| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner im Recycle.bin, Datei nicht existend?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.10.2011, 21:41
| #1 |
 |  Trojaner im Recycle.bin, Datei nicht existend? Hi, erstmal grüße an alle User und Admins  Ich habe heute mal den Lavasoft Ad-Aware bemüht und einen vollständigen Scan durchgeführt. Ich war sehr überrascht, dass ich einen Trojaner hab bzw. hoffe dass es nicht so wild ist. Am Besten ist, wenn ich einfach die Log Datei hier poste. Es geht hauptsächlich um diesen Eintrag hier Code:
ATTFilter c:\$recycle.bin\s-1-5-21-627701320-1578443614-114551620-1001\$ro9vojg.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: b6ac9256dc2c68751facf49b48ffe16e
Code:
ATTFilter c:\$recycle.bin\s-1-5-21-627701320-1578443614-114551620-1001\
Hab sie momentan in Quarantäne gepackt....Übrigens hat ein Scan mit Malwarebytes und Spybot S&D nur tracking cookies zu Tage gebracht, aber diesen Trojaner hat nur Ad Aware erkannt... Bin für jede Hilfe dankbar!  Code:
ATTFilter Logfile created: 04.10.2011 19:44:59
Ad-Aware version: 9.5.1
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Admin
*********************** Definitions database information ***********************
Lavasoft definition file: 150.585
Genotype definition file version: 2011/09/21 13:56:01
Extended engine definition file: 10658.0
******************************** Scan results: *********************************
Scan profile name: Vollständiger Scan (ID: full)
Objects scanned: 185772
Objects detected: 9
Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 1
Folders.........: 0
LSPs............: 0
Cookies.........: 8
Browser hijacks.: 0
MRU objects.....: 0
Removed items:
Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0
Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0
Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Quarantined items:
Description: c:\$recycle.bin\s-1-5-21-627701320-1578443614-114551620-1001\$ro9vojg.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: b6ac9256dc2c68751facf49b48ffe16e
Scan and cleaning complete: Finished correctly after 2989 seconds
*********************************** Settings ***********************************
Scan profile:
ID: full, enabled:1, value: Vollständiger Scan
ID: folderstoscan, enabled:1, value: C:\,D:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Wed Sep 28 12:33:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Wed Sep 28 18:33:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Wed Sep 28 00:33:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Wed Sep 28 06:33:00 2011
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Wed Sep 28 12:33:00 2011
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: true
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: false
ID: guimode, enabled:1, value: mode_advanced, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: de, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: false
ID: maintainbackup, enabled:1, value: true
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true
****************************** System information ******************************
Computer name: ADMINS_KNECHT
Processor name: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz
Processor identifier: x86 Family 6 Model 23 Stepping 7
Processor speed: ~3604MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 5895, number of processors 4, processor features: [MMX,SSE,SSE2,SSE3]
Physical memory available: 2103443456 bytes
Physical memory total: 3488079872 bytes
Virtual memory available: 1926651904 bytes
Virtual memory total: 2147352576 bytes
Memory load: 39%
Microsoft Service Pack 1 (build 7601)
Windows startup mode:
Running processes:
PID: 332 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 464 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 532 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 540 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 580 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 600 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 608 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 696 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 772 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 852 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 876 name: C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 920 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 988 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1048 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1100 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1252 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1400 name: C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1416 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1444 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1528 name: C:\Program Files\AVAST Software\Avast\AvastSvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1112 name: C:\Windows\System32\dwm.exe owner: Admin domain: Admins_Knecht
PID: 1368 name: C:\Windows\explorer.exe owner: Admin domain: Admins_Knecht
PID: 1304 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1712 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1536 name: C:\Windows\System32\taskhost.exe owner: Admin domain: Admins_Knecht
PID: 344 name: C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 480 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 2120 name: C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 2220 name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2240 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 2356 name: C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2400 name: C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE owner: SYSTEM domain: NT-AUTORITÄT
PID: 2476 name: C:\Program Files\AVAST Software\Avast\AvastUI.exe owner: Admin domain: Admins_Knecht
PID: 2856 name: C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE owner: SYSTEM domain: NT-AUTORITÄT
PID: 3008 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3732 name: C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe owner: Admin domain: Admins_Knecht
PID: 4024 name: C:\Windows\RtHDVCpl.exe owner: Admin domain: Admins_Knecht
