| |
| |||||||
Log-Analyse und Auswertung: Trojan.Generic.2861923 nach NeuinstallationWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.06.2010, 13:42
| #1 |
| |  Trojan.Generic.2861923 nach Neuinstallation Hallo! Ich habe vor kurzen einen ICQ Wurm auf meinen Rechner gehabt. Dadurch ich den nicht weg bekommen habe musste ich das System neu machen. Dies habe ich gestern getan. Ich habe nach Windows erstmal F-Secure Internet Security 2010 installiert und nur einige Treiber. Heute fahre ich mein System hoch und es begrüßt mich wieder einen Trojanermeldung: Trojan.Generic.2861923 Windows ist original, sowie Treiber CDs. Am Internet war der Rechner nicht. Einige Programme habe ich noch installiert die aber auch Original sind. Daher bin ich gerade sehr planlos was hier passiert. Weiter finde ich im Autostart "WinUpdater" unter den Pfad: Windows\System32\Iexplorer.exe In der Meldung von F-Secure stand der Pfad: Windows\SysWOW\Iexplorer.exe Ich wäre mega dankbar wenn mir jemand helfen kann. Mein System Windows 7 64Bit Antivirus: F-Secure Internet Security 2010 Hijack: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:20:49, on 03.06.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Program Files (x86)\F-Secure\Common\FSM32.EXE C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll O4 - HKLM\..\Run: [WinUpdate] C:\Windows\system32\lexplorer.exe O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKLM\..\Policies\Explorer\Run: [lexplorer] C:\Windows\system32\lexplorer.exe O4 - HKCU\..\Policies\Explorer\Run: [lexplorer] C:\Windows\system32\lexplorer.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: StarMoney 7.0 OnlineUpdate - Star Finanz - Software Entwicklung und Vertriebs GmbH - C:\Program Files (x86)\StarMoney 7.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7494 bytes |
|
03.06.2010, 15:07
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojan.Generic.2861923 nach Neuinstallation Hallo und
__________________ Zitat:
Hast Du richtig formatiert oder Windows nur drüberinstalliert? Wurden ausführbare Dateien, die vom infizierten System verarbeitet wurden, gestartet?
__________________ |
|
03.06.2010, 15:28
| #3 |
| | Trojan.Generic.2861923 nach Neuinstallation Natürlich komplett formatiert. Das einzige was ich mir denken könnte wie der wieder auf mein System kommt ist wenn er sich evtl. im Speicher festgesetzt hat. Aber... ich hab echt keine Ahnung und brauche meinen Rechner dringend zu Arbeiten.
__________________Im System an sich macht sich nicht viel bemerkbar außer halt im Autostart der WinUpdater eintrag. Aber ich hab zur Zeit echt sorgen irgendwo ein Passwort einzugeben oder gar OnlineBanking. |
|
03.06.2010, 15:39
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Generic.2861923 nach NeuinstallationZitat:
 Eine Formatierung überlebt ein Schädling nicht, der RAM kanns auch nicht sein. Was ist hiermit => Wurden ausführbare Dateien, die vom infizierten System verarbeitet wurden, gestartet?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.06.2010, 15:48
| #5 |
| | Trojan.Generic.2861923 nach Neuinstallation Nein eigentlich gar nichts. Die Programm die ich nich auf CD hatte hab ich mir direkt vom Hersteller ausm Netz geholt. Wie bekomm ich das wieder weg? Oder was passiert in mein System genau? |
|
03.06.2010, 19:57
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Generic.2861923 nach Neuinstallation Ich wollte erstmal klären, was die wahrscheinlichste Ursache für den erneuten Befall nach der Formatierung ist, es ist einfach nicht zielführend, wegen Schädlingsbefall zu formatieren und nach wenigen Tagen wieder die Pest drauf zu haben  Hast Du auf dem frisch installierten Windows irgendwelche externen Laufwerke angeschlossen? USB-Platten und Sticks?
