| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojanerproblem/*.vbs entdecktWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.04.2013, 14:30
| #1 | ||
 |  Trojanerproblem/*.vbs entdeckt Hallo liebes Trojaner Forum, ich habe vor ca. 2 Tagen festgestellt dass auf meiner Festplatte eine .vbs Datei mit meinem Rechnernamen als Dateiname liegt. Nach dem Oeffnen der Datei per Rechtsklick-->Edit liest man in den ersten zwei Zeilen "'Mutation of Trojan virus. 'My name is DESERT420.vbs". Daraufhin habe ich mit Malwarebytes Anti-Malware einen QuickScan durchgefuehrt(logs nach dem Text) und mir wurden 3 infizierte Registryeintraege angezeigt, welche ich von MBAM entfernen liess. Heute habe ich nun alle Scans nach eurer Anleitung gemacht(http://www.trojaner-board.de/69886-a...-beachten.html) und moechte euch um Hilfe bitten.  Hier nun die beiden MBAM logs sowie die von OTL und Gmer Zitat:
Zitat:
Code:
ATTFilter OTL logfile created on: 4/25/2013 1:58:21 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.22 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 81.51% Memory free 4.06 Gb Paging File | 3.74 Gb Available in Paging File | 92.04% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298.08 Gb Total Space | 267.52 Gb Free Space | 89.75% Space Free | Partition Type: NTFS Computer Name: DESERT420 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/04/25 13:53:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe PRC - [2013/04/17 03:17:26 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Documents and Settings\Administrator\Application Data\Yontoo\YontooDesktop.exe PRC - [2013/04/17 03:17:26 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe PRC - [2013/04/09 02:35:29 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2013/04/09 02:29:55 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Administrator\Local Settings\Temp\RtkBtMnt.exe PRC - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe PRC - [2010/04/07 22:57:42 | 000,099,896 | R--- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe PRC - [2008/05/08 14:28:04 | 000,864,576 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2008/04/14 13:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2013/04/11 13:44:23 | 011,791,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll MOD - [2013/04/11 13:44:12 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll MOD - [2013/04/11 13:42:48 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll MOD - [2013/04/11 13:41:56 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll MOD - [2013/04/11 13:41:50 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll MOD - [2013/04/11 13:41:35 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll MOD - [2013/04/11 13:40:15 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll MOD - [2013/04/11 13:40:07 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll MOD - [2013/04/11 13:37:20 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2013/04/11 13:37:19 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2013/04/11 13:37:14 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2013/04/11 13:37:11 | 003,149,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2013/04/09 02:17:08 | 001,679,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3041.37050__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2013/04/09 02:17:08 | 000,253,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3041.37003__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2013/04/09 02:17:08 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3041.37065__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2013/04/09 02:17:08 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3041.37278__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2013/04/09 02:17:08 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3041.37235__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2013/04/09 02:17:08 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3041.37041__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2013/04/09 02:17:08 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3041.37177__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2013/04/09 02:17:08 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3041.37024__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2013/04/09 02:17:07 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3041.37319__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2013/04/09 02:16:48 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3041.37326__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2013/04/09 02:16:48 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3041.37018__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2013/04/09 02:16:47 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3041.37252__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2013/04/09 02:16:45 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3041.37027__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2013/04/09 02:16:45 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3041.37227__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2013/04/09 02:16:45 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3041.37087__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2013/04/09 02:16:45 | 000,217,088 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3041.37072__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2013/04/09 02:16:44 | 000,479,232 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3041.37180__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2013/04/09 02:16:44 | 000,446,464 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3041.37170__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2013/04/09 02:16:44 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3041.37178__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2013/04/09 02:16:44 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3041.37187__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2013/04/09 02:16:44 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3041.37226__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2013/04/09 02:16:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2013/04/09 02:16:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2013/04/09 02:16:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2013/04/09 02:16:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2013/04/09 02:16:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2013/04/09 02:16:44 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2013/04/09 02:16:43 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2013/04/09 02:16:43 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll MOD - [2013/04/09 02:16:43 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2013/04/09 02:16:43 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2013/04/09 02:16:43 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll MOD - [2013/04/09 02:16:43 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll MOD - [2013/04/09 02:16:43 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2013/04/09 02:16:42 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll MOD - [2013/04/09 02:16:42 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2013/04/09 02:16:42 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2013/04/09 02:16:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2013/04/09 02:16:42 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2013/04/09 02:16:42 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2013/04/09 02:16:42 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2013/04/09 02:16:42 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2013/04/09 02:16:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll MOD - [2013/04/09 02:16:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2013/04/09 02:16:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2013/04/09 02:16:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2013/04/09 02:16:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2013/04/09 02:16:41 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2013/04/09 02:16:41 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2013/04/09 02:16:41 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2013/04/09 02:16:41 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2013/04/09 02:16:41 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2013/04/09 02:16:41 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2013/04/09 02:16:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2013/04/09 02:16:40 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2013/04/09 02:16:40 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll MOD - [2013/04/09 02:16:40 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2013/04/09 02:16:40 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll MOD - [2013/04/09 02:16:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2013/04/09 02:16:34 