0929988}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A048B194-0A5E-43E6-A292-61C485056CED}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{AE62F10A-6243-4175-89DD-0031749F4295}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CEA1CAB2-F969-4BA7-BCC4-84C13C2E1622}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F7A842DB-7400-4FFB-B957-A26A5EBE6114}" = protocol=17 | dir=in | app=c:\games\unreal tournament 3\binaries\ut3.exe |
"TCP Query User{A86AD005-EB4F-4DB0-BF6B-5AB5B474511F}C:\games\gta4\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\games\gta4\grand theft auto iv\gtaiv.exe |
"TCP Query User{F708D836-7198-46E2-973B-54433A50F94B}C:\games\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\games\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{2EE5FA04-B978-44C1-B1DD-8095160CD30E}C:\games\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\games\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{FEEC92A1-9FBE-4EE4-B3B1-95A3D23AB7B2}C:\games\gta4\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\games\gta4\grand theft auto iv\gtaiv.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{03E2A0D1-D43A-CB88-A35B-05D753DD43C5}" = Catalyst Control Center HydraVision Full
"{0523EAF4-402C-4435-A0DA-13C40193D811}" = Logitech GamePanel Software 2.02
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.1 Build #2096 Banner Remover 1.0
"{0C4A2CBF-CB45-5804-833B-24E1D279B0A2}" = CCC Help English
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0E274067-4A84-66B2-1674-42D82D2ABD06}" = ccc-core-static
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22FB6750-ADDF-4726-B67F-6901E1991031}" = Nero 7 Premium
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{28184E01-D57A-4933-A09B-F65403F16D82}" = i-Cool
"{28F0FD94-CC2E-38DE-6080-0F688881DF32}" = Catalyst Control Center Core Implementation
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5DA49E6A-74A7-B5A8-172A-3CFFBD984EC6}" = ccc-utility
"{60B8D26D-5D6D-21D5-0366-3664E5DE3471}" = ATI Catalyst Install Manager
"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AAFA39D-8247-29FF-B0AC-9D6F21BA4A1C}" = Catalyst Control Center Graphics Previews Vista
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7113847B-EC8E-C244-66B0-C8C98A855525}" = Catalyst Control Center InstallProxy
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{98A01836-BC4F-BA02-8ECA-F2F22FA9754A}" = Catalyst Control Center Graphics Light
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A2749C1C-CA17-6DD2-EAE0-D00518B39AB1}" = Catalyst Control Center Graphics Previews Common
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B07.1214.01
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EEC4F30A-C514-6096-C27A-D0226394CD11}" = Catalyst Control Center Graphics Full New
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F163FBE3-7EC2-BE0C-374A-E6E4A2633075}" = Catalyst Control Center Graphics Full Existing
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FC5A7E9B-2CAC-6261-7F34-817C6547ABF3}" = Catalyst Control Center InstallProxy
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Browser Defender_is1" = Browser Defender 3.0
"CCleaner" = CCleaner
"ClearSkinFX for Digital Cameras_is1" = ClearSkinFX for Digital Cameras
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"CPUCooL" = CPUCooL (remove only)
"DiskAid_is1" = DiskAid 3.1
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Guardian Of Data_is1" = Guardian Of Data v2.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ICQToolbar" = ICQ Toolbar
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Island Wars_is1" = Island Wars v1.20
"IsoBuster_is1" = IsoBuster 2.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Passfoto Manager_is1" = Passfoto Manager Ver. 1.3
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"RocketDock_is1" = RocketDock 1.3.5
"Spyware Doctor" = Spyware Doctor 8.0
"Streamripper" = Streamripper (Remove only)
"T4EPlayer" = T4E Player
"TeamViewer 4" = TeamViewer 4
"Techno4ever Player" = Techno4ever Player
"tint" = Tint
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02.10.2010 10:52:57 | Computer Name = Tobias-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
 
Error - 02.10.2010 11:13:01 | Computer Name = Tobias-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 02.10.2010 11:19:13 | Computer Name = Tobias-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 02.10.2010 12:07:44 | Computer Name = Tobias-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 02.10.2010 18:08:56 | Computer Name = Tobias-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 02.10.2010 18:15:28 | Computer Name = Tobias-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 02.10.2010 18:16:27 | Computer Name = Tobias-PC | Source = System Restore | ID = 8209
Description =
 
Error - 04.10.2010 09:34:51 | Computer Name = Tobias-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 04.10.2010 11:08:07 | Computer Name = Tobias-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 06.10.2010 09:43:21 | Computer Name = Tobias-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 02.10.2010 18:09:15 | Computer Name = Tobias-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 02.10.2010 18:09:15 | Computer Name = Tobias-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 02.10.2010 18:15:52 | Computer Name = Tobias-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 02.10.2010 18:15:52 | Computer Name = Tobias-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 04.10.2010 09:35:25 | Computer Name = Tobias-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 04.10.2010 09:35:25 | Computer Name = Tobias-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 04.10.2010 11:08:44 | Computer Name = Tobias-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 04.10.2010 11:08:45 | Computer Name = Tobias-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 06.10.2010 09:44:03 | Computer Name = Tobias-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 06.10.2010 09:44:03 | Computer Name = Tobias-PC | Source = Service Control Manager | ID = 7026
Description =
 
[ TuneUp Events ]
Error - 02.10.2010 07:08:52 | Computer Name = Tobias-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-10-02 13:08:52', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','4704',0)
 
Error - 02.10.2010 10:33:54 | Computer Name = Tobias-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-10-02 16:33:54', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','2804',0)
 
Error - 02.10.2010 11:21:27 | Computer Name = Tobias-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-10-02 17:21:27', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','5960',0)
 
Error - 06.10.2010 09:46:17 | Computer Name = Tobias-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-10-06 15:46:17', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','3388',0)
 
 
< End of report >
--- --- ---

cosinus 08.10.2010 18:22
Gibt es noch weitere Logs von Malwarebytes? Wäre sehr sinnfrei, wenn Du das ohne Funde gepostet hättest!


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:07 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55