Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Brauche eine Auswertung!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 07.05.2011, 20:22   #1
Carbonas
 
Brauche eine Auswertung! - Standard

Brauche eine Auswertung!



Hallo,
ich möchte gerne wissen was anhand der OTL-Log-Datei gefixxt werden müsste.

Ergebniss der Malwarebyte Log-Datei:
Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6528

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

07.05.2011 21:17:19
mbam-log-2011-05-07 (21-17-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Durchsuchte Objekte: 306630
Laufzeit: 45 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 1
Infizierte Dateien: 12

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{FF36B2CA-15E1-5E70-FD3B-0C80DC9425D0} (Spyware.Passwords.XGen) -> Value: {FF36B2CA-15E1-5E70-FD3B-0C80DC9425D0} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Trojan.FakeMS) -> Value: 4E3E0230AEBB4E96 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Khumeqal (Trojan.Hiloti) -> Value: Khumeqal -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NuHveRXdmtu (Trojan.FakeAlert) -> Value: NuHveRXdmtu -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\****\AppData\Roaming\Kexox\anfoa.exe (Spyware.Passwords.XGen) -> Delete on reboot.
c:\Recycle.Bin\recycle.bin.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\****\AppData\Local\wlnlupc.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\programdata\nuhverxdmtu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\5155B4A.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\****\AppData\Local\Temp\0.7988482539063126.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\****\AppData\Local\Temp\17D4.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\****\AppData\LocalLow\Sun\Java\deployment\cache\6.0\31\472d925f-287d851e (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\****\AppData\Roaming\Adobe\plugs\mmc52214283.txt (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\****\AppData\Roaming\Adobe\plugs\mmc242.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\****\AppData\Roaming\Adobe\plugs\mmc35.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
Ich hatte 19 Funde die ich natürlich alle sofort gelöscht habe. Auch die übrigen die in nicht gelöscht werden konnte habe ich in der Quarantäne gelöscht.
So nun zur OTL:
Zitat:
OTL logfile created on: 07.05.2011 21:18:00 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\****\Downloads
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 403,78 Gb Free Space | 86,69% Space Free | Partition Type: NTFS
Drive D: | 6,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.05.07 20:53:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\****\Downloads\OTL.exe
PRC - [2011.05.05 14:15:53 | 003,071,384 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011.05.03 12:00:46 | 002,846,320 | ---- | M] (GamersFirst) -- C:\Program Files\GamersFirst\LIVE!\Live.exe
PRC - [2011.04.30 21:26:27 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.04.30 01:55:23 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.30 19:49:44 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011.03.30 19:48:00 | 001,523,008 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011.03.28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.03.16 23:14:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.07 22:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.11.20 05:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 05:17:02 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010.04.24 02:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.04.24 02:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe


========== Modules (SafeList) ==========

MOD - [2011.05.07 20:53:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\****\Downloads\OTL.exe
MOD - [2010.11.20 04:55:10 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010.11.20 04:55:10 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
MOD - [2009.07.14 03:16:14 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shfolder.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.04.30 01:55:23 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.30 19:48:00 | 001,523,008 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.03.30 19:45:32 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.03.16 23:14:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.12.10 07:36:00 | 003,648,584 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.04.24 02:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.04.24 02:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009.07.16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011.03.16 23:14:05 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.02.10 11:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.01.08 05:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.12.13 09:39:38 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.20 05:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 05:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 05:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 03:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 02:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 02:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.24 02:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010.04.24 02:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010.04.24 02:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010.04.24 02:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.03.18 17:35:40 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 70 EF D1 68 DB CB 01 [binary data]
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:defficial"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2
FF - prefs.js..extensions.enabledItems: {03CAE00B-981A-482D-8915-72FD4E3EF2B1}:1.9.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{03CAE00B-981A-482D-8915-72FD4E3EF2B1}: C:\Users\****\AppData\Local\{03CAE00B-981A-482D-8915-72FD4E3EF2B1} [2011.04.14 07:01:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.21 16:20:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.21 16:20:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\****\AppData\Roaming\5015 [2011.04.29 15:45:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.01 02:06:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.30 21:26:27 | 000,000,000 | ---D | M]