PID: 2420 name: C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe owner: Admin domain: Admins_Knecht
PID: 3596 name: C:\Program Files\Windows Sidebar\sidebar.exe owner: Admin domain: Admins_Knecht
PID: 1148 name: C:\Program Files\Logitech\SetPoint\SetPoint.exe owner: Admin domain: Admins_Knecht
PID: 1320 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 4036 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 2192 name: C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe owner: Admin domain: Admins_Knecht
PID: 4416 name: C:\Windows\System32\dllhost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 5712 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3100 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3904 name: C:\Program Files\Windows Defender\MpCmdRun.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 2468 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 5728 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 5268 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 5020 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Admin domain: Admins_Knecht
PID: 3908 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Admin domain: Admins_Knecht
Startup items:
Name: avast
imagepath: "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
Name: Kernel and Hardware Abstraction Layer
imagepath: KHALMNPR.EXE
Name: RtHDVCpl
imagepath: RtHDVCpl.exe
Name: Skytel
imagepath: Skytel.exe
Name: JMB36X IDE Setup
imagepath: C:\Windows\RaidTool\xInsIDE.exe
Name: Windows7FirewallControl
imagepath: C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name:
imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
imagepath: C:\Program Files\Logitech\SetPoint\SetPoint.exe
Name:
imagepath: C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Bootexecute items:
Name:
imagepath: autocheck autochk *
Running services:
Name: AeLookupSvc
displayname: Anwendungserfahrung
Name: Appinfo
displayname: Anwendungsinformationen
Name: AudioEndpointBuilder
displayname: Windows-Audio-Endpunkterstellung
Name: Audiosrv
displayname: Windows-Audio
Name: avast! Antivirus
displayname: avast! Antivirus
Name: BFE
displayname: Basisfiltermodul
Name: BITS
displayname: Intelligenter Hintergrundübertragungsdienst
Name: Browser
displayname: Computerbrowser
Name: CryptSvc
displayname: Kryptografiedienste
Name: CscService
displayname: Offlinedateien
Name: DcomLaunch
displayname: DCOM-Server-Prozessstart
Name: Dhcp
displayname: DHCP-Client
Name: Dnscache
displayname: DNS-Client
Name: DPS
displayname: Diagnoserichtliniendienst
Name: eventlog
displayname: Windows-Ereignisprotokoll
Name: EventSystem
displayname: COM+-Ereignissystem
Name: fdPHost
displayname: Funktionssuchanbieter-Host
Name: FDResPub
displayname: Funktionssuche-Ressourcenveröffentlichung
Name: FontCache
displayname: Windows-Dienst für Schriftartencache
Name: gpsvc
displayname: Gruppenrichtlinienclient
Name: hidserv
displayname: Zugriff auf Eingabegeräte
Name: HomeGroupListener
displayname: Heimnetzgruppen-Listener
Name: HomeGroupProvider
displayname: Heimnetzgruppen-Anbieter
Name: iphlpsvc
displayname: IP-Hilfsdienst
Name: KeyIso
displayname: CNG-Schlüsselisolation
Name: LanmanServer
displayname: Server
Name: LanmanWorkstation
displayname: Arbeitsstationsdienst
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: lmhosts
displayname: TCP/IP-NetBIOS-Hilfsdienst
Name: MMCSS
displayname: Multimediaklassenplaner
Name: MpsSvc
displayname: Windows-Firewall
Name: MSSQL$SQLEXPRESS
displayname: SQL Server (SQLEXPRESS)
Name: Netman
displayname: Netzwerkverbindungen
Name: netprofm
displayname: Netzwerklistendienst
Name: NlaSvc
displayname: NLA (Network Location Awareness)
Name: nsi
displayname: Netzwerkspeicher-Schnittstellendienst
Name: nvsvc
displayname: NVIDIA Display Driver Service
Name: p2pimsvc
displayname: Peernetzwerkidentitäts-Manager
Name: p2psvc
displayname: Peernetzwerk-Gruppenzuordnung
Name: PcaSvc
displayname: Programmkompatibilitäts-Assistent-Dienst
Name: PlugPlay
displayname: Plug & Play
Name: PNRPsvc
displayname: Peer Name Resolution-Protokoll
Name: Power
displayname: Stromversorgung
Name: ProfSvc
displayname: Benutzerprofildienst
Name: RpcEptMapper
displayname: RPC-Endpunktzuordnung
Name: RpcSs
displayname: Remoteprozeduraufruf (RPC)
Name: SamSs
displayname: Sicherheitskonto-Manager
Name: Schedule
displayname: Aufgabenplanung
Name: SDRSVC
displayname: Windows-Sicherung
Name: SENS
displayname: Benachrichtigungsdienst für Systemereignisse
Name: ShellHWDetection
displayname: Shellhardwareerkennung
Name: Spooler
displayname: Druckwarteschlange
Name: SQLWriter
displayname: SQL Server VSS Writer
Name: SSDPSRV
displayname: SSDP-Suche
Name: Stereo Service
displayname: NVIDIA Stereoscopic 3D Driver Service
Name: StiSvc
displayname: Windows-Bilderfassung (WIA)
Name: SysMain
displayname: Superfetch
Name: Themes
displayname: Designs
Name: TrkWks
displayname: Überwachung verteilter Verknüpfungen (Client)
Name: TuneUp.UtilitiesSvc
displayname: TuneUp Utilities Service
Name: upnphost
displayname: UPnP-Gerätehost
Name: UxSms
displayname: Sitzungs-Manager für Desktopfenster-Manager
Name: UxTuneUp
displayname: TuneUp Designerweiterung
Name: WdiServiceHost
displayname: Diagnosediensthost
Name: WinDefend
displayname: Windows Defender
Name: Windows7FirewallService
displayname: Windows7FirewallService
Name: WinHttpAutoProxySvc
displayname: WinHTTP-Web Proxy Auto-Discovery-Dienst
Name: Winmgmt
displayname: Windows-Verwaltungsinstrumentation
Name: wlidsvc
displayname: Windows Live ID Sign-in Assistant
Name: WMPNetworkSvc
displayname: Windows Media Player-Netzwerkfreigabedienst
Name: wscsvc
displayname: Sicherheitscenter
Name: WSearch
displayname: Windows Search
Name: wuauserv
displayname: Windows Update
Name: wudfsvc
displayname: Windows Driver Foundation - Benutzermodus-Treiberframework
|
|
04.10.2011, 22:53
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner im Recycle.bin, Datei nicht existend? Bitte dennoch alle Logs von Malwarebytes posten
__________________
__________________ |
|
05.10.2011, 11:27
| #3 |
| | Trojaner im Recycle.bin, Datei nicht existend? Ok, hier der Log von malwarebytes...
