|
Log-Analyse und Auswertung: TR/VB.Downloader.Gen in C:\Windows\System32\Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.06.2011, 15:29 | #1 |
| TR/VB.Downloader.Gen in C:\Windows\System32\ Das Teil befindet sich leider in C:\Windows\System32\ und ich weiß auch nicht woher ich diesen Mist her habe.... Der TR/VB.Downloader.Gen befindet sich gerade in der Quarantäne von Avira. Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:27:03, on 18.06.2011 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Skype\Phone\Skype.exe C:\Windows\system32\taskmgr.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir Desktop\avcenter.exe C:\Users\Admin\Documents\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [4ECYTQ9SIC] C:\Users\Admin\AppData\Local\Temp\Fnl.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Global Startup: AutorunsDisabled O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvsvc32.exe -- End of file - 5547 bytes |
18.06.2011, 15:51 | #2 |
/// Malware-holic | TR/VB.Downloader.Gen in C:\Windows\System32\ hi,
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten.
__________________ |
18.06.2011, 17:52 | #3 |
| TR/VB.Downloader.Gen in C:\Windows\System32\ OTL.txt:
__________________Code:
ATTFilter OTL logfile created on: 18.06.2011 17:34:04 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Admin\Documents Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,50 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 49,00% Memory free 5,41 Gb Paging File | 4,32 Gb Available in Paging File | 79,97% Paging File free Paging file location(s): c:\pagefile.sys 4000 4000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 28,31 Gb Free Space | 37,98% Space Free | Partition Type: NTFS Computer Name: DESTUP-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Admin\Documents\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Admin\Documents\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (gupdate) Google Update Service (gupdate) -- File not found SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (UnsignedThemes) -- C:\Windows\UnsignedThemesSvc.exe (The Within Network, LLC) SRV - (UnrealIRCd) -- C:\Programme\Unreal3.2\wircd.exe (none) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation) DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (uxpatch) -- C:\Windows\System32\drivers\uxpatch.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (tandpl) -- C:\Windows\System32\drivers\tandpl.sys () DRV - (enodpl) -- C:\Windows\System32\drivers\enodpl.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2115117001-1291798607-573783808-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2115117001-1291798607-573783808-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2115117001-1291798607-573783808-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2115117001-1291798607-573783808-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 08 9F 7C DE FC CA 01 [binary data] IE - HKU\S-1-5-21-2115117001-1291798607-573783808-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}:2.9.10 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1 FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9 FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4 FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.29 17:03:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.16 16:30:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.04.30 09:47:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.05.01 01:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2010.05.01 01:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.06.13 15:20:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\lq3g9hib.Admin\extensions [2011.01.02 20:17:15 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\lq3g9hib.Admin\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [2010.12.26 10:57:50 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\lq3g9hib.Admin\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2010.12.25 22:54:36 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\lq3g9hib.Admin\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2011.06.12 21:17:47 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\lq3g9hib.Admin\extensions\de-DE@dictionaries.addons.mozilla.org [2011.05.28 08:50:47 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\lq3g9hib.Admin\extensions\foxyproxy@eric.h.jung [2010.12.25 22:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\tiobk0fb.default\extensions [2010.10.15 16:53:28 | 000,000,000 | ---D | M] (TwitterBar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\tiobk0fb.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37} [2010.05.01 13:34:40 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\tiobk0fb.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [2010.10.15 16:53:26 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\tiobk0fb.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2010.08.11 07:15:17 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\tiobk0fb.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.08.17 13:16:40 | 000,000,000 | ---D | M] (Oskar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\tiobk0fb.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66} [2010.05.25 13:55:53 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\tiobk0fb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.12.25 22:51:39 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\tiobk0fb.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010.08.17 13:22:07 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\tiobk0fb.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9} [2010.12.25 22:51:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\tiobk0fb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.05.01 12:54:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\tiobk0fb.