[2010.12.30 20:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\Mozilla\Extensions
[2011.05.07 06:06:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions
[2011.04.14 07:01:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.01 21:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}
[2011.04.14 07:01:00 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\battlefieldplay4free@ea.com
[2011.04.14 07:01:00 | 000,000,000 | ---D | M] (FIFA Online Web Launcher) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\eafo3fflauncher@ea.com
[2011.01.01 21:16:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\engine@conduit.com
[2011.02.19 16:29:57 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\firefox@tvunetworks.com
[2011.05.03 20:36:02 | 000,001,056 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\searchplugins\icqplugin.xml
[2011.04.14 05:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.04.21 16:20:39 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video&gt -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.04.21 16:20:39 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011.04.14 07:01:00 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\****\APPDATA\LOCAL\{03CAE00B-981A-482D-8915-72FD4E3EF2B1}
[2011.04.29 15:45:02 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\****\APPDATA\ROAMING\5015
[2010.12.30 21:03:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.05 16:50:02 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.05 16:50:02 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.05 16:50:02 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.05 16:50:02 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.05 16:50:02 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.04.30 20:38:27 | 000,433,294 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14910 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Cattree] C:\Users\****\AppData\Roaming\Linktree\linklib.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: infospyware.net ([www] https in Trusted sites)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.09.10 23:33:59 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2010.09.10 23:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2010.09.10 23:34:02 | 007,864,832 | R--- | M] () - D:\autorun.dat -- [ UDF ]
O32 - AutoRun File - [2010.09.10 23:33:38 | 000,000,141 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{dc86f325-1447-11e0-8218-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010.09.10 23:34:03 | 000,439,056 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.05.07 20:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Fighters
[2011.05.07 13:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\eDgMt2
[2011.05.06 03:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011.05.06 02:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\GamersFirst
[2011.05.02 16:07:53 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Artzhelferin Marsula
[2011.05.02 01:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2011.05.01 20:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANSTOSS 3
[2011.05.01 07:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.05.01 07:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011.05.01 07:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.05.01 07:33:21 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Otangy
[2011.05.01 07:33:21 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Kexox
[2011.04.30 20:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.04.30 20:28:02 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.04.30 18:20:49 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.04.30 14:16:38 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Linktree
[2011.04.30 07:01:38 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.04.30 07:01:38 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.30 07:01:38 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.30 07:01:38 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.04.30 07:01:38 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.04.30 07:01:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.30 07:01:38 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.04.30 07:01:38 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.04.30 07:01:38 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.04.30 07:01:38 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.04.30 07:01:38 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.30 07:01:38 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.04.30 07:01:38 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.04.30 07:01:38 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.30 07:01:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.30 07:01:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.04.30 07:01:38 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.30 07:01:38 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.30 07:01:38 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.30 07:01:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.30 07:01:37 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.04.30 07:01:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.30 07:01:37 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.30 07:01:37 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.30 07:01:37 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.30 07:01:37 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.30 07:01:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.04.30 07:01:37 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.30 07:01:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.04.30 07:01:37 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.04.30 07:01:37 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.04.30 07:01:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.30 07:01:37 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.30 07:01:37 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.04.30 07:01:37 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.04.30 07:01:37 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.30 07:01:37 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.04.30 07:01:37 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.04.30 07:01:37 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.29 17:46:42 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\UAs
[2011.04.29 17:12:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\assembly
[2011.04.29 15:45:02 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\5015
[2011.04.29 15:45:00 | 000,236,496 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\****\AppData\Roaming\AcroIEHelpe.dll
[2011.04.29 15:44:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\xmldm
[2011.04.29 15:44:47 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\kock
[2011.04.27 16:25:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011.04.27 16:25:49 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011.04.27 16:25:49 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011.04.27 16:25:48 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011.04.27 16:25:45 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.04.27 16:25:43 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.04.25 14:37:57 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\ElevatedDiagnostics