__________________das einzige was er gefunden hat war Code:
ATTFilter c:\program files\alcohol soft\alcohol 120\Langs\AX_RU.dll
Log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 7873
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
05.10.2011 11:43:11
mbam-log-2011-10-05 (11-43-11).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 331057
Laufzeit: 31 Minute(n), 23 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
05.10.2011, 15:34
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner im Recycle.bin, Datei nicht existend?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.10.2011, 17:57
| #5 |
| | Trojaner im Recycle.bin, Datei nicht existend? Wie meinst? Es gibt kein Log mit Funden. Malwarebytes hat nix gefunden. Nur Ad Aware...aber nach dem Fund von Ad Aware habe ich die exe Datei in Quarantäne geschoben.Und ich hab nur 2 logs von malwarebytes...Und der andere sieht genauso aus |
|
05.10.2011, 17:59
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner im Recycle.bin, Datei nicht existend? Du hast es aber so geschrieben, dass Malwarebytes nur das mit Alcohol gefunden hätte, dann im Gegenzug behauptet, da waren doch keine Funde. Was bitte denn jetzt? 
__________________ --> Trojaner im Recycle.bin, Datei nicht existend? |
|
05.10.2011, 18:34
| #7 |
| | Trojaner im Recycle.bin, Datei nicht existend? ja, er schon den die alcohol file gefunden. Nur hatte er dafür kein Log angelegt, weiss auch nicht warum. Also ich nehme jetzt die Datei wieder aus der Ignore List, und scanne nochmal, dass es auch im log auftaucht, hoffe dass er eins anlegt... Hab noch mit Sophos Antiroot kit gescannt, da hat er irgendwie 3 hidden files gefunden... EDIT: Ok, Log mit Fund hinzugefügt. Geändert von xspawnx (05.10.2011 um 19:11 Uhr) |
|
05.10.2011, 19:10
| #8 |
| | Trojaner im Recycle.bin, Datei nicht existend? Ok, hier der Log von malwarebytes... das einzige was er gefunden hat war Code:
ATTFilter c:\program files\alcohol soft\alcohol 120\Langs\AX_RU.dll
Log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 7873
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
05.10.2011 11:43:11
mbam-log-2011-10-05 (11-43-11).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 331057
Laufzeit: 31 Minute(n), 23 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 7879
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
05.10.2011 20:05:37
mbam-log-2011-10-05 (20-05-25).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 331498
Laufzeit: 28 Minute(n), 35 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\program files\alcohol soft\alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> No action taken.
|
|
05.10.2011, 21:03
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner im Recycle.bin, Datei nicht existend? Ist das tatsächlich ein Fehlalarm? Bei sowas sollte man immer mit angeben aus welcher Quelle dein Alcohol kommt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.10.2011, 22:08
| #10 |
| | Trojaner im Recycle.bin, Datei nicht existend? glaube es war chip.de |
|
05.10.2011, 22:15
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner im Recycle.bin, Datei nicht existend? Dann sollte es wohl ein Fehlalarm sein. Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.10.2011, 16:48
| #12 |
| | Trojaner im Recycle.bin, Datei nicht existend? So hier der log von Eset keine Funde Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=1f8de8050f80314eabcff26dd82fe0a7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-06 02:03:47
# local_time=2011-10-06 04:03:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 561 69534986 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=170201
# found=0
# cleaned=0
# scan_time=6032
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=1f8de8050f80314eabcff26dd82fe0a7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-06 03:42:23
# local_time=2011-10-06 05:42:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 3522 69541547 0 0
# compatibility_mode=8192 67108863 100 0 3218 3218 0 0
# scanned=170220
# found=0
# cleaned=0
# scan_time=5387
|
|
07.10.2011, 14:51
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner im Recycle.bin, Datei nicht existend? CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.10.2011, 17:21
| #14 |
| | Trojaner im Recycle.bin, Datei nicht existend? OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.10.2011 18:05:56 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Admin\Desktop An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 63,67% Memory free 6,50 Gb Paging File | 5,32 Gb Available in Paging File | 81,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 146,39 Gb Total Space | 106,97 Gb Free Space | 73,07% Space Free | Partition Type: NTFS Drive D: | 151,60 Gb Total Space | 142,96 Gb Free Space | 94,30% Space Free | Partition Type: NTFS Computer Name: ADMINS_KNECHT | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.18 15:24:14 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe PRC - [2011.09.16 16:51:28 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe PRC - [2011.09.16 16:48:46 | 001,526,080 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe PRC - [2011.09.06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2011.05.25 09:25:02 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.04.06 15:59:50 | 000,831,488 | ---- | M] (Sphinx Software) -- C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe PRC - [2011.04.06 15:51:34 | 000,405,504 | ---- | M] (Sphinx Software) -- C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2009.03.30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe PRC - [2008.07.24 12:16:02 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe ========== Modules (No Company Name) ========== MOD - [2011.10.02 01:20:24 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll MOD - [2011.10.02 01:19:00 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll MOD - [2011.10.02 01:18:55 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll ========== Win32 Services (SafeList) ========== SRV - [2011.09.28 12:36:04 | 002,151,640 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.09.16 16:48:46 | 001,526,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.09.16 16:44:28 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2011.04.06 15:51:34 | 000,405,504 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [On_Demand | Stopped] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [On_Demand | Stopped] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) ========== Driver Services (SafeList) ========== DRV - [2011.10.01 16:14:49 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2011.09.28 14:03:47 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2011.09.28 13:52:34 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GVTDrv.sys -- (GVTDrv) DRV - [2011.09.06 22:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011.09.06 22:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011.09.06 22:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011.09.06 22:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011.09.06 22:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011.09.06 22:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.08.18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2011.05.25 09:24:42 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.11.29 19:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2009.12.08 21:24:26 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100) DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.03.30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103) DRV - [2008.07.31 04:21:08 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID) DRV - [2005.03.03 19:53:57 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005.02.23 17:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2004.12.03 12:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.startup.homepage: "chrome://foxtab/content/homepage.html" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.30 23:55:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.30 11:50:54 | 000,000,000 | ---D | M] [2011.09.27 22:17:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2011.10.04 21:29:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\oj8q3gd4.default\extensions [2011.09.28 20:20:07 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\oj8q3gd4.