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.04.21 16:20:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.08.18 17:20:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.01.08 15:26:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.21 16:20:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010.06.05 06:25:54 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION [2010.08.18 17:20:05 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.04.29 17:03:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.06.03 21:10:31 | 000,428,830 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 0.0.0.0 www.google-analytics.com O1 - Hosts: 0.0.0.0 google-analytics.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 14763 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Cmaudio] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1 O7 - HKU\S-1-5-21-2115117001-1291798607-573783808-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.182.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {08B0E5JF-4FCB-11CF-AAA5-00401C6XX500} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: AutorunsDisabled - Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm () Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.ffds - C:\Programme\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll () Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: VIDC.WMV3 - C:\Windows\System32\wmv9vcm.dll (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2011.06.18 17:31:14 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Documents\OTL.exe [2011.06.18 16:24:00 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Admin\Documents\HiJackThis.exe [2011.06.18 15:27:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\X_Chat_v2_8_9_keygen [2011.06.18 14:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XChat [2011.06.18 14:15:13 | 000,000,000 | ---D | C] -- C:\Programme\xchat3 [2011.06.17 03:05:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.06.17 03:05:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.06.17 03:05:37 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.06.17 03:05:37 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.06.12 09:30:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JonDoFox [2011.06.12 09:22:37 | 017,143,210 | ---- | C] (JonDos GmbH) -- C:\Users\Admin\Documents\JonDoFox.paf.exe [2011.06.05 17:12:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\skindevkit4_2 [2011.06.05 00:43:00 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.06.05 00:43:00 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.06.05 00:43:00 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.06.05 00:43:00 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.06.05 00:43:00 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.06.05 00:43:00 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.06.05 00:43:00 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.06.05 00:43:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.06.05 00:43:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.06.05 00:43:00 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.06.05 00:43:00 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.06.05 00:42:59 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.06.05 00:42:59 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.06.05 00:42:59 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.06.05 00:42:59 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.06.05 00:42:59 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.06.05 00:42:59 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.06.05 00:42:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.06.05 00:42:59 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.06.05 00:42:59 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.06.05 00:42:59 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.06.05 00:42:59 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.06.05 00:42:59 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.06.05 00:42:59 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.06.05 00:42:58 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.06.05 00:42:58 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.06.05 00:42:58 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.06.05 00:42:58 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.06.05 00:42:58 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.06.05 00:42:58 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.06.05 00:42:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.06.05 00:42:58 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.06.05 00:42:58 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.06.05 00:42:58 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.06.05 00:42:58 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.06.04 18:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5 [2011.06.04 18:01:07 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.5 [2011.06.03 22:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras [2011.06.02 20:55:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chronotron Inc [2011.06.02 14:59:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Opera [2011.06.02 14:59:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Opera [2011.06.02 14:59:04 | 000,000,000 | ---D | C] -- C:\Programme\Opera [2011.06.02 14:56:48 | 009,559,320 | ---- | C] (Opera Software ASA) -- C:\Users\Admin\Documents\Opera_1111_int_Setup.exe [2011.06.02 10:51:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citi Mining [2011.06.02 10:51:53 | 000,000,000 | ---D | C] -- C:\MINING [2011.06.02 10:48:53 | 013,059,445 | ---- | C] (ZX Games ) -- C:\Users\Admin\Documents\Boulder_Dash_Episode_I_de.exe [2011.05.29 21:00:08 | 000,000,000 | ---D | C] -- C:\Programme\UltraISO [2011.05.28 20:13:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\DCS [2011.05.28 19:58:58 | 001,031,168 | ---- | C] (hxxp://deluxe-tools.net/) -- C:\Users\Admin\Documents\DeLuXe-Chat-Spam.exe [2011.05.27 15:30:34 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2011.05.27 15:29:30 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe [2011.05.27 15:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.05.27 15:12:04 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2011.05.20 13:54:34 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2004.11.24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll ========== Files - Modified Within 30 Days ========== [2011.06.18 17:40:11 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2011.06.18 17:31:22 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Documents\OTL.exe [2011.06.18 17:07:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.06.18 16:55:26 | 000,000,246 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job [2011.06.18 16:54:23 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011.06.18 16:24:09 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Admin\Documents\HiJackThis.exe [2011.06.18 16:07:24 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.06.18 15:26:38 | 000,870,581 | ---- | M] () -- C:\Users\Admin\Documents\X_Chat_v2_8_9_keygen.zip [2011.06.18 14:32:21 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.06.18 14:32:21 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.06.18 14:32:21 | 000,388,320 | ---- | M] () -- C:\Windows\System32\perfh011.dat [2011.06.18 14:32:21 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.06.18 14:32:21 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc011.dat [2011.06.18 14:32:21 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.06.18 14:15:15 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\XChat.lnk [2011.06.18 14:12:56 | 000,999,091 | ---- | M] () -- C:\Users\Admin\Documents\xchat-2.8.9.exe [2011.06.18 11:28:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.18 07:25:49 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.18 07:25:49 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.17 13:20:05 | 000,842,266 | ---- | M] () -- C:\Users\Admin\Documents\NotYours.zip [2011.06.17 03:32:22 | 1207,066,624 | -HS- | M] () -- C:\hiberfil.sys [2011.06.13 15:32:52 | 004,877,888 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Admin\Documents\Shockwave_Installer_Slim.exe [2011.06.12 21:05:58 | 000,001,626 | ---- | M] () -- C:\Users\Admin\Desktop\ffipcheckresults.htm [2011.06.12 20:53:14 | 000,000,248 | ---- | M] () -- C:\Users\Admin\Desktop\ffmanipulation.htm [2011.06.12 09:24:53 | 017,143,210 | ---- | M] (JonDos GmbH) -- C:\Users\Admin\Documents\JonDoFox.paf.exe [2011.06.05 18:45:56 | 000,000,726 | ---- | M] () -- C:\Users\Admin\Desktop\allroundtalk-email.zip [2011.06.05 15:44:24 | 000,000,188 | ---- | M] () -- C:\Users\Admin\Desktop\test.htm [2011.06.05 00:43:00 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.06.05 00:43:00 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.06.05 00:43:00 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.06.05 00:43:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.06.05 00:43:00 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.06.05 00:43:00 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.06.05 00:43:00 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.06.05 00:43:00 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.06.05 00:43:00 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.06.05 00:43:00 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.06.05 00:43:00 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.06.05 00:42:59 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.06.05 00:42:59 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.06.05 00:42:59 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.06.05 00:42:59 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.06.05 00:42:59 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.06.05 00:42:59 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.06.05 00:42:59 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.06.05 00:42:59 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.06.05 00:42:59 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.06.05 00:42:59 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.06.05 00:42:59 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.06.05 00:42:59 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.06.05 00:42:59 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.06.05 00:42:59 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.06.05 00:42:58 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.06.05 00:42:58 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.06.05 00:42:58 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.06.05 00:42:58 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.06.05 00:42:58 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.06.05 00:42:58 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.06.05 00:42:58 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.06.05 00:42:58 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.06.05 00:42:58 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.06.05 00:42:58 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.06.05 00:42:58 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.06.04 10:11:27 | 000,000,074 | ---- | M] () -- C:\Users\Admin\Documents\listen_aac.pls [2011.06.03 21:10:31 | 000,428,830 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.06.02 