[2011.04.24 04:07:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\DDMSettings
[2011.04.23 00:07:51 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Savegame
[2011.04.22 03:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.04.21 16:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011.04.21 16:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011.04.21 16:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011.04.20 05:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\FEDORA2
[2011.04.20 03:50:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\vlc
[2011.04.18 18:46:11 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\TileRacer
[2011.04.18 18:42:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
[2011.04.18 18:42:06 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tile Racer 0.7
[2011.04.18 18:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tile Racer 0.7
[2011.04.18 18:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\TileRacer
[2011.04.18 05:13:50 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\capcom
[2011.04.18 00:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011.04.17 17:09:05 | 000,000,000 | ---D | C] -- C:\Users\****\DoctorWeb
[2011.04.16 18:36:58 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011.04.16 04:00:38 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\xp-AntiSpy
[2011.04.16 04:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\xp-AntiSpy
[2011.04.15 00:50:51 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.15 00:50:49 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.15 00:50:49 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.15 00:49:21 | 002,333,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.15 00:49:17 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011.04.15 00:49:15 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.04.15 00:49:12 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.15 00:49:12 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.14 21:56:57 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\gtk-2.0
[2011.04.14 06:09:27 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.04.14 06:09:23 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.04.14 06:09:23 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.04.14 06:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2011.04.14 06:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
[2011.04.14 05:56:41 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Uniblue
[2011.04.14 05:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\~0
[2011.04.14 05:51:14 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\PackageAware
[2011.04.14 04:33:20 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2011.04.14 04:33:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.14 04:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.14 04:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.14 04:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.04.14 04:07:35 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{03CAE00B-981A-482D-8915-72FD4E3EF2B1}
[2011.04.13 21:36:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\ZombieDriver
[2011.04.13 21:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011.04.12 20:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\Battlefront
[2011.04.12 14:17:53 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Leadertech
[2011.04.09 18:55:44 | 015,453,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xlive.dll
[2011.04.09 18:55:42 | 013,642,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xlivefnt.dll
[2011.04.09 14:23:34 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Skyfallen Entertaiment
[2011.04.09 02:27:36 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\NFS SHIFT
[2011.04.08 17:02:48 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\.minecraft
[2011.04.08 14:41:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011.04.08 14:40:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2011.04.08 14:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[1 C:\Users\****\AppData\Roaming\*.tmp files -> C:\Users\****\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.05.07 21:17:30 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ewungva.sys
[2011.05.07 20:34:16 | 000,013,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.07 20:34:16 | 000,013,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.07 20:32:31 | 000,668,746 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.07 20:32:31 | 000,620,338 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.07 20:32:31 | 000,134,336 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.07 20:32:31 | 000,110,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.07 20:26:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.07 20:26:15 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.07 20:24:21 | 000,000,000 | ---- | M] () -- C:\Users\****\2gweorjqjutp92vjy9gake
[2011.05.07 17:29:54 | 000,105,776 | ---- | M] () -- C:\temp.raw
[2011.05.06 02:23:09 | 000,137,544 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.05.06 02:23:00 | 000,189,480 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.05.06 02:21:13 | 000,138,056 | ---- | M] () -- C:\Users\****\AppData\Roaming\PnkBstrK.sys
[2011.05.06 02:19:02 | 000,001,078 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2011.05.06 02:19:02 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
[2011.05.06 02:15:29 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\War Rock.lnk
[2011.05.05 20:32:47 | 003,360,624 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[2011.05.02 01:05:23 | 000,001,697 | ---- | M] () -- C:\WarRock.ini
[2011.05.01 20:08:40 | 000,000,950 | ---- | M] () -- C:\Users\****\Desktop\ANSTOSS 3 starten.lnk
[2011.05.01 07:57:45 | 001,275,314 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011.04.30 22:23:54 | 000,032,812 | ---- | M] () -- C:\Users\****\Desktop\Pokemon - Kristall-Edition (D).sav
[2011.04.30 22:23:54 | 000,002,641 | ---- | M] () -- C:\Users\****\Desktop\vba.ini
[2011.04.30 21:26:48 | 000,131,072 | ---- | M] () -- C:\Users\****\Desktop\Pokemon Feuerrot (D).sav
[2011.04.30 20:58:41 | 000,000,096 | ---- | M] () -- C:\Windows\wininit.ini
