Trojaner

Stefan82fm · Aug 18, 2009

Hallo! Das Programm Malewarebytes-Antimalware hat auf meinem Rechner folgendes gefunden:Infizierte Registrierungsschlüssel:urlsearchhook.toolbarurlse archhook (Trojan BHO).
Ich habe den Schlüssel jetzt einfach mit Malewarebytes gelöscht und wollte wissen ob sich das Problem damit erledigt hat!?
Danke für die Hilfe im vorraus!

Mfg

poro · Aug 18, 2009

Da is bestimmt nochmehr.

Mach mal.
http://www.pcwelt.de/forum/sicherhe...12-malwarebefall-posten-bitte-abarbeiten.html
http://www.pcwelt.de/forum/sicherhe...r-rootkits/134046-posten-hijackthis-logs.html

-humi- · Aug 18, 2009

bitte poste alles: (das gesamte Log von mbam)
http://www.pcwelt.de/forum/1940399-post1.html

Stefan82fm · Aug 18, 2009

info.txt logfile of random's system information tool 1.06 2009-08-18 20:14:01

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{1C4551A6-4743-4093-91E4-1477CD655043}
2000th HellFIRE screensaver v2.5-->"C:\Eigene Daten\Internet Downloads\Bildschirmschoner\unins000.exe"
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {58FC5E37-DD28-4D4A-A549-125744C6763C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {888B9AC7-8F5C-456B-A27A-157A6C310E52}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->"C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
AnVir Task Manager-->"C:\Program Files\AnVir Task Manager\AnVir.exe" Uninstall
Any Video Converter 2.7.3-->"C:\Program Files\Any Video Converter\unins000.exe"
aonFTP-->"C:\ProgramData\{783529ED-FB56-4E47-9A20-F9C23D22C2D0}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
aonFTP-->C:\ProgramData\{783529ED-FB56-4E47-9A20-F9C23D22C2D0}\Setup.exe
aonUpdate-->"C:\ProgramData\{C3358ED5-0ADD-4BA0-8F60-B5A7CD34BD14}\setup.exe" REMOVE=TRUE MODIFY=FALSE
aonUpdate-->C:\ProgramData\{C3358ED5-0ADD-4BA0-8F60-B5A7CD34BD14}\setup.exe
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AusLogics BoostSpeed-->"C:\Program Files\Auslogics\AusLogics BoostSpeed\unins000.exe"
AVS Media Player 3.1-->"C:\Program Files\AVS4YOU\AVSMediaPlayer\unins000.exe"
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManger\unins000.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CANYON USB PC Camera-->C:\Program Files\InstallShield Installation Information\{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}\setup.exe -runfromtemp -l0x0007 -removeonly
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CheckDrive-->"C:\Program Files\CheckDrive\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Controller-->"C:\ProgramData\{0AB34A1C-91C1-45BB-8B32-A0746A30DC96}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
Controller-->C:\ProgramData\{0AB34A1C-91C1-45BB-8B32-A0746A30DC96}\Setup.exe
Falk Navi-Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3222B0CE-59C5-4CA0-B545-2B88F200756B}\setup.exe" -l0x7 -removeonly
Free Fire Screensaver-->C:\Eigene Daten\Internet Downloads\Bildschirmschoner\Free Fire Screensaver\uninstall.exe
FUSSBALL MANAGER 08-->C:\Spiele\eauninstall.exe
FUSSBALL MANAGER 09-->C:\Program Files\EA SPORTS\FUSSBALL MANAGER 09\eauninstall.exe
HDD Health v3.3 Beta-->"C:\Program Files\HDD Health\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KeePass Password Safe 2.06 Beta-->"C:\Program Files\KeePass Password Safe\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack - deu-->MsiExec.exe /I{1545207E-C6F3-31D7-9918-BDBB65075FBF}
Microsoft .NET Framework 3.5-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C}
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 8 Essentials-->MsiExec.exe /X{96AFCF8B-3C53-49A2-8456-E637021B1031}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NETGEAR WG111v3 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\setup.exe -runfromtemp -l0x0407
Norman Security Suite-->MsiExec.exe /X{A36B158D-8E9D-4BD3-8BDA-4B5EDC9C2E8C}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
RivaTuner v2.24-->"C:\Program Files\RivaTuner v2.24\uninstall.exe"
SeaStorm 3D Screensaver (remove only)-->"C:\Eigene Daten\Internet Downloads\Bildschirmschoner\SeaStorm 3D Screensaver\Uninstall.exe"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Skype 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
SystemDiagnostics-->MsiExec.exe /X{EF59DB7F-7426-426E-B862-7031F83ED304}
Tobit.Software clipinc.fx-->C:\Windows\CISUnins.exe "D:\Tobit ClipInc\Server\CISUnins.inf"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}
Windows Live Fotogalerie-->MsiExec.exe /X{119B7481-0216-40D2-A5CC-C3E1F461ECC1}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Live Sync-->MsiExec.exe /X{ED636101-1959-4360-8BF7-209436E7DEE4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