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3041.37343__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2013/04/09 02:16:33 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3041.37034__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2013/04/09 02:16:33 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3041.37305__90ba9c70f846762e\MOM.Implementation.dll MOD - [2013/04/09 02:16:33 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3041.37302__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2013/04/09 02:16:33 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2013/04/09 02:16:33 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2013/04/09 02:16:33 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2013/04/09 02:16:33 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2013/04/09 02:16:33 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2013/04/09 02:16:33 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3041.36993__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2013/04/09 02:16:32 | 001,511,424 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3041.37012__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2013/04/09 02:16:32 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3041.36994__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2013/04/09 02:16:32 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3041.36994__90ba9c70f846762e\ATIDEMOS.dll MOD - [2013/04/09 02:16:32 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2013/04/09 02:16:32 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2013/04/09 02:16:32 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3041.37304__90ba9c70f846762e\CCC.Implementation.dll MOD - [2013/04/09 02:16:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2013/04/09 02:16:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2013/04/09 02:16:31 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3041.36990__90ba9c70f846762e\APM.Server.dll MOD - [2013/04/09 02:16:31 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3041.36992__90ba9c70f846762e\AEM.Server.dll MOD - [2013/04/09 02:16:31 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010/03/04 16:55:34 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL MOD - [2010/03/04 16:55:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll MOD - [2008/04/14 13:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008/04/14 13:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2008/02/04 13:29:02 | 000,688,128 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll MOD - [2003/06/07 13:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Documents and Settings\Administrator\Application Data\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater) SRV - [2013/04/19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013/04/11 02:53:01 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/04/09 02:35:29 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013/04/09 02:33:06 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2010/04/07 22:57:42 | 000,099,896 | R--- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\\SystemRoot\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012/12/13 02:58:30 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService) DRV - [2012/12/13 02:58:28 | 002,880,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2012/12/13 02:50:26 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2010/12/13 14:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo) DRV - [2010/03/06 09:40:57 | 000,017,408 | R--- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvusbews.sys -- (mvusbews) DRV - [2008/04/08 18:45:42 | 001,309,504 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/11 02:53:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/04/10 18:50:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013/04/09 02:23:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2013/04/25 10:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qi52n93s.default\extensions [2013/04/25 10:41:12 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qi52n93s.default\extensions\plugin@yontoo.com [2013/04/09 02:40:20 | 000,817,280 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qi52n93s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/04/11 02:52:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/04/11 02:53:01 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013/03/27 05:32:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013/03/27 05:32:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/03/27 05:32:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013/03/27 05:32:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013/03/27 05:32:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013/03/27 05:32:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2007/08/11 07:58:33 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [DESERT420] C:\WINDOWS\system32\DESERT420.vbs () O4 - HKLM..\Run: [KVIrc] C:\Program Files\KVIrc\kvirc.exe (KVIrc Development Team) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Yontoo Desktop] C:\Documents and Settings\Administrator\Application Data\Yontoo\YontooDesktop.exe (Yontoo LLC) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Pidgin.lnk = C:\Program Files\Pidgin\pidgin.exe (The Pidgin developer community) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.246 195.50.140.180 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D8F807E-1F7E-4CE1-A8F3-EAFBC789C429}: DhcpNameServer = 195.50.140.246 195.50.140.180 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013/04/09 23:49:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2013/04/25 13:58:42 | 000,000,100 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{000dd4dd-a160-11e2-8b5c-cf03c4b3cc7a}\Shell - "" = AutoRun O33 - MountPoints2\{000dd4dd-a160-11e2-8b5c-cf03c4b3cc7a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{000dd4dd-a160-11e2-8b5c-cf03c4b3cc7a}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe DESERT420.vbs O33 - MountPoints2\{45446f5e-a16d-11e2-acbb-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{45446f5e-a16d-11e2-acbb-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{45446f5e-a16d-11e2-acbb-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe DESERT420.vbs O33 - MountPoints2\{667780fa-a1d5-11e2-8b65-0017c45e89d0}\Shell - "" = AutoRun O33 - MountPoints2\{667780fa-a1d5-11e2-8b65-0017c45e89d0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{667780fa-a1d5-11e2-8b65-0017c45e89d0}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe KLAUS.vbs O33 - MountPoints2\{667780fb-a1d5-11e2-8b65-0017c45e89d0}\Shell - "" = AutoRun O33 - MountPoints2\{667780fb-a1d5-11e2-8b65-0017c45e89d0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{667780fb-a1d5-11e2-8b65-0017c45e89d0}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe KLAUS.vbs O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/04/25 13:53:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2013/04/25 10:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Tufu - Haesslon [2013/04/25 10:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR [2013/04/25 10:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader [2013/04/25 10:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo [2013/04/25 10:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Yontoo [2013/04/25 10:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2013/04/23 23:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes [2013/04/23 23:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/04/23 23:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2013/04/23 23:49:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013/04/23 23:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/04/16 13:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\.mono [2013/04/11 23:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Jetzt Schämst Du Dich! [2013/04/11 23:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Der Stoff, aus dem die Regenschirme sind [2013/04/11 23:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Retrogott Und Hulk Hodn - Fresh Und Umbenannt (2013) 320 [2013/04/11 22:39:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2013/04/11 13:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft LifeCam [2013/04/11 13:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam [2013/04/11 13:44:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs [2013/04/11 13:38:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer [2013/04/11 13:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild [2013/04/11 13:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies [2013/04/11 13:38:06 | 000,000,000 | ---D | C] -- C:\e0bc98650275ba8a07 [2013/04/11 13:36:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/04/11 02:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/04/10 22:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\gtk-2.0 [2013/04/10 22:21:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\.purple [2013/04/10 19:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\LucasArts [2013/04/10 18:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\LucasArts [2013/04/10 18:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Thunderbird [2013/04/10 18:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird [2013/04/10 18:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013/04/10 18:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\Pidgin [2013/04/10 18:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite [2013/04/10 18:36:21 | 000,466,008 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys [2013/04/10 18:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite [2013/04/10 18:36:14 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2013/04/10 18:33:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2013/04/10 18:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\dumps [2013/04/10 18:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam [2013/04/10 18:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Steam [2013/04/10 18:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Steam [2013/04/10 16:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe [2013/04/10 16:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013/04/10 16:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013/04/10 16:13:59 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache [2013/04/10 16:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP [2013/04/10 16:12:35 | 000,017,408 | R--- | C] (Marvell Semiconductor, Inc.) -- C:\WINDOWS\System32\drivers\mvusbews.sys [2013/04/10 16:11:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2013/04/10 16:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2013/04/10 16:11:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HP [2013/04/10 14:22:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Winamp [2013/04/10 14:21:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages [2013/04/10 14:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp [2013/04/10 14:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Winamp [2013/04/10 14:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\KVIrc4 [2013/04/10 14:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Downloads [2013/04/10 13:54:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KVIrc [2013/04/10 13:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\KVIrc [2013/04/10 03:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Windows.7.Ultimate.mit.SP1.7601.x64.677306.DVD.ISO.Mai.2011.German-PLZ [2013/04/10 03:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows 7 USB DVD Download Tool [2013/04/10 03:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apps [2013/04/10 02:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DeepBurner [2013/04/10 02:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DeepBurner [2013/04/10 02:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\Astonsoft [2013/04/10 02:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\temp [2013/04/10 01:37:25 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer [2013/04/10 01:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC [2013/04/10 01:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines [2013/04/10 01:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared [2013/04/10 01:37:19 | 000,000,000 | R--D | C] -- C:\Program Files [2013/04/10 01:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files [2013/04/10 01:36:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup [2013/04/10 01:36:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu [2013/04/10 01:36:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents [2013/04/10 01:36:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates [2013/04/10 01:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites [2013/04/10 01:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop [2013/04/10 01:36:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2 [2013/04/10 01:36:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot [2013/04/10 01:36:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2013/04/10 01:36:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data [2013/04/10 01:35:55 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013/04/10 01:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings [2013/04/10 01:30:16 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts [2013/04/10 01:30:16 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache [2013/04/10 01:30:16 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web [2013/04/10 01:30:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32 [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32 [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\system [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\security [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\java [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076 [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052 [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054 [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042 [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041 [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037 [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033 [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031 [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028 [2013/04/10 01:30:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025 [2013/04/09 23:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities [2013/04/09 23:54:09 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information [2013/04/09 23:54:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures [2013/04/09 23:54:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music [2013/04/09 23:54:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft [2013/04/09 23:54:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies [2013/04/09 23:54:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo [2013/04/09 23:54:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent [2013/04/09 23:54:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data [2013/04/09 23:54:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup [2013/04/09 23:54:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu [2013/04/09 23:54:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents [2013/04/09 23:54:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites [2013/04/09 23:54:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories [2013/04/09 23:54:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates [2013/04/09 23:54:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood [2013/04/09 23:54:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood [2013/04/09 23:54:03 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings [2013/04/09 23:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft [2013/04/09 23:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop [2013/04/09 23:53:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution [2013/04/09 23:53:42 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft [2013/04/09 23:53:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2013/04/09 23:53:41 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2013/04/09 23:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2013/04/09 23:52:35 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2013/04/09 23:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2013/04/09 23:51:01 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2013/04/09 23:51:01 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2013/04/09 23:51:01 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll [2013/04/09 23:49:53 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2013/04/09 23:49:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom [2013/04/09 23:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\xerox [2013/04/09 23:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage [2013/04/09 23:48:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM [2013/04/09 23:48:00 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files [2013/04/09 23:48:00 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages [2013/04/09 23:47:50 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate [2013/04/09 23:47:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX [2013/04/09 23:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services [2013/04/09 23:47:03 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks [2013/04/09 23:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap [2013/04/09 23:46:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst [2013/04/09 23:46:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed [2013/04/09 23:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker [2013/04/09 23:46:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore [2013/04/09 23:46:12 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting [2013/04/09 23:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express [2013/04/09 23:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System [2013/04/09 23:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer [2013/04/09 23:45:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures [2013/04/09 23:45:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games [2013/04/09 23:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications [2013/04/09 23:45:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools [2013/04/09 23:45:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration [2013/04/09 23:45:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music [2013/04/09 23:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player [2013/04/09 23:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services [2013/04/09 23:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger [2013/04/09 23:44:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone [2013/04/09 23:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSN [2013/04/09 23:44:04 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe [2013/04/09 23:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT [2013/04/09 23:44:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US [2013/04/09 23:43:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc [2013/04/09 23:43:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com [2013/04/09 23:43:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos [2013/04/09 23:43:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories [2013/04/09 10:31:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2013/04/09 03:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Launch Manager [2013/04/09 03:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager [2013/04/09 03:15:24 | 000,207,368 | ---- | C] (Dritek System Inc.) -- C:\WINDOWS\UNINST32.EXE [2013/04/09 03:15:24 | 000,005,120 | ---- | C] (Dritek System Inc.) -- C:\WINDOWS\System32\FILTRCOI.DLL [2013/04/09 03:05:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups [2013/04/09 03:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2013/04/09 02:36:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2013/04/09 02:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun [2013/04/09 02:35:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2013/04/09 02:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013/04/09 02:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013/04/09 02:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun [2013/04/09 02:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia [2013/04/09 02:33:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe [2013/04/09 02:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe [2013/04/09 02:29:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang [2013/04/09 02:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip [2013/04/09 02:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013/04/09 02:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads [2013/04/09 02:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla [2013/04/09 02:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla [2013/04/09 02:23:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/04/09 02:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2013/04/09 02:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla [2013/04/09 02:20:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM [2013/04/09 02:20:26 | 002,808,832 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe [2013/04/09 02:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013/04/09 02:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI [2013/04/09 02:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ATI [2013/04/09 02:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ATI [2013/04/09 02:16:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center [2013/04/09 02:13:05 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly [2013/04/09 02:12:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET [2013/04/09 02:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2013/04/09 02:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2013/04/09 02:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\QMI [2013/04/09 02:07:17 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2013/04/09 02:07:09 | 000,393,216 | ---- | C] (Quanta Microsystems, Inc.) -- C:\WINDOWS\System32\QmiInstDev.exe [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/04/25 14:00:42 | 001,003,230 | RHS- | M] () -- C:\WINDOWS\System32\DESERT420.vbs [2013/04/25 13:58:42 | 001,003,230 | RHS- | M] () -- C:\DESERT420.vbs [2013/04/25 13:58:42 | 000,000,100 | RHS- | M] () -- C:\autorun.inf [2013/04/25 13:56:56 | 000,432,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/04/25 13:56:56 | 000,067,510 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/04/25 13:55:47 | 000,377,856 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer_2.1.19163.exe [2013/04/25 13:53:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2013/04/25 13:52:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/04/25 13:51:37 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable [2013/04/25 13:51:08 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe [2013/04/25 13:41:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/04/25 12:41:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/04/25 10:42:07 | 000,001,658 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk [2013/04/23 23:49:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013/04/21 20:19:27 | 000,091,106 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\untitled.JPG [2013/04/18 05:23:18 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013/04/11 22:39:35 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2013/04/11 13:48:17 | 000,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/04/11 13:45:43 | 000,001,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft LifeCam.lnk [2013/04/10 22:32:53 | 000,000,076 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Counter-Strike Source.url [2013/04/10 21:36:04 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/04/10 19:00:16 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Star Wars Knights of the Old Republic.lnk [2013/04/10 18:50:52 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2013/04/10 18:50:23 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Pidgin.lnk [2013/04/10 18:24:59 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk [2013/04/10 17:06:12 | 001,003,230 | RHS- | M] () -- C:\KLAUS.vbs [2013/04/10 16:34:38 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk [2013/04/10 16:12:46 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_mvusbews_01007.Wdf [2013/04/10 16:12:45 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf [2013/04/10 14:22:24 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk [2013/04/10 14:21:54 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2013/04/10 14:09:34 | 000,000,147 | ---- | M] () -- C:\Documents and Settings\Administrator\kvirc4.ini [2013/04/10 13:54:31 | 000,001,560 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\KVIrc.lnk [2013/04/10 03:26:46 | 000,002,583 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Windows 7 USB DVD Download Tool.lnk [2013/04/10 03:24:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013/04/10 02:54:50 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DeepBurner.lnk [2013/04/10 01:37:29 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF [2013/04/09 23:54:18 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2013/04/09 23:52:38 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD [2013/04/09 23:51:34 | 000,000,780 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2013/04/09 23:49:04 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2013/04/09 23:49:04 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2013/04/09 23:49:04 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2013/04/09 23:49:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2013/04/09 23:49:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2013/04/09 23:49:00 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2013/04/09 23:49:00 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2013/04/09 23:48:51 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2013/04/09 23:45:29 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2013/04/09 03:16:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Setup.INI [2013/04/09 03:15:51 | 000,000,083 | ---- | M] () -- C:\WINDOWS\LManager.UNI [2013/04/09 02:29:56 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav [2013/04/09 02:29:56 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav [2013/04/09 02:23:02 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2013/04/09 02:18:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/04/25 13:55:47 | 000,377,856 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer_2.1.19163.exe [2013/04/25 13:51:31 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable [2013/04/25 13:51:07 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe [2013/04/25 10:42:07 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk [2013/04/25 10:42:02 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader.lnk [2013/04/25 10:42:02 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Uninstaller.lnk [2013/04/25 10:42:02 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Update.lnk [2013/04/23 23:49:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013/04/21 20:19:27 | 000,091,106 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\untitled.JPG [2013/04/18 05:23:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2013/04/11 13:45:43 | 000,001,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft LifeCam.lnk [2013/04/11 13:39:17 | 000,206,808 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2013/04/10 22:32:53 | 000,000,076 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Counter-Strike Source.url [2013/04/10 19:00:16 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Star Wars Knights of the Old Republic.lnk [2013/04/10 18:50:52 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2013/04/10 18:50:51 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Thunderbird.lnk [2013/04/10 18:50:23 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Pidgin.lnk [2013/04/10 18:43:15 | 001,003,230 | RHS- | C] () -- C:\DESERT420.vbs [2013/04/10 18:24:59 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk [2013/04/10 17:06:12 | 001,003,230 | RHS- | C] () -- C:\KLAUS.vbs [2013/04/10 17:06:12 | 001,003,230 | RHS- | C] () -- C:\WINDOWS\System32\DESERT420.vbs [2013/04/10 17:06:12 | 000,000,100 | RHS- | C] () -- C:\autorun.inf [2013/04/10 16:34:38 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk [2013/04/10 16:34:38 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk [2013/04/10 16:12:47 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE [2013/04/10 16:12:47 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL [2013/04/10 16:12:47 | 000,047,104 | R--- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll [2013/04/10 16:12:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_mvusbews_01007.Wdf [2013/04/10 16:12:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf [2013/04/10 16:12:35 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\mvusbews.dll [2013/04/10 16:11:20 | 000,284,160 | R--- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll [2013/04/10 14:22:24 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk [2013/04/10 14:09:34 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\Administrator\kvirc4.ini [2013/04/10 13:54:31 | 000,001,560 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\KVIrc.lnk [2013/04/10 03:26:46 | 000,002,583 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Windows 7 USB DVD Download Tool.lnk [2013/04/10 02:54:50 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DeepBurner.lnk [2013/04/10 01:37:29 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF [2013/04/10 01:37:28 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2013/04/10 01:37:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2013/04/10 01:37:22 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd [2013/04/10 01:37:22 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf [2013/04/10 01:37:21 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa [2013/04/10 01:37:20 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa [2013/04/10 01:36:58 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2013/04/10 01:36:48 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT [2013/04/10 01:36:48 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [2013/04/10 01:36:48 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat [2013/04/10 01:36:48 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat [2013/04/10 01:36:48 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT [2013/04/10 01:36:48 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat [2013/04/10 01:36:48 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT [2013/04/10 01:36:48 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat [2013/04/10 01:36:48 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT [2013/04/10 01:36:48 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat [2013/04/10 01:36:48 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT [2013/04/10 01:36:48 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT [2013/04/10 01:36:48 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT [2013/04/10 01:36:48 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT [2013/04/10 01:36:48 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [2013/04/10 01:36:48 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat [2013/04/10 01:36:47 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT [2013/04/10 01:36:47 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT [2013/04/10 01:36:47 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT [2013/04/10 01:35:54 | 000,093,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/04/10 01:35:09 | 000,000,211 | -HS- | C] () -- C:\boot.ini [2013/04/10 01:35:06 | 000,000,780 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf [2013/04/09 23:54:18 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2013/04/09 23:54:12 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk [2013/04/09 23:54:09 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk [2013/04/09 23:54:04 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk [2013/04/09 23:54:04 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk [2013/04/09 23:52:38 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD [2013/04/09 23:51:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2013/04/09 23:50:55 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll [2013/04/09 23:50:40 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex [2013/04/09 23:50:33 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe [2013/04/09 23:50:31 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe [2013/04/09 23:50:29 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex [2013/04/09 23:50:17 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll [2013/04/09 23:50:10 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex [2013/04/09 23:50:06 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll [2013/04/09 23:49:55 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll [2013/04/09 23:49:04 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT [2013/04/09 23:49:04 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2013/04/09 23:49:04 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2013/04/09 23:49:04 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS [2013/04/09 23:49:04 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT [2013/04/09 23:49:00 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb [2013/04/09 23:49:00 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb [2013/04/09 23:48:59 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx [2013/04/09 23:47:49 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk [2013/04/09 23:47:36 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex [2013/04/09 23:47:17 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp [2013/04/09 23:47:17 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp [2013/04/09 23:47:09 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf [2013/04/09 23:46:20 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll [2013/04/09 23:45:31 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk [2013/04/09 23:45:29 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2013/04/09 23:45:04 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk [2013/04/09 23:44:34 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp [2013/04/09 23:44:34 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp [2013/04/09 23:44:34 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp [2013/04/09 23:44:34 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp [2013/04/09 23:44:34 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp [2013/04/09 23:44:33 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp [2013/04/09 23:44:33 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp [2013/04/09 23:44:33 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp [2013/04/09 23:44:33 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp [2013/04/09 23:44:33 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp [2013/04/09 23:44:33 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp [2013/04/09 23:44:29 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h [2013/04/09 23:44:29 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd [2013/04/09 23:44:28 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h [2013/04/09 23:44:21 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc [2013/04/09 03:16:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Setup.INI [2013/04/09 03:15:51 | 000,000,083 | ---- | C] () -- C:\WINDOWS\LManager.UNI [2013/04/09 02:33:07 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/04/09 02:29:56 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav [2013/04/09 02:29:56 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav [2013/04/09 02:23:02 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2013/04/09 02:23:02 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2013/04/09 02:20:54 | 000,000,553 | ---- | C] () -- C:\WINDOWS\USetup.iss [2013/04/09 02:20:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2013/04/09 02:20:32 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat [2013/04/09 02:20:32 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat [2013/04/09 02:20:32 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat [2013/04/09 02:18:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2013/04/09 02:07:09 | 000,000,774 | ---- | C] () -- C:\WINDOWS\System32\QmiInfo.cfg [2013/04/09 02:00:51 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/12/13 02:58:28 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2012/12/13 02:58:28 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2012/12/13 02:58:28 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2012/12/13 02:58:28 | 000,168,883 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat ========== ZeroAccess Check ========== [2013/04/09 02:13:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 13:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 13:41:54 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 13:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013/04/16 13:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.mono [2013/04/25 13:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.purple [2013/04/10 18:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite [2013/04/10 03:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DeepBurner [2013/04/10 14:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\KVIrc4 [2013/04/10 18:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird [2013/04/25 13:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Yontoo [2013/04/10 18:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2013/04/25 10:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 4/25/2013 1:58:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.22 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 81.51% Memory free
4.06 Gb Paging File | 3.74 Gb Available in Paging File | 92.04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 267.52 Gb Free Space | 89.75% Space Free | Partition Type: NTFS
Computer Name: DESERT420 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\Steam\SteamApps\common\Counter-Strike Source\hl2.exe" = C:\Program Files\Steam\SteamApps\common\Counter-Strike Source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0C3651D8-22A4-E868-62FD-50A416853E2A}" = CCC Help Chinese Standard
"{0D9FEB48-2CAC-F487-5AB6-C2E7F83C8F60}" = CCC Help Chinese Traditional
"{0ED4D7CF-DB92-0D72-3DD3-846A8B57013D}" = Catalyst Control Center Localization Hungarian
"{0FDC2255-9294-4303-B05B-B4C6E89C2BB5}" = CCC Help Japanese
"{137847CE-F4FC-7EF7-42B0-13A846C3B647}" = Catalyst Control Center Localization Finnish
"{18E410C2-9A08-0D5A-A8AC-B7E29780C93B}" = CCC Help Finnish
"{1AAEF53D-30FA-1667-EEE1-68B9180F12C6}" = Catalyst Control Center Core Implementation
"{2015DEE7-7F87-CCD5-BEB6-5D543EBEC9AE}" = Catalyst Control Center Localization Portuguese
"{22E12B40-C565-5957-1CC1-E7BEBC1B77B7}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic (TM)
"{2BA2F736-7663-4C76-9425-40890A46F995}" = Catalyst Control Center - Branding
"{2DE88B87-AF8D-A391-9222-554181BEA2B9}" = Catalyst Control Center Graphics Full New
"{2E0FED74-0E65-2C6D-B834-E0EFD4BD5EDE}" = CCC Help Italian
"{3489FFCA-2355-5F31-F729-0CFF20950027}" = ccc-core-preinstall
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C0F0A1B-F2EC-AD3C-52AF-4DA06B09D83B}" = CCC Help Thai
"{3D195D09-5791-1AE0-A1D4-6835F3F2545A}" = Catalyst Control Center Localization Chinese Standard
"{3D3CA279-884F-8CD6-1ACA-EBAB94AB9F3F}" = Catalyst Control Center Localization Polish
"{3F23A07B-123C-9F57-609D-8D153916F49A}" = Catalyst Control Center Localization Thai
"{423799F1-0BD5-4B2D-8BD6-2A49BCEA583B}" = Atheros Wireless LAN Client Adapter
"{43CD2B7E-3697-D04D-0C42-9CF69B7897A2}" = Catalyst Control Center Localization Korean
"{44033775-1CE2-883D-9FF0-D3645A7C3368}" = Catalyst Control Center Localization Japanese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{627BF8BE-E723-4FA2-DFD5-2BF2CA7000EB}" = CCC Help French
"{643162B0-CFA4-9618-79A3-8FB0D58955C0}" = CCC Help Greek
"{645424AF-2ABB-3ED3-DC56-DEC371740F98}" = Catalyst Control Center Localization Dutch
"{6455DD26-368B-9B09-BDDD-1F27C59E40F2}" = CCC Help Norwegian
"{65F075C5-E1A4-B376-3E7C-BE724FE76052}" = CCC Help English
"{68B5A52F-CE99-0057-191F-66463728B2C9}" = Catalyst Control Center Localization Danish
"{6950EB38-C368-7BA4-A2FA-650A0834363B}" = CCC Help Czech
"{6D03AB23-1E1B-9BF0-4C91-98E2CFB5010A}" = CCC Help German
"{756CC70B-F63A-BDC2-46C9-D4E6BA1E4CDF}" = Catalyst Control Center Localization Italian
"{75DFA344-E460-37FA-A479-8704FBD11532}" = CCC Help Swedish
"{812E3EDD-A282-1E4A-2E93-4E30EEDC1064}" = CCC Help Polish
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.052
"{892DAC32-2E42-825A-F347-F48B4ADA77F8}" = CCC Help Spanish
"{8AE0C0CC-A09D-9415-7311-9C9C5553B1D6}" = Catalyst Control Center Localization Czech
"{9EB786BC-34AE-B8C2-BAD3-59E48A66CC72}" = CCC Help Korean
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E8536F-5F70-FD7C-1DD7-C19242C1007E}" = CCC Help Russian
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B7B74DFC-9255-7E51-3F4C-34CB0006FA23}" = Catalyst Control Center Localization Spanish
"{B7BAB0E7-47F7-6DD7-7AAE-89103D08D445}" = Catalyst Control Center Localization Russian
"{B7E48B3F-E36A-4DFC-838C-89B2FC8874BA}" = Catalyst Control Center Localization Norwegian
"{B8040D64-3140-FAB7-4D3A-EE341ED906AF}" = Catalyst Control Center Localization French
"{B89F8614-157A-F2C7-F59A-41D56BAD91C4}" = CCC Help Hungarian
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3F9FFFB-D994-BC9E-713A-B472821A85AA}" = CCC Help Danish
"{C625B0D0-F630-AA2D-4D3F-D25E157D974D}" = CCC Help Turkish
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CD946097-A4AD-4BA4-C181-B500F38C9340}" = Catalyst Control Center Localization German
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0CB445F-3003-5706-6231-05AF99422F09}" = Catalyst Control Center Graphics Light
"{D5CB2D47-80CE-22D8-CCAF-BEB68769B017}" = Catalyst Control Center Localization Greek
"{D7F6DCFD-DA39-D1E8-C12D-94B0BAA8C4F5}" = Catalyst Control Center Graphics Full Existing
"{DD70931C-B0ED-5519-951E-6819D1850389}" = ccc-utility
"{DECCA8AE-D9EC-00C0-0A78-9F95FF2AAC1B}" = CCC Help Dutch
"{DF6382FE-F95D-CED9-28DB-29C110CC5790}" = Catalyst Control Center Localization Swedish
"{E702CB52-4691-5EAF-E242-D5123FFEBB19}" = Catalyst Control Center Localization Turkish
"{F0F9FE06-4E18-0822-AA2A-93054C6DDA6C}" = ccc-core-static
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F99808D3-76CF-388A-2F53-24DA6735FE5A}" = Catalyst Control Center Localization Chinese Traditional
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"DAEMON Tools Lite" = DAEMON Tools Lite
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"KVIrc" = KVIrc
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Pidgin" = Pidgin
"Steam App 240" = Counter-Strike: Source
"Steam App 33910" = Arma 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/9/2013 9:20:25 PM | Computer Name = DESERT420 | Source = MsiInstaller | ID = 10005
Description = Product: Windows 7 USB/DVD Download Tool -- This application requires
the Image Mastering API v2. Please install the Image Mastering API then run this
installer again.
Error - 4/9/2013 9:27:57 PM | Computer Name = DESERT420 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.
[ System Events ]
Error - 4/21/2013 4:35:20 PM | Computer Name = DESERT420 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Steam Client Service
service to connect.
Error - 4/21/2013 4:35:20 PM | Computer Name = DESERT420 | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053
< End of report >
GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-25 15:09:14
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298.09GB
Running: gmer_2.1.19163.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kgtdypow.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6D2F000, 0x189FCA, 0xE8000020]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDF 0x6B 0x91 0xC4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0x54 0x13 0x48 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD5 0x52 0x16 0xD5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDF 0x6B 0x91 0xC4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0x54 0x13 0x48 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD5 0x52 0x16 0xD5 ...