[2011.04.30 20:38:27 | 000,433,294 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.04.30 07:01:38 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.04.30 07:01:38 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.30 07:01:38 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.30 07:01:38 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.04.30 07:01:38 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.04.30 07:01:38 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.30 07:01:38 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.04.30 07:01:38 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.04.30 07:01:38 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.04.30 07:01:38 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.04.30 07:01:38 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.30 07:01:38 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.04.30 07:01:38 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.04.30 07:01:38 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.30 07:01:38 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.04.30 07:01:38 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.30 07:01:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.04.30 07:01:38 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.30 07:01:38 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.30 07:01:38 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.30 07:01:37 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.30 07:01:37 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.04.30 07:01:37 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.30 07:01:37 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.30 07:01:37 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.30 07:01:37 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.30 07:01:37 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.30 07:01:37 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.04.30 07:01:37 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.30 07:01:37 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.04.30 07:01:37 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.04.30 07:01:37 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.04.30 07:01:37 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.30 07:01:37 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.30 07:01:37 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.04.30 07:01:37 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.04.30 07:01:37 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.30 07:01:37 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.04.30 07:01:37 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.04.30 07:01:37 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.29 15:45:00 | 000,236,496 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\****\AppData\Roaming\AcroIEHelpe.dll
[2011.04.28 05:15:11 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.28 01:09:15 | 000,032,768 | ---- | M] () -- C:\Users\****\Desktop\Pokemon Rot (D).sav
[2011.04.25 23:39:54 | 361,191,112 | ---- | M] () -- C:\Users\****\Documents\clip0041.avi
[2011.04.18 00:51:42 | 000,001,316 | ---- | M] () -- C:\Users\****\Desktop\Free YouTube to MP3 Converter.lnk
[2011.04.15 03:16:05 | 000,265,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.14 21:58:48 | 000,001,460 | ---- | M] () -- C:\Users\****\.recently-used.xbel
[2011.04.14 05:15:22 | 000,001,885 | ---- | M] () -- C:\Users\****\Desktop\Mozilla Firefox.lnk
[2011.04.14 04:33:15 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.14 04:11:48 | 000,001,120 | ---- | M] () -- C:\Users\****\Desktop\TeamSpeak 3 Client.lnk
[2011.04.13 21:36:25 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011.04.13 21:36:25 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011.04.09 18:55:44 | 015,453,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xlive.dll
[2011.04.09 18:55:42 | 013,642,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xlivefnt.dll
[2011.04.09 18:55:28 | 000,179,261 | ---- | M] () -- C:\Windows\System32\xlive.dll.cat
[2011.04.08 12:09:51 | 000,000,214 | ---- | M] () -- C:\Windows\System32\Script.vbs
[1 C:\Users\****\AppData\Roaming\*.tmp files -> C:\Users\****\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.05.07 21:17:30 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\ewungva.sys
[2011.05.07 20:24:21 | 000,000,000 | ---- | C] () -- C:\Users\****\2gweorjqjutp92vjy9gake
[2011.05.06 02:16:57 | 000,001,078 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2011.05.06 02:16:57 | 000,001,044 | ---- | C] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
[2011.05.06 02:15:29 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\War Rock.lnk
[2011.05.01 20:08:40 | 000,000,950 | ---- | C] () -- C:\Users\****\Desktop\ANSTOSS 3 starten.lnk
[2011.05.01 07:57:01 | 001,275,314 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011.05.01 04:28:03 | 000,002,041 | ---- | C] () -- C:\Users\****\Desktop\HIS-Play Now - Kopie.lnk
[2011.04.30 20:58:41 | 000,000,096 | ---- | C] () -- C:\Windows\wininit.ini
[2011.04.30 07:26:19 | 000,001,369 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.04.30 07:01:38 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.04.25 23:36:18 | 361,191,112 | ---- | C] () -- C:\Users\****\Documents\clip0041.avi
[2011.04.24 09:10:17 | 000,131,072 | ---- | C] () -- C:\Users\****\Desktop\Pokemon Feuerrot (D).sav
[2011.04.24 07:54:16 | 016,777,216 | ---- | C] () -- C:\Users\****\Desktop\Pokemon Feuerrot (D).gba
[2011.04.18 00:51:42 | 000,001,316 | ---- | C] () -- C:\Users\****\Desktop\Free YouTube to MP3 Converter.lnk
[2011.04.16 09:46:56 | 002,396,160 | ---- | C] () -- C:\Users\****\Desktop\FlatOut2.exe
[2011.04.16 09:46:44 | 559,116,397 | ---- | C] () -- C:\Users\****\Desktop\demo.bfs
[2011.04.16 00:51:59 | 000,032,812 | ---- | C] () -- C:\Users\****\Desktop\Pokemon - Kristall-Edition (D).sav
[2011.04.15 00:53:33 | 000,032,768 | ---- | C] () -- C:\Users\****\Desktop\Pokemon Rot (D).sav
[2011.04.15 00:53:29 | 000,002,641 | ---- | C] () -- C:\Users\****\Desktop\vba.ini
[2011.04.14 21:58:48 | 000,001,460 | ---- | C] () -- C:\Users\****\.recently-used.xbel
[2011.04.14 05:15:22 | 000,001,885 | ---- | C] () -- C:\Users\****\Desktop\Mozilla Firefox.lnk
[2011.04.14 04:33:15 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.14 04:11:48 | 000,001,120 | ---- | C] () -- C:\Users\****\Desktop\TeamSpeak 3 Client.lnk
[2011.04.12 20:41:31 | 000,007,680 | -HS- | C] () -- C:\ProgramData\tiff208img.obj
[2011.04.10 03:01:03 | 000,001,298 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.31 00:27:56 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini
[2011.03.19 23:24:26 | 000,000,080 | ---- | C] () -- C:\Users\****\AppData\Local\X-Plane Installer.prf
[2011.02.24 18:21:33 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.17 15:48:15 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2011.02.09 13:03:04 | 000,000,239 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.02.07 02:34:41 | 000,000,000 | ---- | C] () -- C:\Windows\Editor.INI
[2011.01.31 18:20:21 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.01.22 02:35:05 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.01.22 02:35:04 | 000,138,056 | ---- | C] () -- C:\Users\****\AppData\Roaming\PnkBstrK.sys
[2011.01.22 02:34:44 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.01.22 02:34:26 | 003,360,624 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011.01.22 02:34:26 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.01.08 09:13:48 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.01.04 21:41:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.14 10:47:43 | 000,668,746 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,134,336 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,265,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,620,338 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,110,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.12.09 17:23:13 | 000,047,840 | RHS- | C] () -- C:\Users\****\AppData\Roaming\appconf32.exe
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