=====HijackThis Backups=====

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) [2009-01-06]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-01-06]
O1 - Hosts: ::1 localhost [2009-01-06]
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe [2009-01-06]
O13 - Gopher Prefix: [2009-03-01]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

FW: Norman Security Suite
AS: Lavasoft Ad-Watch Live!
AS: Windows Defender

======System event log======

Computer Name: Stefan-PC
Event Code: 1103
Message: Dem Computer wurde erfolgreich eine Netzwerkadresse zugeteilt. Eine Verbindung mit anderen Computern kann nun hergestellt werden.
Record Number: 105344
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090711071651.000000-000
Event Type: Informationen
User:

Computer Name: Stefan-PC
Event Code: 7036
Message: Dienst "Microsoft-Softwareschattenkopie-Anbieter" befindet sich jetzt im Status "Beendet".
Record Number: 105343
Source Name: Service Control Manager
Time Written: 20090711070746.000000-000
Event Type: Informationen
User:

Computer Name: Stefan-PC
Event Code: 7036
Message: Dienst "Volumeschattenkopie" befindet sich jetzt im Status "Beendet".
Record Number: 105342
Source Name: Service Control Manager
Time Written: 20090711070446.000000-000
Event Type: Informationen
User:

Computer Name: Stefan-PC
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".
Record Number: 105341
Source Name: Service Control Manager
Time Written: 20090711070443.000000-000
Event Type: Informationen
User:

Computer Name: Stefan-PC
Event Code: 104
Message: Die Protokolldatei "System" wurde gelöscht.
Record Number: 105340
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090711065715.113200-000
Event Type: Informationen
User: Stefan-PC\Stefan

=====Application event log=====

Computer Name: Stefan-PC
Event Code: 8194
Message: Der Wiederherstellungspunkt wurde erfolgreich erstellt (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows-Modulinstallation).
Record Number: 30208
Source Name: System Restore
Time Written: 20090711073614.000000-000
Event Type: Informationen
User:

Computer Name: Stefan-PC
Event Code: 8224
Message: Der VSS-Dienst wird aufgrund eines Leerlaufzeitlimits heruntergefahren.
Record Number: 30207
Source Name: VSS
Time Written: 20090711073456.000000-000
Event Type: Informationen
User:

Computer Name: Stefan-PC
Event Code: 3023
Message: Die Aktualisierung kann nicht gestartet werden, da alle Inhaltsquellen durch Websitepfadregeln ausgeschlossen oder aus der Indexkonfiguration entfernt wurden.

Kontext: Anwendung, SystemIndex Katalog

Details:
Unzulässige Funktion.
(0x00000001)

Record Number: 30206
Source Name: Microsoft-Windows-Search
Time Written: 20090711072654.000000-000
Event Type: Warnung
User:

Computer Name: Stefan-PC
Event Code: 3023
Message: Die Aktualisierung kann nicht gestartet werden, da alle Inhaltsquellen durch Websitepfadregeln ausgeschlossen oder aus der Indexkonfiguration entfernt wurden.