---- EOF - GMER 2.1 ----
Falls ihr mehr Infos benoetigt, einfach bescheid geben  Ich hoffe ihr koennt mir helfen und danke euch auch schonmal MfG Flaex |
|
25.04.2013, 15:22
| #2 |
| /// Malwareteam / Visitor  | Trojanerproblem/*.vbs entdeckt Hallo ich bin smeenk und ich werde versuchen dir mit deinem Problem zu helfen
__________________Systemscan mit ZOEK Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
Bitte poste in deiner nächsten Antwort:
|
|
25.04.2013, 15:37
| #3 | |
| | Trojanerproblem/*.vbs entdeckt Hi smeenk,
__________________vielen Dank schonmal fuer deine Hilfe, habe den Scan gemacht, hier die Logfile: Zitat:
|
|
25.04.2013, 16:02
| #4 |
| /// Malwareteam / Visitor | Trojanerproblem/*.vbs entdeckt Öffne nochmal ZOEK und kopiere untenstehende Code in das Textfeld: Code:
ATTFilter C:\DESERT420.vbs;fp
C:\WINDOWS\System32\DESERT420.vbs;fp
C:\autorun.inf;fp
C:\KLAUS.vbs;fp
C:\*.vbs;vs
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Pidgin.lnk;fp
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
"Yontoo Desktop"=-;r
Poste mir das neue Log von Zoek. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Geändert von smeenk (25.04.2013 um 16:12 Uhr) |
|
25.04.2013, 16:22
| #5 |
| | Trojanerproblem/*.vbs entdeckt Ich muss jetzt nochmal zur Uni und bin danach noch unterwegs. Werde heute Abend oder morgen Vormittag weiter deinen Schritten folgen und die Logs hochladen. Bis hierhin schonmal besten Dank fuer deine Zeit und bis Morgen |
|
25.04.2013, 17:17
| #6 |
| /// Malwareteam / Visitor | Trojanerproblem/*.vbs entdeckt Kein Problem Eine Zip-datei soll beim laufen von Zoek.exe erstellt worden: z.b. C:\Documents and Settings\All Users\Desktop\sample__1851.zip Kannst Du diese Datei hier hochladen: daten-hoster.de - Daten kostenlos hochladen, speichern und teilen Nachher bekommst du eine Link, poste diesen Link hier in dein nächstes Beitrag. Die link in Code-Tags posten: [code] der Link hier [/code] |
|
27.04.2013, 12:26
| #7 |
| | Trojanerproblem/*.vbs entdeckt So, heute kam ich endlich dazu mich um den Laptop zu kuemmern. Allerdings bekomme ich von daten-hoster keine Mail?!(liegt auch nicht im Spam) Wenn du nen alternativen Hoster hast, nur her damit Anbei schonmal die beiden Logfiles Zoek Logfile Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 23-04-2013
Tool run by Administrator on Fri 04/26/2013 at 11:46:36.95.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
==== Creating Sample_20130426_1147.zip ======================
Copied file C:\DESERT420.vbs to sample
Copied file C:\WINDOWS\System32\DESERT420.vbs to sample
Copied file C:\autorun.inf to sample
Copied file C:\KLAUS.vbs to sample
Copied file C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Pidgin.lnk to sample
sample\autorun.inf renamed to 4A578315DA675E4794338D824AA8AA61
sample\DESERT420.vbs renamed to CABA1458963FE92185FA5DA684EB175C
sample\KLAUS.vbs renamed to 3F5C06D9738935DC5B4B1CBAF55317AB
sample\Pidgin.lnk renamed to 73BDAAC8C07846C55F4736E3F5A3884D
C:\Documents and Settings\All Users\Desktop\sample_20130426_1147.zip created successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yontoo Desktop"=-
==== Deleting Files \ Folders ======================
"C:\DESERT420.vbs" deleted
"C:\autorun.inf" deleted
"C:\KLAUS.vbs" deleted
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Pidgin.lnk" deleted
==== Files Found C:\*.vbs ======================
2001-08-23 10:00:00 15860 ----a-w- 5CED90627A04EC02F5023816CDBB69BA C:\WINDOWS\system32\prnqctl.vbs
2001-08-23 10:00:00 15860 -c--a-w- 5CED90627A04EC02F5023816CDBB69BA C:\WINDOWS\system32\dllcache\prnqctl.vbs
2001-08-23 10:00:00 167219 ----a-w- 65771F818306EEBBCBE4ABD9BF01AE1B C:\WINDOWS\system32\pagefileconfig.vbs
2001-08-23 10:00:00 167219 -c--a-w- 65771F818306EEBBCBE4ABD9BF01AE1B C:\WINDOWS\system32\dllcache\pagefile.vbs
2001-08-23 10:00:00 21527 ----a-w- CDCAA536A14C6564F1EFD304DCBA773F C:\WINDOWS\system32\prnjobs.vbs
2001-08-23 10:00:00 21527 -c--a-w- CDCAA536A14C6564F1EFD304DCBA773F C:\WINDOWS\system32\dllcache\prnjobs.vbs
2001-08-23 10:00:00 25415 ----a-w- 5E1178ECAAC473B2E50F3D6F09794D62 C:\WINDOWS\system32\prndrvr.vbs
2001-08-23 10:00:00 25415 -c--a-w- 5E1178ECAAC473B2E50F3D6F09794D62 C:\WINDOWS\system32\dllcache\prndrvr.vbs
2001-08-23 10:00:00 29454 ----a-w- 55EB62F65989F8807D4E6489B8EABA95 C:\WINDOWS\system32\prnport.vbs
2001-08-23 10:00:00 29454 -c--a-w- 55EB62F65989F8807D4E6489B8EABA95 C:\WINDOWS\system32\dllcache\prnport.vbs
2001-08-23 10:00:00 32546 ----a-w- 4460B82D83B9EC9E47489B26CA4E80C1 C:\WINDOWS\system32\prnmngr.vbs