========== LOP Check ==========

[2011.04.08 17:19:24 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\.minecraft
[2011.04.29 15:45:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\5015
[2011.01.08 09:13:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Atari
[2011.02.02 19:38:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Command and Conquer 4
[2011.04.14 07:01:00 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Digitanks
[2011.01.03 06:12:13 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.01 17:37:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla
[2011.02.05 16:43:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FOG Downloader
[2011.04.14 07:01:00 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GetRightToGo
[2011.04.14 21:58:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\gtk-2.0
[2011.04.12 14:49:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ
[2011.05.01 07:33:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Kexox
[2011.04.29 15:44:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\kock
[2011.04.12 14:17:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Leadertech
[2011.04.30 14:16:38 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Linktree
[2011.05.06 13:12:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Otangy
[2011.04.06 05:36:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Petroglyph
[2011.04.14 07:01:00 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ProtectDisc
[2011.05.02 16:06:05 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SoftGrid Client
[2011.04.14 07:00:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\temp
[2011.02.07 17:41:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thies Gerken
[2011.04.18 18:46:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TileRacer
[2011.02.15 08:18:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TP
[2011.05.01 18:08:24 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client
[2011.01.15 03:31:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TuneUp Software
[2011.04.30 07:36:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\UAs
[2011.04.14 05:56:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Uniblue
[2011.05.05 09:55:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\xmldm
[2011.04.14 07:00:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ZombieDriver
[2011.04.14 21:41:43 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMPFC5A2B2