Kontext: Anwendung, SystemIndex Katalog

Details:
Unzulässige Funktion.
(0x00000001)

Record Number: 30205
Source Name: Microsoft-Windows-Search
Time Written: 20090711072654.000000-000
Event Type: Warnung
User:

Computer Name: Stefan-PC
Event Code: 8224
Message: Der VSS-Dienst wird aufgrund eines Leerlaufzeitlimits heruntergefahren.
Record Number: 30204
Source Name: VSS
Time Written: 20090711070446.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: Stefan-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7

Berechtigungen: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 31803
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090711072955.245200-000
Event Type: Überwachung erfolgreich
User:

Computer Name: Stefan-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: STEFAN-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Anmeldetyp: 5

Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
Prozess-ID: 0x294
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -

Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 31802
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090711072955.245200-000
Event Type: Überwachung erfolgreich
User:

Computer Name: Stefan-PC
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: STEFAN-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Zielserver:
Zielservername: localhost
Weitere Informationen: localhost

Prozessinformationen:
Prozess-ID: 0x294
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Netzwerkadresse: -
Port: -

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 31801
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090711072955.245200-000
Event Type: Überwachung erfolgreich
User:

Computer Name: Stefan-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume2\Users\Stefan\AppData\Local\Temp\cpuz131\cpuz_x32.sys
Record Number: 31800
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090711070003.513200-000
Event Type: Überwachung gescheitert
User:

Computer Name: Stefan-PC
Event Code: 1102
Message: Das Überwachungsprotokoll wurde gelöscht.
Subjekt:
Sicherheits- ID: S-1-5-21-4086506781-2826105503-2153028454-1000
Kontoname: Stefan
Domänenname: Stefan-PC
Logon-ID: 0x73596
Record Number: 31799
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090711065714.176200-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%NpmLib%;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"NpmLib"=C:\Program Files\Norman\Npm\Bin
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Stefan82fm · Aug 18, 2009

Logfile of random's system information tool 1.06 (written by random/random)
Run by Stefan at 2009-08-18 20:13:42
Microsoft® Windows Vista Home Premium Service Pack 2
System drive C: has 112 GB (55%) free of 202 GB
Total RAM: 3326 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:58, on 18.08.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norman\npf\bin\npfsvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Norman\Npm\Bin\scheduler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norman\npc\bin\npcsvc32.exe
C:\Program Files\Norman\npc\bin\nuaa.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Auslogics\AusLogics BoostSpeed\BoostSpeed.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AnVir Task Manager\AnVir.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norman\nse\bin\NSESVC.EXE
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\Program Files\Norman\Nvc\Bin\nvcoas.exe
C:\Program Files\Norman\Nvc\Bin\cclaw.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Stefan\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Stefan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telekom.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telekom Austria TA AG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Auslogics BoostSpeed 4] C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AnVir Task Manager] "C:\Program Files\AnVir Task Manager\AnVir.exe" Minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program files\norman\npc\bin\nlf.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Unknown owner - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe (file missing)
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Unknown owner - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe (file missing)
O23 - Service: Avira Premium Security Suite Planer (AntiVirScheduler) - Unknown owner - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe (file missing)
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Unknown owner - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Avira Premium Security Suite MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - D:\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Program Files\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Program Files\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Program Files\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\Bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE (file missing)
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\scheduler.exe
O23 - Service: Fujitsu Diagnostic Testhandler (TestHandler) - Fujitsu Technology Solutions - C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 11717 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\User_Feed_Synchronization-{5AC52B37-2930-47EF-BD23-F4753E9F4CB0}.job
C:\Windows\tasks\User_Feed_Synchronization-{E44BE48C-6E3F-4A37-A473-8EEDBABD8E1D}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-09-26 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-28 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-28 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Norman ZANDA"=C:\Program Files\Norman\Npm\Bin\ZLH.EXE [2009-02-11 187504]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-05-01 13781536]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-07-05 520024]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-06-02 7518752]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-09-26 185872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Auslogics BoostSpeed 4"=C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe [2008-06-23 361072]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"AnVir Task Manager"=C:\Program Files\AnVir Task Manager\AnVir.exe [2009-05-15 3071712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auslogics BoostSpeed 4]
C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe [2008-06-23 361072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA]
C:\Program Files\Norman\Npm\Bin\ZLH.EXE [2009-02-11 187504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325]
C:\Windows\vsnp325.exe [2007-05-10 835584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
C:\Windows\WindowsMobile\wmdSync.exe [2008-01-21 215552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=95