2001-08-23 10:00:00 32546 -c--a-w- 4460B82D83B9EC9E47489B26CA4E80C1 C:\WINDOWS\system32\dllcache\prnmngr.vbs
2001-08-23 10:00:00 35755 ----a-w- 478A1DAC75FE6C1BFCD873A4D212401A C:\WINDOWS\system32\prncnfg.vbs
2001-08-23 10:00:00 35755 -c--a-w- 478A1DAC75FE6C1BFCD873A4D212401A C:\WINDOWS\system32\dllcache\prncnfg.vbs
2001-08-23 10:00:00 3708 ----a-w- CDF815D1673A0A030D36A39E98CC00BD C:\WINDOWS\system32\pubprn.vbs
2001-08-23 10:00:00 3708 -c--a-w- CDF815D1673A0A030D36A39E98CC00BD C:\WINDOWS\system32\dllcache\pubprn.vbs
2001-08-23 10:00:00 97965 ----a-w- 39660B8AB452876C12CE3981314B12A0 C:\WINDOWS\system32\eventquery.vbs
2001-08-23 10:00:00 97965 -c--a-w- 39660B8AB452876C12CE3981314B12A0 C:\WINDOWS\system32\dllcache\evtquery.vbs
2013-04-26 09:47:55 1003230 ----a-w- CABA1458963FE92185FA5DA684EB175C C:\DESERT420.vbs
2013-04-26 09:47:55 1003230 ----a-w- CABA1458963FE92185FA5DA684EB175C C:\WINDOWS\system32\DESERT420.vbs
Code:
ATTFilter # AdwCleaner v2.202 - Logfile created 04/27/2013 at 13:10:57
# Updated 23/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - DESERT420
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\Software\Tarma Installer
***** [Internet Browsers] *****
-\\ Internet Explorer v6.0.2900.5512
[OK] Registry is clean.
-\\ Mozilla Firefox v20.0.1 (de)
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qi52n93s.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [2081 octets] - [27/04/2013 13:10:57]
########## EOF - C:\AdwCleaner[S1].txt - [2141 octets] ##########
Geändert von Flaex91 (27.04.2013 um 12:28 Uhr) Grund: Ergaenzung |
|
27.04.2013, 12:31
| #8 |
| /// Malwareteam / Visitor | Trojanerproblem/*.vbs entdeckt Versuch diese mal: Gratis bestanden delen en uploaden via Mijn Bestand! (ist niederländisch aber wird wohl klappen, denke ich )Öffne nochmal ZOEK und kopiere untenstehende Code in das Textfeld: Code:
ATTFilter C:\DESERT420.vbs;f
C:\WINDOWS\system32\DESERT420.vbs;f
Poste mir das neue Log von Zoek. |
|
27.04.2013, 12:46
| #9 |
| | Trojanerproblem/*.vbs entdeckt Hat funktioniert Code:
ATTFilter hxxp://www.mijnbestand.nl/Bestand-THEP7ZAMLHGZ.zip
und neueste Zoek Logfile: Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 23-04-2013
Tool run by Administrator on Sat 04/27/2013 at 13:47:42.51.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
==== Deleting Files \ Folders ======================
"C:\DESERT420.vbs" not deleted
After Reboot
==== Deleting Files / Folders ======================
"C:\DESERT420.vbs" not found
Geändert von Flaex91 (27.04.2013 um 12:47 Uhr) Grund: link korrektur |
|
27.04.2013, 13:02
| #10 |
| /// Malwareteam / Visitor | Trojanerproblem/*.vbs entdeckt Es ist möglich dass diese VBS-Dateien auch auf eine oder mehrere USB-sticks stehen, beim verwenden wird es vielleicht automatisch wieder auf dein Rechner installiert. Autorun ist eine Funktion von Windows die ausgeführt wird, wenn ein neues externes Medium an den Rechner angeschlossen wird:
Externe Medien desinfizieren und absichern Schalte Antiviren-Programm und Firewall ab, da der Flash_Disinfector irrtümlich von manchen Anti-Virus-Programmen als Schädling erkannt wird, was er aber nicht ist. Lade Flash Disinfector von sUBs herunter und speichere die Datei auf Deinem Desktop.
|
|
27.04.2013, 13:51
| #11 |
| | Trojanerproblem/*.vbs entdeckt So, Flashdisinfector hab ich auch laufen lassen, allerdings ist nach dem Neustart immernoch eine 420Desert.vbs und eine Autorun.inf auf dem USB Stick, gleiches bei der externen Festplatte. |
|
27.04.2013, 14:33
| #12 |
| /// Malwareteam / Visitor | Trojanerproblem/*.vbs entdeckt Kannst du die 420Desert.vbs-dateien manuell löschen? |
|
27.04.2013, 14:59
| #13 |
| | Trojanerproblem/*.vbs entdeckt jop, habe gerade beide geloescht und den papierkorb geleert. Wenn ich meinen USB Stick anschliesse erhalte ich in unregelmaessigen abstaenden folgende warnmelmdung Code:
ATTFilter hxxp://imgur.com/6KbocWK
|
|
27.04.2013, 15:12
| #14 | |
| /// Malwareteam / Visitor | Trojanerproblem/*.vbs entdeckt Ich fand dieser Lösung: Zitat:
|
|
27.04.2013, 16:12
| #15 |
| | Trojanerproblem/*.vbs entdeckt ah, vielen dank ist wegen der .vbs noch irgendetwas zu machen? |
|
| Themen zu Trojanerproblem/*.vbs entdeckt |
| adobe, adobe flash player, bho, entfernen, error, explorer, failed, festplatte, firefox, flash player, fontcache, format, harddisk, helper, infizierte, installation, launch, logfile, malwarebytes, microsoft, mozilla, msiinstaller, plug-in, realtek, rundll, security, software, tarma, temp, third party, trojaner, wscript.exe |
Linear-Darstellung