20:54:04 | 000,523,873 | ---- | M] () -- C:\Users\Admin\Documents\Chronotron_v31.exe [2011.06.02 14:58:03 | 009,559,320 | ---- | M] (Opera Software ASA) -- C:\Users\Admin\Documents\Opera_1111_int_Setup.exe [2011.06.02 10:50:46 | 013,059,445 | ---- | M] (ZX Games ) -- C:\Users\Admin\Documents\Boulder_Dash_Episode_I_de.exe [2011.05.28 19:59:15 | 001,031,168 | ---- | M] (hxxp://deluxe-tools.net/) -- C:\Users\Admin\Documents\DeLuXe-Chat-Spam.exe [2011.05.20 13:54:34 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2011.06.18 15:48:27 | 000,000,246 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job [2011.06.18 15:26:33 | 000,870,581 | ---- | C] () -- C:\Users\Admin\Documents\X_Chat_v2_8_9_keygen.zip [2011.06.18 14:48:34 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2011.06.18 14:48:20 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011.06.18 14:15:15 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\XChat.lnk [2011.06.18 14:12:47 | 000,999,091 | ---- | C] () -- C:\Users\Admin\Documents\xchat-2.8.9.exe [2011.06.17 13:19:58 | 000,842,266 | ---- | C] () -- C:\Users\Admin\Documents\NotYours.zip [2011.06.12 20:52:59 | 000,001,626 | ---- | C] () -- C:\Users\Admin\Desktop\ffipcheckresults.htm [2011.06.12 20:12:36 | 000,000,248 | ---- | C] () -- C:\Users\Admin\Desktop\ffmanipulation.htm [2011.06.05 18:45:55 | 000,000,726 | ---- | C] () -- C:\Users\Admin\Desktop\allroundtalk-email.zip [2011.06.05 15:41:17 | 000,000,188 | ---- | C] () -- C:\Users\Admin\Desktop\test.htm [2011.06.05 00:42:59 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.06.04 10:11:14 | 000,000,074 | ---- | C] () -- C:\Users\Admin\Documents\listen_aac.pls [2011.06.02 20:53:57 | 000,523,873 | ---- | C] () -- C:\Users\Admin\Documents\Chronotron_v31.exe [2011.06.02 14:59:08 | 000,001,809 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2011.01.28 14:49:54 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll [2011.01.28 14:49:53 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll [2011.01.15 02:24:45 | 000,000,632 | ---- | C] () -- C:\Windows\Sof2.INI [2011.01.09 01:51:13 | 000,007,625 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg [2010.12.19 09:38:12 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys [2010.12.19 09:38:11 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys [2010.08.28 10:12:08 | 000,073,728 | ---- | C] () -- C:\Windows\System32\GkSui18.EXE [2010.08.22 09:15:00 | 000,061,923 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\play.mid [2010.08.15 16:18:50 | 000,103,856 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.08.15 15:49:15 | 000,021,276 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\UserTile.png [2010.08.13 17:07:35 | 000,006,656 | --S- | C] () -- C:\Windows\System32\cygcrypt-0.dll [2010.08.05 15:18:24 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.07.16 17:03:20 | 000,141,988 | ---- | C] () -- C:\Windows\System32\perfi011.dat [2010.07.16 17:03:19 | 000,388,320 | ---- | C] () -- C:\Windows\System32\perfh011.dat [2010.07.16 17:03:19 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc011.dat [2010.07.16 17:03:19 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd011.dat [2010.05.16 15:22:10 | 000,000,121 | ---- | C] () -- C:\Windows\rdrive.ini [2010.05.02 06:32:06 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.04.30 22:15:48 | 000,233,472 | ---- | C] () -- C:\Windows\System32\cmirmdrv.exe [2010.04.30 22:15:48 | 000,028,672 | ---- | C] () -- C:\Windows\System32\cmirmdrv.dll [2010.04.30 22:15:41 | 000,000,092 | ---- | C] () -- C:\Windows\CMISETUP.INI [2010.04.30 22:15:41 | 000,000,026 | ---- | C] () -- C:\Windows\CMCDPLAY.INI [2010.04.30 22:15:40 | 000,000,146 | ---- | C] () -- C:\Windows\Wininit.ini [2010.04.30 22:15:25 | 000,266,240 | ---- | C] () -- C:\Windows\CMIUninstall.exe [2010.04.30 22:15:25 | 000,225,280 | ---- | C] () -- C:\Windows\CmiRmRedundDir.exe [2010.04.30 22:15:25 | 000,028,672 | ---- | C] () -- C:\Windows\CMIRmDriver.dll [2010.04.30 22:07:59 | 000,002,422 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2010.04.30 21:57:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.07.14 10:47:43 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,317,632 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.07.13 01:07:46 | 000,025,448 | ---- | C] () -- C:\Windows\System32\drivers\uxpatch.sys [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2008.12.19 17:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll [2008.12.17 19:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll [2008.12.17 19:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2008.12.17 19:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.12.17 19:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll [2008.12.17 18:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll [2008.05.03 06:46:00 | 001,703,936 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll [2008.05.03 06:46:00 | 001,630,208 | ---- | C] () -- C:\Windows\System32\nwiz.exe [2008.05.03 06:46:00 | 001,486,848 | ---- | C] () -- C:\Windows\System32\nview.dll [2008.05.03 06:46:00 | 001,339,392 | ---- | C] () -- C:\Windows\System32\nvdspsch.exe [2008.05.03 06:46:00 | 001,019,904 | ---- | C] () -- C:\Windows\System32\nvwimg.dll [2008.05.03 06:46:00 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvshell.dll [2008.05.03 06:46:00 | 000,442,368 | ---- | C] () -- C:\Windows\System32\nvappbar.exe [2008.05.03 06:46:00 | 000,425,984 | ---- | C] () -- C:\Windows\System32\keystone.exe [2008.05.03 06:46:00 | 000,286,720 | ---- | C] () -- C:\Windows\System32\nvnt4cpl.dll [2007.04.25 07:11:07 | 000,007,728 | ---- | C] () -- C:\Windows\cadx2.ini [2006.11.02 18:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\System32\sherlock2.exe [2006.07.26 11:58:12 | 000,012,318 | -H-- | C] () -- C:\Users\Admin\AppData\Roaming\logs.dat [2004.10.03 19:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll [2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe [2000.03.29 16:17:42 | 000,005,824 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS ========== LOP Check ========== [2011.01.03 13:06:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.minecraft [2010.05.14 11:41:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\avidemux [2010.08.24 22:08:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Clonk [2010.08.28 10:36:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Clonk Rage [2010.08.09 11:27:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers [2011.06.12 21:06:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla [2011.04.27 11:46:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Free Download Manager [2011.06.04 18:12:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ [2010.09.11 16:13:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mp3tag [2010.05.01 11:19:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\nView_Wallpaper [2011.06.02 14:59:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera [2010.08.15 15:49:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PeerNetworking [2010.09.12 13:15:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Software Informer [2010.05.01 01:36:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird [2011.03.19 07:58:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TubeBox [2011.06.18 15:31:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\X-Chat 2 [2010.09.12 17:15:11 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.06.18 16:54:23 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011.06.18 16:55:26 | 000,000,246 | -H-- | M] () -- C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job [2011.06.18 17:40:11 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.01.03 13:06:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.minecraft [2010.08.03 16:42:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe [2010.05.14 11:41:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\avidemux [2010.05.01 12:00:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Avira [2010.08.24 22:08:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Clonk [2010.08.28 10:36:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Clonk Rage [2010.07.03 15:14:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\dvdcss [2010.08.09 11:27:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers [2011.06.12 21:06:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FileZilla [2011.04.27 11:46:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Free Download Manager [2011.06.04 18:12:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ [2010.04.30 21:40:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities [2011.06.17 05:27:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs [2010.06.19 11:46:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Player Classic [2011.06.18 15:28:43 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft [2011.02.13 12:06:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mIRC [2010.04.30 21:57:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla [2010.09.11 16:13:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mp3tag [2010.05.01 11:19:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\nView_Wallpaper [2011.06.02 14:59:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera [2010.08.15 15:49:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PeerNetworking [2011.06.18 16:38:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Skype [2011.06.05 00:07:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\skypePM [2010.09.12 13:15:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Software Informer [2010.05.01 01:36:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird [2011.03.19 07:58:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TubeBox [2011.04.20 17:28:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\vlc [2010.08.28 15:08:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Winamp [2011.06.18 15:31:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\X-Chat 2 < %APPDATA%\*.exe /s > [2011.03.19 07:46:39 | 000,034,494 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{62733593-6322-4C89-8B50-F714305A4DC6}\_6FEFF9B68218417F98F549.exe [2011.03.19 08:01:57 | 000,010,134 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_6514C169A30B32C1D9071C.exe [2011.03.19 08:01:56 | 000,034,494 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_6FEFF9B68218417F98F549.exe [2011.03.19 08:01:57 | 000,355,574 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_A284EAE41E055547217DE7.exe [2011.03.19 08:01:56 | 000,080,992 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_BEA59818F40318269C802B.exe [2011.03.19 08:01:56 | 000,355,574 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_E3DBAAA0CAF950FA4295EE.exe < %SYSTEMDRIVE%\*.exe > [2010.12.22 17:12:25 | 018,409,476 | ---- | M] () -- C:\TOU10.exe < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2010.05.14 02:05:24 | 000,028,797 | R--- | M] () MD5=550FCC05BC8E3FFCE13D92A7DC542D93 -- C:\Perl\lib\auto\Win32\EventLog\EventLog.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\033b0c7c2634a2c344c62aab1ebcd6ad\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2010.01.12 20:59:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2010.01.12 20:59:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\033b0c7c2634a2c344c62aab1ebcd6ad\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\033b0c7c2634a2c344c62aab1ebcd6ad\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\033b0c7c2634a2c344c62aab1ebcd6ad\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\033b0c7c2634a2c344c62aab1ebcd6ad\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\033b0c7c2634a2c344c62aab1ebcd6ad\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\033b0c7c2634a2c344c62aab1ebcd6ad\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\033b0c7c2634a2c344c62aab1ebcd6ad\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > Code:
ATTFilter OTL Extras logfile created on: 18.06.2011 17:34:04 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Admin\Documents Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,50 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 49,00% Memory free 5,41 Gb Paging File | 4,32 Gb Available in Paging File | 79,97% Paging File free Paging file location(s): c:\pagefile.sys 4000 4000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 28,31 Gb Free Space | 37,98% Space Free | Partition Type: NTFS Computer Name: DESTUP-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2115117001-1291798607-573783808-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant *S-1-5-32-544:F /t (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\xchat3\xchat.exe" = C:\Program Files\xchat3\xchat.exe:*:Enabled:XChat IRC Client -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02844254-52C7-11D6-AAEC-0004769EEFEB}" = Cannon Hill "{1E149C09-25F5-48E9-8E04-8CC478F31D95}" = XIII Demo Online "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{42BC0474-6E50-464A-8183-5E3D32E41B1B}" = XIII "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3 "{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}" = Serious Sam: The Second Encounter "{663140E6-EB60-11D6-AAED-0004769EEFEB}" = Snake Arena SE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{7D5E1317-71E3-41A9-8755-98F5EC92D510}" = ActivePerl 5.12.1 Build 1201 "{815050E5-F545-11D4-9569-004095812ACC}" = Serious Sam: Der erste Kontakt "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{EAE8F6AB-68E8-4AA9-9518-F677090690B2}" = TubeBox! "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Anope IRC Services" = Anope IRC Services 1.8.4 "Avidemux 2.5" = Avidemux 2.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Chipamp" = Chipamp "Chronotron_NSIS" = Chronotron Plug-in for Winamp/WMP 9 (remove only) "Clonk Endeavour" = Clonk Endeavour 4.95.5 "Clonk Planet" = Clonk Planet "Clonk Rage" = Clonk Rage "C-Media Audio" = C-Media 3D Audio "C-Media Audio Driver" = C-Media WDM Audio Driver "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "FileZilla Client" = FileZilla Client 3.2.7.1 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free Download Manager_is1" = Free Download Manager 3.0 "Free YouTube Download_is1" = Free YouTube Download 2.6 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "HijackThis" = HijackThis 2.0.2 "Hogs Of War" = Frontschweine "Media Converter SA Edition" = Media Converter SA Edition 0.8 "Messenger Plus!" = Messenger Plus! 5 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "mIRC" = mIRC "Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de) "Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10) "Mp3tag" = Mp3tag v2.46a "NVIDIA Drivers" = NVIDIA Drivers "RocketDock_is1" = RocketDock 1.3.5 "SeriousSam2" = Serious Sam 2 "SWFPlayer_is1" = SWFPlayer 2.6.2.0 "TOU" = TOU "Turok 2" = Turok 2: Seeds of Evil "Uninstall_is1" = Uninstall 1.0.0.1 "Unlocker" = Unlocker 1.9.0 "UnrealIRCd_is1" = UnrealIRCd3.2.8.1 "UserBar Generator_is1" = UserBar Generator 1.2 "VLC media player" = VLC media player 1.1.4 "WinAce Archiver" = WinAce Archiver "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WMV9_VCM" = Microsoft Windows Media Video 9 VCM "xchat" = XChat 2 (remove only) "X-Chat 2_is1" = X-Chat 2.8.6-2 "XP Codec Pack" = XP Codec Pack ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2115117001-1291798607-573783808-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Opera 11.11.2109" = Opera 11.11 "Winamp Detect" = Winamp Anwendungserkennung ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 17.06.2011 02:54:10 | Computer Name = Destup-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: xchat.exe, Version: 2.8.6.0, Zeitstempel: 0x49b43202 Name des fehlerhaften Moduls: xcwinamp.dll, Version: 0.0.0.0, Zeitstempel: 0x4491c8c7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001230 ID des fehlerhaften Prozesses: 0xde0 Startzeit der fehlerhaften Anwendung: 0x01cc2cbb3d01aaf6 Pfad der fehlerhaften Anwendung: C:\Program Files\X-Chat 2\xchat.exe Pfad des fehlerhaften Moduls: C:\Program Files\X-Chat 2\plugins\xcwinamp.dll Berichtskennung: 99c9b153-98ae-11e0-ad70-00138f7af8cf Error - 17.06.2011 02:57:56 | Computer Name = Destup-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: xchat.exe, Version: 2.8.6.0, Zeitstempel: 0x49b43202 Name des fehlerhaften Moduls: xcwinamp.dll, Version: 0.0.0.0, Zeitstempel: 0x4491c8c7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001230 ID des fehlerhaften Prozesses: 0x88c Startzeit der fehlerhaften Anwendung: 0x01cc2cbbbb127427 Pfad der fehlerhaften Anwendung: C:\Program Files\X-Chat 2\xchat.exe Pfad des fehlerhaften Moduls: C:\Program Files\X-Chat 2\plugins\xcwinamp.dll Berichtskennung: 20c04524-98af-11e0-ad70-00138f7af8cf Error - 17.06.2011 02:59:20 | Computer Name = Destup-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: xchat.exe, Version: 2.8.6.0, Zeitstempel: 0x49b43202 Name des fehlerhaften Moduls: xcwinamp.dll, Version: 0.0.0.0, Zeitstempel: 0x4491c8c7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001230 ID des fehlerhaften Prozesses: 0x5d8 Startzeit der fehlerhaften Anwendung: 0x01cc2cbbedaced5e Pfad der fehlerhaften Anwendung: C:\Program Files\X-Chat 2\xchat.exe Pfad des fehlerhaften Moduls: C:\Program Files\X-Chat 