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4a8d7b2-22b1-11de-bf6a-0021850f04b9}]
shell\AutoRun\command - L:\MMMTest.EXE

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-08-18 20:13:42 ----D---- C:\rsit
2009-08-15 21:41:31 ----D---- C:\Program Files\SpeedFan
2009-08-15 21:38:59 ----D---- C:\PC Praxis
2009-08-13 10:24:36 ----D---- C:\Program Files\AnVir Task Manager
2009-08-13 10:01:05 ----D---- C:\Program Files\RivaTuner v2.24
2009-08-13 09:55:45 ----A---- C:\Windows\system32\atl.dll
2009-08-13 09:55:17 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-13 09:54:49 ----A---- C:\Windows\system32\mstscax.dll
2009-08-13 09:54:20 ----A---- C:\Windows\system32\avifil32.dll
2009-08-13 09:53:55 ----A---- C:\Windows\system32\wmp.dll
2009-08-13 09:53:54 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-13 09:53:54 ----A---- C:\Windows\system32\spwmp.dll
2009-08-13 09:53:54 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-13 09:53:53 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-13 09:52:52 ----D---- C:\Users\Stefan\AppData\Roaming\SuperMP3Download
2009-08-13 09:52:52 ----D---- C:\ProgramData\SuperMP3Download
2009-07-31 21:57:32 ----A---- C:\ashampoo-acdw-log.txt
2009-07-31 21:57:25 ----D---- C:\Users\Stefan\AppData\Roaming\Ashampoo
2009-07-31 21:28:44 ----D---- C:\Users\Stefan\AppData\Roaming\DeepBurner
2009-07-31 21:27:53 ----D---- C:\Program Files\Astonsoft
2009-07-31 20:59:35 ----A---- C:\Windows\system32\mshtml.dll
2009-07-31 20:59:35 ----A---- C:\Windows\system32\ieframe.dll
2009-07-31 20:59:34 ----A---- C:\Windows\system32\wininet.dll
2009-07-31 20:59:34 ----A---- C:\Windows\system32\urlmon.dll
2009-07-31 20:59:34 ----A---- C:\Windows\system32\occache.dll
2009-07-31 20:59:34 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-31 20:59:34 ----A---- C:\Windows\system32\iertutil.dll
2009-07-31 20:59:34 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-31 20:59:33 ----A---- C:\Windows\system32\msfeedssync.exe
2009-07-31 20:59:33 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-07-31 20:59:33 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-31 20:59:33 ----A---- C:\Windows\system32\ieUnatt.exe
2009-07-31 20:59:33 ----A---- C:\Windows\system32\ieui.dll
2009-07-31 20:59:33 ----A---- C:\Windows\system32\iesysprep.dll
2009-07-31 20:59:33 ----A---- C:\Windows\system32\iesetup.dll
2009-07-31 20:59:33 ----A---- C:\Windows\system32\iernonce.dll
2009-07-31 20:59:33 ----A---- C:\Windows\system32\iepeers.dll
2009-07-31 20:59:33 ----A---- C:\Windows\system32\ie4uinit.exe
2009-07-28 19:34:23 ----D---- C:\Users\Stefan\AppData\Roaming\Leadertech
2009-07-25 16:31:12 ----D---- C:\ProgramData\Ubisoft
2009-07-25 16:21:32 ----D---- C:\Program Files\Ubisoft
2009-07-21 20:33:08 ----D---- C:\Users\Stefan\AppData\Roaming\Roxio
2009-07-21 20:28:58 ----D---- C:\ProgramData\Napster