< End of report >
Das komische war, das zusätzlich eine "Extras.txt" erstellt wurde.
Diese Poste ich mal zur vorsichtshalber mal auch:
Zitat:
OTL Extras logfile created on: 07.05.2011 21:18:00 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\****\Downloads
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 403,78 Gb Free Space | 86,69% Space Free | Partition Type: NTFS
Drive D: | 6,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{491DFBAA-77EF-4B06-8676-2FC66EEE049A}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}" = Battlefield 2(TM) Demo
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0062-0407-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - Deutsch
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{DEDF2885-0086-4534-9912-F9B97377ED07}" = AGEIA GAME System Software
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F686C148-CBAE-483D-92CE-B4D6913BDD77}" = LevelR
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ANSTOSS 3_is1" = ANSTOSS 3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"FileZilla Client" = FileZilla Client 3.3.5.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst War Rock" = War Rock
"heroes in the sky" = heroes in the sky
"HyperCam 2" = HyperCam 2
"InstallShield_{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.5
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.97-11

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Alt 07.05.2011, 22:11   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Brauche eine Auswertung! - Standard

Brauche eine Auswertung!



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 07.05.2011, 22:25   #3
Carbonas
 
Brauche eine Auswertung! - Standard

Brauche eine Auswertung!



Nein gab es nicht.
Ich mache alle 2 Wochen eine Log Datei diese ist halt die aktuellste und die anderen lösche ich halt nach 2 Wochen
__________________

Alt 07.05.2011, 23:24   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Brauche eine Auswertung! - Standard

Brauche eine Auswertung!



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
 HKCU..\Run: [Cattree] C:\Users\****\AppData\Roaming\Linktree\linklib.exe ()
 O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.09.10 23:33:59 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2010.09.10 23:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2010.09.10 23:34:02 | 007,864,832 | R--- | M] () - D:\autorun.dat -- [ UDF ]
O32 - AutoRun File - [2010.09.10 23:33:38 | 000,000,141 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{dc86f325-1447-11e0-8218-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010.09.10 23:34:03 | 000,439,056 | R--- | M] (Electronic Arts)
[2011.05.07 13:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\eDgMt2
[2011.05.01 07:33:21 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Otangy
[2011.05.01 07:33:21 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Kexox
[2011.04.30 14:16:38 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Linktree
[2011.04.29 17:46:42 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\UAs
[2011.04.29 15:45:02 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\5015
[2011.04.29 15:44:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\xmldm
[2011.04.29 15:44:47 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\kock
[2011.04.14 04:07:35 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{03CAE00B-981A-482D-8915-72FD4E3EF2B1}
[2011.04.13 21:36:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\ZombieDriver
[2011.05.07 21:17:30 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ewungva.sys
[2011.05.07 20:24:21 | 000,000,000 | ---- | M] () -- C:\Users\****\2gweorjqjutp92vjy9gake
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.05.2011, 23:35   #5
Carbonas
 
Brauche eine Auswertung! - Standard

Brauche eine Auswertung!



Hier ist die Log-Datei:
Zitat:
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File not found.
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
File move failed. D:\autorun.dat scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc86f325-1447-11e0-8218-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc86f325-1447-11e0-8218-806e6f6e6963}\ not found.
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
C:\Program Files\eDgMt2\mark\10 folder moved successfully.
C:\Program Files\eDgMt2\mark folder moved successfully.
C:\Program Files\eDgMt2 folder moved successfully.
C:\Users\****\AppData\Roaming\Otangy folder moved successfully.
C:\Users\****\AppData\Roaming\Kexox folder moved successfully.
C:\Users\****\AppData\Roaming\Linktree folder moved successfully.
C:\Users\****\AppData\Roaming\UAs folder moved successfully.
C:\Users\****\AppData\Roaming\5015\components folder moved successfully.
C:\Users\****\AppData\Roaming\5015 folder moved successfully.
C:\Users\****\AppData\Roaming\xmldm folder moved successfully.
C:\Users\****\AppData\Roaming\kock folder moved successfully.
C:\Users\****\AppData\Local\{03CAE00B-981A-482D-8915-72FD4E3EF2B1}\chrome\content folder moved successfully.
C:\Users\****\AppData\Local\{03CAE00B-981A-482D-8915-72FD4E3EF2B1}\chrome folder moved successfully.
C:\Users\****\AppData\Local\{03CAE00B-981A-482D-8915-72FD4E3EF2B1} folder moved successfully.
C:\Users\****\AppData\Roaming\ZombieDriver\Save\LeaderBoards folder moved successfully.
C:\Users\****\AppData\Roaming\ZombieDriver\Save folder moved successfully.
C:\Users\****\AppData\Roaming\ZombieDriver\Backup folder moved successfully.
C:\Users\****\AppData\Roaming\ZombieDriver folder moved successfully.
File C:\Windows\System32\drivers\ewungva.sys not found.
C:\Users\****\2gweorjqjutp92vjy9gake moved successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\ProgramData\TEMPFC5A2B2 deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.22.3 log created on 05082011_002748