2\plugins\xcwinamp.dll Berichtskennung: 52abf3f5-98af-11e0-ad70-00138f7af8cf Error - 17.06.2011 03:01:49 | Computer Name = Destup-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: xchat.exe, Version: 2.8.6.0, Zeitstempel: 0x49b43202 Name des fehlerhaften Moduls: xcwinamp.dll, Version: 0.0.0.0, Zeitstempel: 0x4491c8c7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001230 ID des fehlerhaften Prozesses: 0x410 Startzeit der fehlerhaften Anwendung: 0x01cc2cbc5d7d763a Pfad der fehlerhaften Anwendung: C:\Program Files\X-Chat 2\xchat.exe Pfad des fehlerhaften Moduls: C:\Program Files\X-Chat 2\plugins\xcwinamp.dll Berichtskennung: ab792a1b-98af-11e0-ad70-00138f7af8cf Error - 17.06.2011 03:03:44 | Computer Name = Destup-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: xchat.exe, Version: 2.8.6.0, Zeitstempel: 0x49b43202 Name des fehlerhaften Moduls: xcwinamp.dll, Version: 0.0.0.0, Zeitstempel: 0x4491c8c7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001230 ID des fehlerhaften Prozesses: 0xf38 Startzeit der fehlerhaften Anwendung: 0x01cc2cbc4e4f6353 Pfad der fehlerhaften Anwendung: C:\Program Files\X-Chat 2\xchat.exe Pfad des fehlerhaften Moduls: C:\Program Files\X-Chat 2\plugins\xcwinamp.dll Berichtskennung: efc609bb-98af-11e0-ad70-00138f7af8cf Error - 17.06.2011 12:50:24 | Computer Name = Destup-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 2.0.1.4120 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ca0 Startzeit: 01cc2c9e5ea9ccb8 Endzeit: 769 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe Berichts-ID: defeb854-9901-11e0-ad70-00138f7af8cf Error - 18.06.2011 09:18:05 | Computer Name = Destup-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Fnm.exe, Version: 0.0.0.0, Zeitstempel: 0x4df61dd3 Name des fehlerhaften Moduls: mshtml.dll, Version: 9.0.8112.16430, Zeitstempel: 0x4db210c4 Ausnahmecode: 0xc0000005 Fehleroffset: 0x002bb714 ID des fehlerhaften Prozesses: 0x3e0 Startzeit der fehlerhaften Anwendung: 0x01cc2db997467b0e Pfad der fehlerhaften Anwendung: C:\Users\Admin\AppData\Local\Temp\Fnm.exe Pfad des fehlerhaften Moduls: C:\Windows\System32\mshtml.dll Berichtskennung: 66874735-99ad-11e0-ad70-00138f7af8cf Error - 18.06.2011 09:54:44 | Computer Name = Destup-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 2.0.1.4120 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f78 Startzeit: 01cc2d0ea6f2d168 Endzeit: 1348 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe Berichts-ID: 7a2ddf43-99b2-11e0-ad70-00138f7af8cf Error - 18.06.2011 10:07:14 | Computer Name = Destup-PC | Source = Application Hang | ID = 1002 Description = Programm avscan.exe, Version 10.0.4.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 7c0 Startzeit: 01cc2dc0d9f89858 Endzeit: 3069 Anwendungspfad: C:\Program Files\Avira\AntiVir Desktop\avscan.exe Berichts-ID: 27d33799-99b4-11e0-ad70-00138f7af8cf Error - 18.06.2011 11:26:53 | Computer Name = Destup-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. [ System Events ] Error - 03.06.2011 05:31:06 | Computer Name = Destup-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 03.06.2011 07:31:44 | Computer Name = Destup-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht. Error - 04.06.2011 18:48:07 | Computer Name = Destup-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error - 05.06.2011 02:44:03 | Computer Name = Destup-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 10.06.2011 07:25:47 | Computer Name = Destup-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error - 10.06.2011 23:41:56 | Computer Name = Destup-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht. Error - 16.06.2011 10:16:27 | Computer Name = Destup-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error - 16.06.2011 10:31:52 | Computer Name = Destup-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. Error - 16.06.2011 14:07:54 | Computer Name = Destup-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error - 16.06.2011 21:32:18 | Computer Name = Destup-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6 Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten. < End of report > |
18.06.2011, 17:54 | #4 |
/// Malware-holic | TR/VB.Downloader.Gen in C:\Windows\System32\ bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
18.06.2011, 18:48 | #5 |
| TR/VB.Downloader.Gen in C:\Windows\System32\ ComboFix log: Code:
ATTFilter ComboFix 11-06-17.04 - Admin 18.06.2011 19:22:57.1.1 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.1535.619 [GMT 2:00] ausgeführt von:: c:\users\Admin\Documents\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\tinyidentd\TinyIdentD.exe c:\windows\IsUn0407.exe c:\windows\system32\spynet . . ((((((((((((((((((((((( Dateien erstellt von 2011-05-18 bis 2011-06-18 )))))))))))))))))))))))))))))) . . 2011-06-18 17:37 . 2011-06-18 17:38 -------- d-----w- c:\users\Admin\AppData\Local\temp 2011-06-18 17:37 . 2011-06-18 17:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-18 12:15 . 2011-06-18 12:16 -------- d-----w- c:\program files\xchat3 2011-06-17 01:05 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-06-17 01:05 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2011-06-17 01:05 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-06-16 19:15 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-16 19:15 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-16 19:15 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-16 19:15 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-16 19:15 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-16 19:15 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-16 19:15 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-16 19:15 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-16 19:15 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-16 19:15 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-16 19:15 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-07 10:35 . 