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2011.10.04 21:29:10 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\oj8q3gd4.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2011.09.28 20:24:32 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\oj8q3gd4.default\extensions\foxyproxy@eric.h.jung [2011.09.28 13:29:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.09.28 13:29:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.09.28 12:44:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OJ8Q3GD4.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OJ8Q3GD4.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OJ8Q3GD4.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OJ8Q3GD4.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OJ8Q3GD4.DEFAULT\EXTENSIONS\YESPOPUPSV1@PATHETICCOCKROACH.COM.XPI [2011.09.30 23:55:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011.09.23 03:52:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.23 03:46:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.09.23 03:52:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.23 03:52:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.23 03:52:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.23 03:52:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Programme\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E414D0D-01D7-4859-A1C7-CD47793BDC08}: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6519598c-ed30-11e0-aca8-001fd09ebcdb}\Shell - "" = AutoRun O33 - MountPoints2\{6519598c-ed30-11e0-aca8-001fd09ebcdb}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk - C:\Programme\Secunia\PSI\psi_tray.exe - (Secunia) MsConfig - StartUpFolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.10.07 18:02:35 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2011.10.05 19:10:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2011.10.05 19:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2011.10.04 21:29:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\QuickScan [2011.10.04 18:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2011.10.04 18:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2011.10.04 18:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2011.10.04 18:28:13 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2011.10.04 18:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2011.10.04 17:43:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Meine empfangenen Dateien [2011.10.04 17:27:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Miranda [2011.10.04 17:19:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Miranda Pack 3 [2011.10.04 16:18:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Spartan [2011.10.04 15:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.10.04 13:00:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\sound [2011.10.04 12:55:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\Scenario [2011.10.04 12:55:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\rmdll [2011.10.04 12:55:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\rm [2011.10.04 12:54:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\render [2011.10.04 12:54:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\fonts [2011.10.04 12:54:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\Debug [2011.10.04 12:53:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\DATA [2011.10.04 12:38:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\art [2011.10.04 12:38:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\ai [2011.10.04 12:04:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Games for Windows - LIVE Demos [2011.10.04 11:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games [2011.10.04 11:56:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive [2011.10.04 11:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2011.10.04 11:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE [2011.10.03 21:43:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org [2011.10.03 20:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard [2011.10.03 19:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2011.10.03 19:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2011.10.03 18:52:06 | 000,000,000 | RH-D | C] -- C:\Users\Admin\AppData\Roaming\SecuROM [2011.10.03 18:52:05 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2011.10.03 17:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2011.10.02 22:33:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\gtk-2.0 [2011.10.02 16:11:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft FxCop [2011.10.02 13:18:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\NVIDIA [2011.10.02 00:27:59 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2011.10.02 00:27:53 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2011.10.02 00:27:53 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2011.10.02 00:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011 [2011.10.02 00:27:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TuneUp Software [2011.10.02 00:27:28 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011 [2011.10.02 00:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2011.10.02 00:25:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2011.10.02 00:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2011.10.02 00:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player [2011.10.02 00:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2011.10.02 00:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2011.10.01 17:23:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\RsFx [2011.10.01 17:22:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\1033 [2011.10.01 17:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 [2011.10.01 17:20:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2011.10.01 17:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework [2011.10.01 17:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework [2011.10.01 17:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services [2011.10.01 17:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2011.10.01 17:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions [2011.10.01 17:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK - Deutsch [2011.10.01 17:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2011.10.01 17:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ASP.NET [2011.10.01 17:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\IIS [2011.10.01 17:14:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Visual