Files\Folders moved on Reboot...
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
File move failed. D:\autorun.dat scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Vielen Dank für deine Hilfe.


Alt 07.05.2011, 23:58   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Brauche eine Auswertung! - Standard

Brauche eine Auswertung!



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
--> Brauche eine Auswertung!

Antwort

Themen zu Brauche eine Auswertung!
adobe, alternate, antivir, avgntflt.sys, avira, bho, call of duty, converter, defender, desktop, disabletaskmgr, error, explorer, extras.txt, firefox, flash player, format, helper, install.exe, langs, location, logfile, mozilla, mp3, nvidia, nvlddmkm.sys, oldtimer, opera, plug-in, recycle.bin, registry, rootkit.tdss.gen, rundll, scan, searchplugins, shell32.dll, software, start menu, system, teamspeak, temp, trojan.fakems, webcheck




Ähnliche Themen: Brauche eine Auswertung!


  1. BKA Trojaner brauche LOG Auswertung
    Log-Analyse und Auswertung - 29.08.2011 (17)
  2. Brauche Logfile auswertung
    Log-Analyse und Auswertung - 17.02.2009 (0)
  3. Brauche Logfile Auswertung
    Log-Analyse und Auswertung - 17.02.2009 (5)
  4. Pc fährt nicht mehr richtig runter und brauche eine HiJack Auswertung
    Mülltonne - 05.11.2008 (1)
  5. brauche dringend eine auswertung -> trojaner
    Mülltonne - 18.10.2008 (0)
  6. BRAUCHE Log-File AUSWERTUNG
    Log-Analyse und Auswertung - 08.06.2008 (12)
  7. ICH BRAUCHE EINE Log-File AUSWERTUNG
    Log-Analyse und Auswertung - 08.06.2008 (1)
  8. brauche dringend eine Auswertung
    Log-Analyse und Auswertung - 10.10.2007 (3)
  9. Brauche Hilfe bei der Auswertung
    Log-Analyse und Auswertung - 28.07.2007 (10)
  10. Brauche Hilfe bei der Auswertung :-(
    Log-Analyse und Auswertung - 27.03.2007 (2)
  11. Brauche mal Hilfe bei der Auswertung
    Log-Analyse und Auswertung - 28.04.2006 (8)
  12. brauche hilfe bei der auswertung
    Log-Analyse und Auswertung - 12.02.2006 (9)
  13. Brauche Hilfe zur Auswertung
    Log-Analyse und Auswertung - 24.10.2005 (1)
  14. Brauche Hilfe bei Auswertung
    Log-Analyse und Auswertung - 16.09.2005 (1)
  15. Brauche Auswertung:
    Log-Analyse und Auswertung - 06.03.2005 (5)
  16. Brauche hilfe bei der auswertung
    Log-Analyse und Auswertung - 28.01.2005 (1)
  17. Brauche Hilfe bei der Log Auswertung
    Log-Analyse und Auswertung - 07.12.2004 (6)

Zum Thema Brauche eine Auswertung! - Hallo, ich möchte gerne wissen was anhand der OTL-Log-Datei gefixxt werden müsste. Ergebniss der Malwarebyte Log-Datei: Zitat: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6528 Windows 6.1.7601 Service Pack 1 Internet - Brauche eine Auswertung!...
Archiv
Du betrachtest: Brauche eine Auswertung! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.