2011-06-07 10:35 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2011-06-04 16:01 . 2011-06-04 16:05 -------- d-----w- c:\program files\ICQ7.5 2011-06-03 20:09 . 2011-06-03 20:10 -------- d-----w- c:\programdata\Skype Extras 2011-06-02 12:59 . 2011-06-02 12:59 -------- d-----w- c:\users\Admin\AppData\Local\Opera 2011-06-02 12:59 . 2011-06-02 12:59 -------- d-----w- c:\program files\Opera 2011-06-02 08:51 . 2011-06-02 08:51 -------- d-----w- C:\MINING 2011-05-29 19:00 . 2011-05-29 19:06 -------- d-----w- c:\program files\UltraISO 2011-05-27 13:30 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-05-27 13:29 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-05-27 13:12 . 2011-05-27 13:12 -------- d-----w- c:\program files\Common Files\Skype 2011-05-20 11:54 . 2011-05-20 11:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-11 07:04 . 2011-04-26 08:51 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3B52971-6754-419B-91F7-5EADE5906094}\mpengine.dll 2011-04-09 06:13 . 2011-05-13 11:25 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:13 . 2011-05-13 11:25 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-29 15:03 . 2011-03-25 12:21 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-10-09 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-09 7741440] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-09 81920] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "FilterAdministratorToken"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] 2011-06-04 16:01 124216 ----a-w- c:\program files\ICQ7.5\ICQ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-10-29 12:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R4 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-12 21096] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-30 136360] S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-07-12 25448] S3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . Inhalt des "geplante Tasks" Ordners . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm IE: Free YouTube Download - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm IE: Free YouTube to Mp3 Converter - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe TCP: DhcpNameServer = 192.168.182.1 FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lq3g9hib.Admin\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT166931&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT166931&q= FF - prefs.js: network.proxy.ftp - 194.154.200.21 FF - prefs.js: network.proxy.ftp_port - 3128 FF - prefs.js: network.proxy.http - 194.154.200.21 FF - prefs.js: network.proxy.http_port - 3128 FF - prefs.js: network.proxy.socks - 194.154.200.21 FF - prefs.js: network.proxy.socks_port - 3128 FF - prefs.js: network.proxy.ssl - 194.154.200.21 FF - prefs.js: network.proxy.ssl_port - 3128 FF - prefs.js: network.proxy.type - 0 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM-Run-Cmaudio - cmicnfg.cpl AddRemove-Clonk Endeavour - c:\clonk endeavour\uninst.exe AddRemove-Hogs Of War - c:\windows\IsUn0407.exe AddRemove-Turok 2 - c:\windows\IsUn0407.exe AddRemove-WinAce Archiver - c:\program files\WinAce\SXUNINST.EXE . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2011-06-18 19:44:11 ComboFix-quarantined-files.txt 2011-06-18 17:44 . Vor Suchlauf: 20 Verzeichnis(se), 30.279.929.856 Bytes frei Nach Suchlauf: 24 Verzeichnis(se), 30.226.436.096 Bytes frei . - - End Of File - - D2C4F16C6D0C9C15E8836E3C2DE94A56 |
18.06.2011, 18:50 | #6 |
/// Malware-holic | TR/VB.Downloader.Gen in C:\Windows\System32\ download malwarebytes: Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________ --> TR/VB.Downloader.Gen in C:\Windows\System32\ |
18.06.2011, 19:51 | #7 |
| TR/VB.Downloader.Gen in C:\Windows\System32\ Malwarebytes' Anti-Malware log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 6888 Windows 6.1.7600 Internet Explorer 9.0.8112.16421 18.06.2011 20:50:03 mbam-log-2011-06-18 (20-50-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 285415 Laufzeit: 39 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Admin\documents\SF.exe (Adware.Relevantknowledge) -> Quarantined and deleted successfully. c:\Users\Admin\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully. |
18.06.2011, 19:54 | #8 |
/// Malware-holic | TR/VB.Downloader.Gen in C:\Windows\System32\ hi, machst du onlinebanking einkäufe oder sonst was wichtiges mit dem pc?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
18.06.2011, 20:03 | #9 |
| TR/VB.Downloader.Gen in C:\Windows\System32\ Eigentlich nicht, nur rein Hobbymäßig. (Chat, Zocken etc) Ich wollte nur einen Crack für einen IRC-Clienten, aber wohl falsche Anwendung erwischt und infiziert worden. |
18.06.2011, 20:05 | #10 |
/// Malware-holic | TR/VB.Downloader.Gen in C:\Windows\System32\ naja, mit der aussage hast du dich für jede weitere hilfe disqualifiziert. wir unterstützen hier nichts was mit keygens etc zu tun hatt, die leute die so was nutzen müssen sich über denkzettel nicht wundern. zumal es für irc so viele kostelose software gibt. du bekommst hier nur hilfe beim formatieren und neu aufsetzen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
18.06.2011, 21:47 | #11 |
| TR/VB.Downloader.Gen in C:\Windows\System32\ Ist auch nicht mehr nötig, da die Malware jetzt eh weg ist. |
Themen zu TR/VB.Downloader.Gen in C:\Windows\System32\ |
adobe, adware.relevantknowledge, antivir, antivir guard, avg, avira, bifrose.trace, converter, desktop, download, excel, firefox, free download, hijack, internet, internet explorer, mp3, nvidia, plug-in, software, system, tr/vb.downloader.gen, windows |