======List of files/folders modified in the last 1 months======

2009-08-18 20:13:45 ----D---- C:\Windows\Temp
2009-08-18 19:00:46 ----D---- C:\Program Files\Mozilla Firefox
2009-08-18 18:56:08 ----D---- C:\Windows\system32\catroot2
2009-08-18 18:55:46 ----D---- C:\Program Files\Norman
2009-08-16 11:43:33 ----SHD---- C:\System Volume Information
2009-08-16 10:38:07 ----D---- C:\Users\Stefan\AppData\Roaming\temp
2009-08-16 10:03:39 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-16 09:57:22 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-08-16 09:57:16 ----D---- C:\Windows\Debug
2009-08-16 09:57:16 ----AD---- C:\Windows
2009-08-16 09:40:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-16 09:39:59 ----D---- C:\Windows\system32\drivers
2009-08-15 21:41:31 ----RD---- C:\Program Files
2009-08-15 21:41:30 ----D---- C:\Windows\System32
2009-08-14 07:13:41 ----D---- C:\Users\Stefan\AppData\Roaming\Toolbars
2009-08-13 20:29:44 ----A---- C:\Windows\NeroDigital.ini
2009-08-13 19:10:02 ----D---- C:\Windows\winsxs
2009-08-13 19:06:23 ----D---- C:\Program Files\VS Revo Group
2009-08-13 14:29:56 ----D---- C:\Program Files\Windows Media Player
2009-08-13 10:52:48 ----D---- C:\Windows\system32\catroot
2009-08-13 10:52:44 ----D---- C:\Program Files\Windows Mail
2009-08-13 10:12:02 ----D---- C:\Windows\pss
2009-08-13 09:52:52 ----HD---- C:\ProgramData
2009-08-05 08:27:27 ----D---- C:\temp
2009-08-05 08:13:35 ----D---- C:\Users\Stefan\AppData\Roaming\Skype
2009-08-05 07:49:22 ----D---- C:\programme
2009-08-05 07:45:49 ----D---- C:\Windows\Prefetch
2009-08-03 13:52:09 ----D---- C:\Windows\system32\migration
2009-08-03 13:52:09 ----D---- C:\Program Files\Internet Explorer
2009-08-03 13:20:48 ----SHD---- C:\Windows\Installer
2009-08-03 13:16:32 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-31 21:40:35 ----D---- C:\Program Files\Elaborate Bytes
2009-07-31 21:40:06 ----D---- C:\Windows\system32\Tasks
2009-07-31 20:57:37 ----D---- C:\Windows\inf
2009-07-31 20:57:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-31 20:51:15 ----D---- C:\Windows\system32\Msdtc
2009-07-31 20:51:13 ----D---- C:\Windows\system32\wbem
2009-07-31 20:50:35 ----D---- C:\Windows\system32\config
2009-07-31 20:50:24 ----SD---- C:\Windows\Downloaded Program Files
2009-07-31 20:50:24 ----RSD---- C:\Windows\Media
2009-07-31 20:50:23 ----D---- C:\Windows\Tasks
2009-07-31 20:50:23 ----D---- C:\Windows\system32\spool
2009-07-31 20:50:17 ----D---- C:\Windows\registration
2009-07-30 02:49:14 ----A---- C:\Windows\system32\mrt.exe
2009-07-28 19:12:40 ----D---- C:\Program Files\EA SPORTS
2009-07-28 19:12:38 ----D---- C:\Windows\assembly
2009-07-21 20:37:03 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ALE_NF;Norman Firewall ALE driver; \??\C:\Windows\system32\drivers\ale_nf.sys [2008-04-16 42552]
R1 avfwot;avfwot; C:\Windows\system32\DRIVERS\avfwot.sys [2008-05-07 71592]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 NGS;Norman General Security Driver; \??\c:\program files\norman\ngs\bin\ngs.sys [2009-02-11 22712]
R1 NPROSEC;Norman Security driver; \??\C:\Program Files\Norman\Ngs\Bin\nprosec.sys [2009-04-21 53816]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R2 Ndiskio;Ndiskio; \??\C:\Program Files\Norman\Nse\Bin\NDISKIO.SYS [2007-01-02 20448]
R3 avfwim;AvFw Packet Filter Miniport; C:\Windows\system32\DRIVERS\avfwim.sys [2008-05-07 71464]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-06-02 2364960]
R3 NvcMFlt;NvcMFlt; C:\Windows\system32\DRIVERS\nvcv32mf.sys [2009-01-22 19512]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-04-30 9850016]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-05-02 122368]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\Windows\system32\DRIVERS\wg111v3.sys [2007-04-23 227328]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S1 avgio;avgio; \??\C:\Program Files\Avira\Avira Premium Security Suite\avgio.sys []