Studio 2008 [2011.10.01 17:13:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Visual Studio 2010 [2011.10.01 17:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer [2011.10.01 17:10:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\1031 [2011.10.01 17:09:55 | 000,000,000 | ---D | C] -- C:\Windows\symbols [2011.10.01 17:09:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 [2011.10.01 17:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0 [2011.10.01 17:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs [2011.10.01 17:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer [2011.10.01 17:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft F# [2011.10.01 17:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules [2011.10.01 17:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop [2011.10.01 17:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0 [2011.10.01 17:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2011.10.01 17:04:18 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011.10.01 16:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120% [2011.10.01 16:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft [2011.10.01 16:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Franzis [2011.09.30 22:45:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Diagnostics [2011.09.30 13:31:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Ubisoft [2011.09.30 13:31:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2011.09.30 11:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp [2011.09.30 11:50:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in [2011.09.30 11:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect [2011.09.30 11:50:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Winamp [2011.09.30 11:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp [2011.09.30 11:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine [2011.09.29 22:25:34 | 000,000,000 | ---D | C] -- C:\Users\Admin\SecurityScans [2011.09.29 22:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Baseline Security Analyzer 2 [2011.09.29 22:20:55 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011.09.29 22:15:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Secunia PSI [2011.09.29 22:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia [2011.09.28 21:54:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Adobe [2011.09.28 21:39:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\vlc [2011.09.28 21:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows7FirewallControl [2011.09.28 21:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows7FirewallControl [2011.09.28 20:32:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Adobe [2011.09.28 20:32:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2011.09.28 20:27:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Macromedia [2011.09.28 14:55:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mst software [2011.09.28 14:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\mst software [2011.09.28 14:31:33 | 000,000,000 | ---D | C] -- C:\Program Files\Process296Monitor [2011.09.28 13:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gigabyte Technology Corp [2011.09.28 13:40:37 | 001,966,080 | R--- | C] (Gigabyte Technology Corp.) -- C:\Windows\System32\xRaidSetup.exe [2011.09.28 13:40:37 | 000,000,000 | ---D | C] -- C:\RaidTool [2011.09.28 13:40:29 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool [2011.09.28 13:35:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM [2011.09.28 13:35:54 | 001,777,664 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll [2011.09.28 13:35:53 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll [2011.09.28 13:35:53 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll [2011.09.28 13:35:53 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll [2011.09.28 13:35:53 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll [2011.09.28 13:35:52 | 006,265,376 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe [2011.09.28 13:35:51 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll [2011.09.28 13:35:51 | 000,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll [2011.09.28 13:35:51 | 000,143,360 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\FMAPO.dll [2011.09.28 13:35:51 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll [2011.09.28 13:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2011.09.28 13:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2011.09.28 13:34:31 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll [2011.09.28 13:34:31 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2011.09.28 13:34:13 | 000,000,000 | ---D | C] -- C:\Intel [2011.09.28 13:31:06 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3 [2011.09.28 13:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2011.09.28 13:22:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logitech [2011.09.28 13:22:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Leadertech [2011.09.28 13:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2011.09.28 13:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2011.09.28 13:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd [2011.09.28 13:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2011.09.28 13:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2011.09.28 13:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\xp-AntiSpy_deutsch39711 [2011.09.28 13:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.09.28 13:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2011.09.28 13:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.09.28 13:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.09.28 13:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.09.28 12:59:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Skype [2011.09.28 12:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.09.28 12:59:23 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2011.09.28 12:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2011.09.28 12:57:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2011.09.28 12:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.09.28 12:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.09.28 12:57:32 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.09.28 12:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.09.28 12:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader [2011.09.28 12:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.09.28 12:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.09.28 12:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011.09.28 12:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.09.28 12:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.09.28 12:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011.09.28 12:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2011.09.28 12:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2011.09.28 12:36:12 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2011.09.28 12:32:52 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2011.09.28 12:32:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2011.09.28 12:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft [2011.09.28 12:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2011.09.28 12:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2011.09.28 12:22:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\.purple [2011.09.28 12:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\Pidgin [2011.09.28 12:20:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\WinRAR [2011.09.28 12:20:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.09.28 12:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.09.28 12:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2011.09.27 22:41:20 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2011.09.27 22:39:50 | 000,000,000 | ---D | C] -- C:\NVIDIA [2011.09.27 22:17:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla [2011.09.27 22:17:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Mozilla [2011.09.27 22:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2011.09.27 21:51:09 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011.09.27 21:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2011.09.27 21:51:08 | 000,320,856 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011.09.27 21:51:06 | 000,052,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011.09.27 21:51:06 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011.09.27 21:51:05 | 000,442,200 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011.09.27 21:51:03 | 000,054,616 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011.09.27 21:50:05 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2011.09.27 21:49:56 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011.09.27 21:49:56 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2011.09.27 21:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2011.09.27 21:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2011.09.27 16:25:35 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2011.09.27 16:18:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2011.09.27 16:18:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2011.09.27 16:17:04 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll [2011.09.27 15:35:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.09.27 15:35:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\Searches [2011.09.27 15:35:07 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.09.27 15:35:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Identities [2011.09.27 15:34:58 | 000,000,000 | R--D | C] -- C:\Users\Admin\Contacts [2011.09.27 15:34:53 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\VirtualStore [2011.09.27 15:34:51 | 000,000,000 | --SD | C] -- C:\Users\Admin\AppData\Roaming\Microsoft [2011.09.27 15:34:51 | 000,000,000 | R--D | C] -- C:\Users\Admin\Videos [2011.09.27 15:34:51 | 000,000,000 | R--D | C] -- C:\Users\Admin\Saved Games [2011.09.27 15:34:51 | 000,000,000 | R--D | C] -- C:\Users\Admin\Pictures [2011.09.27 15:34:51 | 000,000,000 | R--D | C] -- C:\Users\Admin\Music [2011.09.27 15:34:51 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.09.27 15:34:51 | 000,000,000 | R--D | C] -- C:\Users\Admin\Links [2011.09.27 15:34:51 | 000,000,000 | R--D | C] -- C:\Users\Admin\Favorites [2011.09.27 15:34:51 | 000,000,000 | R--D | C] -- C:\Users\Admin\Downloads [2011.09.27 15:34:51 | 000,000,000 | R--D | C] -- C:\Users\Admin\Documents [2011.09.27 15:34:51 | 000,000,000 | R--D | C] -- C:\Users\Admin\Desktop [2011.09.27 15:34:51 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.09.27 15:34:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Vorlagen [2011.09.27 15:34:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Verlauf [2011.09.27 15:34:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Temporary Internet Files [2011.09.27 15:34:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Startmenü [2011.09.27 15:34:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\SendTo [2011.09.27 15:34:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Recent [2011.09.27 15:34:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Netzwerkumgebung [2011.09.27 15:34:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Lokale Einstellungen [2011.09.27 15:34:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Documents\Eigene Videos [2011.09.27 15:34:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Documents\Eigene Musik [2011.09.27 15:34:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Eigene Dateien [2011.09.27 15:34:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Documents\Eigene Bilder [2011.09.27 15:34:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Druckumgebung [2011.09.27 15:34:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Cookies [2011.09.27 15:34:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Anwendungsdaten [2011.09.27 15:34:51 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Anwendungsdaten [2011.09.27 15:34:51 | 000,000,000 | -H-D | C] -- C:\Users\Admin\AppData [2011.09.27 15:34:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Temp [2011.09.27 15:34:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft [2011.09.27 15:34:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Media Center Programs [2011.09.27 15:34:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2011.09.27 15:34:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2011.09.27 15:34:40 | 000,000,000 | -HSD | C] -- C:\Recovery [2011.09.27 15:34:40 | 000,000,000 | -HSD | C] -- C:\Programme [2011.09.27 15:34:40 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2011.09.27 15:34:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2011.09.27 15:34:40 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2011.09.27 15:34:40 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2011.09.27 15:34:40 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2011.09.27 15:34:40 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2011.09.27 15:34:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2011.09.27 15:34:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2011.09.27 15:29:12 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2011.09.27 15:26:47 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2011.09.27 15:26:28 | 000,000,000 | -HSD | C] -- C:\System Volume Information [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.10.07 18:00:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.07 18:00:16 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys [2011.10.06 14:18:52 | 000,017,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.06 14:18:52 | 000,017,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.06 14:11:44 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2011.10.05 12:46:32 | 000,007,608 | ---- | M] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg [2011.10.04 18:43:18 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2011.10.04 18:43:18 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2011.10.04 18:36:46 | 000,761,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.10.04 18:36:46 | 000,717,184 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.10.04 18:36:46 | 000,172,252 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.10.04 18:36:46 | 000,145,206 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.10.04 12:38:20 | 000,921,656 | ---- | M] () -- C:\Windows\System32\splashx.bmp [2011.10.04 12:38:18 | 000,086,585 | ---- | M] () -- C:\Windows\System32\Spartan.exe.cat [2011.10.04 12:38:18 | 000,000,406 | ---- | M] () -- C:\Windows\System32\Spartan.exe.cfg [2011.10.04 12:38:06 | 000,746,496 | ---- | M] () -- C:\Windows\System32\granny2.dll [2011.10.04 12:38:04 | 000,027,416 | ---- | M] () -- C:\Windows\System32\eula_1036.rtf [2011.10.04 12:38:04 | 000,026,543 | ---- | M] () -- C:\Windows\System32\eula_1040.rtf [2011.10.04 12:38:03 | 000,026,117 | ---- | M] () -- C:\Windows\System32\eula_1034.rtf [2011.10.04 12:38:03 | 000,022,061 | ---- | M] () -- C:\Windows\System32\eula_1033.rtf [2011.10.04 12:38:02 | 000,028,075 | ---- | M] () -- C:\Windows\System32\eula_1031.rtf [2011.10.04 12:38:01 | 000,173,833 | ---- | M] () -- C:\Windows\System32\eulax.rtf [2011.10.04 12:38:01 | 000,091,521 | ---- | M] () -- C:\Windows\System32\eula_1028.rtf [2011.10.04 12:37:59 | 000,024,192 | ---- | M] () -- C:\Windows\System32\AOEOnline.exe.cat [2011.10.04 12:37:59 | 000,000,406 | ---- | M] () -- C:\Windows\System32\AOEOnline.exe.cfg [2011.10.04 12:37:56 | 000,173,408 | ---- | M] () -- C:\Windows\System32\pw32b.dll [2011.10.04 12:37:55 | 000,008,160 | ---- | M] () -- C:\Windows\System32\LauncherStrings-it-IT.xml [2011.10.04 12:37:55 | 000,006,882 | ---- | M] () -- C:\Windows\System32\LauncherStrings-zh-CHT.xml [2011.10.04 12:37:54 | 000,008,648 | ---- | M] () -- C:\Windows\System32\LauncherStrings-fr-FR.xml [2011.10.04 12:37:54 | 000,008,440 | ---- | M] () -- C:\Windows\System32\LauncherStrings-es-ES.xml [2011.10.04 12:37:53 | 000,008,398 | ---- | M] () -- C:\Windows\System32\LauncherStrings-de-DE.xml [2011.10.04 12:37:53 | 000,007,908 | ---- | M] () -- C:\Windows\System32\LauncherStrings-en-US.xml [2011.10.03 19:32:27 | 000,001,099 | ---- | M] () -- C:\Users\Admin\Desktop\EVEREST Ultimate Edition.lnk [2011.10.03 18:52:05 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2011.10.03 18:22:39 | 000,000,001 | ---- | M] () -- C:\Windows\System32\SI.bin [2011.10.02 23:00:45 | 000,000,218 | ---- | M] () -- C:\Users\Admin\.recently-used.xbel [2011.10.02 12:47:14 | 003,647,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.10.02 00:27:53 | 000,002,142 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk [2011.10.02 00:24:08 | 000,001,623 | ---- | M] () -- C:\Users\Admin\Desktop\Adobe Photoshop CS5.lnk [2011.10.01 20:24:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.10.01 16:20:32 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk [2011.09.30 11:51:14 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk [2011.09.29 22:24:59 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.2.lnk [2011.09.28 14:51:51 | 000,001,451 | ---- | M] () -- C:\Users\Admin\Desktop\Procmon.lnk [2011.09.28 13:55:43 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini [2011.09.28 13:53:07 | 000,000,004 | ---- | M] () -- C:\Windows\System32\GVTunner.ref [2011.09.28 13:52:34 | 000,024,944 | ---- | M] () -- C:\Windows\System32\drivers\GVTDrv.sys [2011.09.28 13:31:06 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk [2011.09.28 13:21:05 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf [2011.09.28 13:21:05 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf [2011.09.28 13:20:37 | 000,002,005 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2011.09.28 13:20:37 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Logitech-Maus- und -Tastatureinstellungen.lnk [2011.09.28 13:07:59 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.09.28 12:59:27 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011.09.28 12:50:57 | 000,001,357 | ---- | M] () -- C:\Users\Admin\Desktop\JDownloader.lnk [2011.09.28 12:40:16 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.09.28 12:36:12 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2011.09.28 12:36:11 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe [2011.09.28 12:11:43 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011.09.28 12:07:50 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.09.27 22:16:51 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.09.27 21:51:09 | 000,002,001 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011.09.27 21:48:11 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011.09.27 15:29:56 | 000,057,035 | ---- | M] () -- C:\Windows\System32\license.rtf [2011.09.18 15:24:14 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2011.09.16 16:52:24 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2011.09.16 16:44:40 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2011.09.16 16:44:28 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.10.06 14:11:44 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2011.10.04 21:19:24 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2011.10.04 18:43:18 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.10.04 18:43:18 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011.10.04 18:28:13 | 000,004,364 | ---- | C] () -- C:\Windows\System32\nvinfo.pb [2011.10.04 12:38:19 | 000,921,656 | ---- | C] () -- C:\Windows\System32\splashx.bmp [2011.10.04 12:38:18 | 000,000,406 | ---- | C] () -- C:\Windows\System32\Spartan.exe.cfg [2011.10.04 12:38:17 | 000,086,585 | ---- | C] () -- C:\Windows\System32\Spartan.exe.cat [2011.10.04 12:38:05 | 000,746,496 | ---- | C] () -- C:\Windows\System32\granny2.dll [2011.10.04 12:38:04 | 000,026,543 | ---- | C] () -- C:\Windows\System32\eula_1040.rtf [2011.10.04 12:38:03 | 000,027,416 | ---- | C] () -- C:\Windows\System32\eula_1036.rtf [2011.10.04 12:38:03 | 000,026,117 | ---- | C] () -- C:\Windows\System32\eula_1034.rtf [2011.10.04 12:38:02 | 000,028,075 | ---- | C] () -- C:\Windows\System32\eula_1031.rtf [2011.10.04 12:38:02 | 000,022,061 | ---- | C] () -- C:\Windows\System32\eula_1033.rtf [2011.10.04 12:38:01 | 000,091,521 | ---- | C] () -- C:\Windows\System32\eula_1028.rtf [2011.10.04 12:38:00 | 000,173,833 | ---- | C] () -- C:\Windows\System32\eulax.rtf [2011.10.04 12:37:59 | 000,000,406 | ---- | C] () -- C:\Windows\System32\AOEOnline.exe.cfg [2011.10.04 12:37:58 | 000,024,192 | ---- | C] () -- C:\Windows\System32\AOEOnline.exe.cat [2011.10.04 12:37:57 | 000,173,408 | ---- | C] () -- C:\Windows\System32\pw32b.dll [2011.10.04 12:37:57 | 000,008,648 | ---- | C] () -- C:\Windows\System32\LauncherStrings-fr-FR.xml [2011.10.04 12:37:57 | 000,008,440 | ---- | C] () -- C:\Windows\System32\LauncherStrings-es-ES.xml [2011.10.04 12:37:57 | 000,008,398 | ---- | C] () -- C:\Windows\System32\LauncherStrings-de-DE.xml [2011.10.04 12:37:57 | 000,008,160 | ---- | C] () -- C:\Windows\System32\LauncherStrings-it-IT.xml [2011.10.04 12:37:57 | 000,007,908 | ---- | C] () -- C:\Windows\System32\LauncherStrings-en-US.xml [2011.10.04 12:37:57 | 000,006,882 | ---- | C] () -- C:\Windows\System32\LauncherStrings-zh-CHT.xml [2011.10.04 11:56:23 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2011.10.03 19:32:27 | 000,001,099 | ---- | C] () -- C:\Users\Admin\Desktop\EVEREST Ultimate Edition.lnk [2011.10.03 18:22:39 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin [2011.10.02 23:00:45 | 000,000,218 | ---- | C] () -- C:\Users\Admin\.recently-used.xbel [2011.10.02 00:27:53 | 000,002,142 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk [2011.10.02 00:27:52 | 000,002,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk [2011.10.02 00:24:08 | 000,001,623 | ---- | C] () -- C:\Users\Admin\Desktop\Adobe Photoshop CS5.lnk [2011.10.02 00:06:11 | 000,001,172 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk [2011.10.02 00:05:42 | 000,001,134 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk [2011.10.02 00:05:32 | 000,001,227 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk [2011.10.02 00:04:16 | 000,001,318 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk [2011.10.02 00:04:11 | 000,001,484 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk [2011.10.02 00:03:41 | 000,000,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2011.10.01 23:16:01 | 000,007,608 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg [2011.10.01 20:24:31 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.10.01 16:20:32 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk [2011.09.30 11:51:14 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk [2011.09.29 22:24:59 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.2.lnk [2011.09.29 22:24:59 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.2.lnk [2011.09.29 22:15:29 | 000,001,034 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2011.09.28 14:51:51 | 000,001,451 | ---- | C] () -- C:\Users\Admin\Desktop\Procmon.lnk [2011.09.28 13:52:34 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys [2011.09.28 13:52:34 | 000,000,004 | ---- | C] () -- C:\Windows\System32\GVTunner.ref [2011.09.28 13:36:32 | 000,000,553 | R--- | C] () -- C:\Windows\USetup.iss [2011.09.28 13:31:51 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.09.28 13:31:06 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk [2011.09.28 13:21:05 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf [2011.09.28 13:21:05 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf [2011.09.28 13:20:37 | 000,002,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2011.09.28 13:20:37 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Logitech-Maus- und -Tastatureinstellungen.lnk [2011.09.28 13:07:59 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.09.28 12:59:27 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011.09.28 12:50:57 | 000,001,357 | ---- | C] () -- C:\Users\Admin\Desktop\JDownloader.lnk [2011.09.28 12:47:13 | 000,001,919 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2011.09.28 12:47:13 | 000,001,898 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2011.09.28 12:47:13 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2011.09.28 12:40:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.09.28 12:40:16 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.09.28 12:21:49 | 000,000,956 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk [2011.09.28 12:07:50 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.09.27 22:16:51 | 000,001,111 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.09.27 22:16:51 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.09.27 21:51:09 | 000,002,001 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011.09.27 21:48:11 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011.09.27 16:17:30 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd [2011.09.27 16:16:56 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.09.27 16:16:54 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml [2011.09.27 16:16:49 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml [2011.09.27 15:36:26 | 000,001,416 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.09.27 15:29:42 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2011.09.27 15:29:34 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2011.09.27 15:26:27 | 2616,057,856 | -HS- | C] () -- C:\hiberfil.sys [2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.07.14 10:47:43 | 000,761,866 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,172,252 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 003,647,384 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,717,184 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,145,206 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2007.06.21 08:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe ========== LOP Check ========== [2011.10.04 22:56:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.purple [2011.10.02 22:33:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0 [2011.09.28 13:22:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech [2011.10.04 17:27:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Miranda [2011.10.04 17:19:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Miranda Pack 3 [2011.10.03 21:43:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org [2011.10.04 21:31:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\QuickScan [2011.10.02 12:54:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software [2011.10.06 14:11:44 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2009.07.14 06:53:46 | 000,012,220 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.10.04 22:56:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.purple [2011.10.02 13:18:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe [2011.10.02 22:33:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0 [2011.09.27 15:35:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities [2011.09.28 13:22:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech [2011.09.28 13:22:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Logitech [2011.09.28 20:27:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia [2011.09.28 12:57:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs [2011.10.03 17:35:03 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft [2011.10.02 16:11:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Microsoft FxCop [2011.10.04 17:27:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Miranda [2011.10.04 17:19:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Miranda Pack 3 [2011.09.27 22:17:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla [2011.10.02 13:18:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NVIDIA [2011.10.03 21:43:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org [2011.10.04 21:31:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\QuickScan [2011.10.03 18:52:06 | 000,000,000 | RH-D | M] -- C:\Users\Admin\AppData\Roaming\SecuROM [2011.10.03 22:37:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Skype [2011.10.02 12:54:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software [2011.09.28 21:39:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\vlc [2011.09.30 12:43:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Winamp [2011.09.28 13:08:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.10.03 17:35:03 | 000,010,134 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe [2011.10.03 22:32:47 | 000,188,152 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oj8q3gd4.default\FlashGot.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2011.10.01 16:14:49 | 000,722,416 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011.09.28 12:07:50 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2011.09.28 12:07:50 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < > < End of report > [/code] |
|
07.10.2011, 21:27
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner im Recycle.bin, Datei nicht existend? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6519598c-ed30-11e0-aca8-001fd09ebcdb}\Shell - "" = AutoRun
O33 - MountPoints2\{6519598c-ed30-11e0-aca8-001fd09ebcdb}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner im Recycle.bin, Datei nicht existend? |
| ad-aware, avast, benachrichtigungsdienst, build 7601, c:\windows\system32\services.exe, clean, cpu, dateien, defender, detected, dllhost.exe, explorer.exe, gruppe, launch, log, logfile, lsass.exe, löschen, nvidia, recycle.bin, scan, server, services.exe, software, svchost.exe, tan, taskhost.exe, trojan.win32.generic, trojaner, updates, windows media player, winlogon.exe, wmp |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