S3 avgntflt;avgntflt; \??\C:\Program Files\Avira\Avira Premium Security Suite\avgntflt.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-01-30 236544]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 Pcouffin;Low level access layer for CD devices; C:\Windows\System32\Drivers\Pcouffin.sys []
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.24\RivaTuner32.sys [2009-02-25 9088]
S3 SNP325;USB PC Camera (SNPSTD325); C:\Windows\system32\DRIVERS\snp325.sys [2007-07-24 10394624]
S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2008-10-08 25216]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-10 31616]
S4 ahcix86s;ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [2008-05-27 173576]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-09-30 308248]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2008-04-03 76688]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 AVEService;Avira Premium Security Suite MailGuard Hilfsdienst; C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe [2008-05-09 41217]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 eLoggerSvc6;Norman eLogger service 6; C:\Program Files\Norman\Npm\Bin\Elogsvc.exe [2007-11-21 150584]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-05 1029456]
R2 Norman ZANDA;Norman ZANDA; C:\Program Files\Norman\Npm\Bin\Zanda.exe [2009-02-25 408696]
R2 NPFSvc32;Norman Personal Firewall Service; C:\Program Files\Norman\npf\bin\npfsvc32.exe [2009-04-21 597104]
R2 NPROSECSVC;Norman Security service; C:\Program Files\Norman\Ngs\Bin\Nprosec.exe [2009-02-25 121912]
R2 NVOY;Norman Resource Provider; C:\Program Files\Norman\npm\bin\nvoy.exe [2009-01-20 126008]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-05-01 211488]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 TestHandler;Fujitsu Diagnostic Testhandler; C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [2009-02-19 341264]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 Norman NJeeves;Norman NJeeves; C:\Program Files\Norman\Npm\bin\NJEEVES.EXE [2009-04-17 274392]
R3 NPC;Norman Parental Control; C:\Program Files\Norman\npc\bin\npcsvc32.exe [2008-04-17 416880]
R3 nsesvc;Norman Scanner Engine Service; C:\Program Files\Norman\nse\bin\NSESVC.EXE [2009-05-19 310328]
R3 NUAA;Norman User Activity Agent; C:\Program Files\Norman\npc\bin\nuaa.exe [2009-03-24 121912]
R3 nvcoas;Norman Virus Control on-access component; C:\Program Files\Norman\Nvc\Bin\nvcoas.exe [2009-04-28 195640]
R3 Scheduler;Norman Scheduler Service; C:\Program Files\Norman\Npm\Bin\scheduler.exe [2009-03-17 130104]
S2 AntiVirFirewallService;Avira Premium Security Suite Firewall; C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe []
S2 AntiVirMailService;Avira Premium Security Suite MailGuard; C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe []
S2 AntiVirScheduler;Avira Premium Security Suite Planer; C:\Program Files\Avira\Avira Premium Security Suite\sched.exe []
S2 antivirwebservice;Avira Premium Security Suite WebGuard; C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE []
S3 ClipInc001;ClipInc 001; D:\Tobit ClipInc\Server\ClipInc-Server.exe [2009-05-27 2230024]
S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-23 382248]
S3 NVCScheduler;Norman Virus Control Scheduler; C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2008-10-15 361728]

-----------------EOF-----------------

Stefan82fm · Aug 18, 2009

Malwarebytes' Anti-Malware 1.40
Datenbank Version: 2634
Windows 6.0.6002 Service Pack 2

18.08.2009 21:27:59
mbam-log-2009-08-18 (21-27-59).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Durchsuchte Objekte: 269004
Laufzeit: 58 minute(s), 31 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

-humi- · Aug 19, 2009

also ich sehe nichts böses

Log in or Sign up

Trojaner

Stefan82fm Byte

poro Ganzes Gigabyte

-humi- Joker

Stefan82fm Byte

Stefan82fm Byte

Stefan82fm Byte

-humi- Joker

Share This Page