__________________ --> Trojan.Generic.2861923 nach Neuinstallation |
|
03.06.2010, 20:53
| #7 |
| | Trojan.Generic.2861923 nach Neuinstallation Ich habe gesamt 3 extrerne Festplatten mit sehr viele Rohdaten und PSD Files. Ich bin in der Fotografie tätig. Ich kann mir ne vorstellen das diese Dateien auch betroffen sind. Zumindestens hatte ich keine Datei bis vorhin geöffnet. F-Secure findet jetzt bei einen kompletten Scan nichts.  |
|
03.06.2010, 21:00
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Generic.2861923 nach Neuinstallation Ok...dann mal bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.06.2010, 22:12
| #9 |
| | Trojan.Generic.2861923 nach Neuinstallation Erstmal OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.06.2010 23:05:57 - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Dave-RockZ\Downloads 64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 61,00% Memory free 12,00 Gb Paging File | 9,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,51 Gb Total Space | 876,65 Gb Free Space | 94,11% Space Free | Partition Type: NTFS Drive D: | 437,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded Drive F: | 465,76 Gb Total Space | 96,95 Gb Free Space | 20,81% Space Free | Partition Type: NTFS G: Drive not present or media not loaded Drive H: | 596,17 Gb Total Space | 200,53 Gb Free Space | 33,64% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Drive N: | 465,76 Gb Total Space | 69,72 Gb Free Space | 14,97% Space Free | Partition Type: NTFS Computer Name: DAVE-ROCKZ-PC Current User Name: Dave-RockZ Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Dave-RockZ\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) PRC - C:\Users\Dave-RockZ\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation) PRC - C:\Program Files (x86)\F-Secure\Anti-Virus\FSGK32.EXE (F-Secure Corporation) PRC - C:\Users\Dave-RockZ\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.) PRC - C:\Program Files (x86)\StarMoney 7.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE (F-Secure Corporation) PRC - C:\Program Files (x86)\F-Secure\Common\FSLAUNCH.EXE (F-Secure Corporation) PRC - C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) PRC - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) ========== Modules (SafeList) ========== MOD - C:\Users\Dave-RockZ\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation) SRV - (FSORSPClient) -- C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation) SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 7.0 Commerzbank-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (FSMA) -- C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE (F-Secure Corporation) SRV - (FSDFWD) -- C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe (F-Secure Corporation) SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation) SRV - (NIHardwareService) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (FSES) -- C:\Windows\SysNative\drivers\fses.sys (F-Secure Corporation) DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:64bit: - (FSFW) -- C:\Windows\SysNative\drivers\fsdfw.sys (F-Secure Corporation) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation) DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation) DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:64bit: - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\SysNative\drivers\USBAUDIO.sys (Microsoft Corporation) DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.) DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (F-Secure Gatekeeper) -- C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys () DRV - (CSC) -- C:\Windows\CSC [2010.06.02 22:59:04 | 000,000,000 | ---D | M] DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.) DRV - (F-Secure HIPS) -- C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (F-Secure Filter) -- C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSfilter.sys () DRV - (F-Secure Recognizer) -- C:\Program Files (x86)\F-Secure\Anti-Virus\Win2K\FSrec.sys () DRV - (fsvista) -- C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys () DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\ElbyCDIO.dll (Elaborate Bytes AG) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D9 A6 33 B5 16 03 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\F-Secure\NRS\litmus-ff@f-secure.com [2010.06.03 00:35:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.06.03 15:10:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.06.03 15:10:03 | 000,000,000 | ---D | M] [2010.06.02 23:45:02 | 000,000,000 | ---D | M] -- C:\Users\Dave-RockZ\AppData\Roaming\mozilla\Extensions [2010.06.02 23:45:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave-RockZ\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} O1 HOSTS File: ([2010.06.03 15:09:51 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\F-Secure\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - HKLM..\Run: [WinUpdate] C:\Windows\SysWow64\lexplorer.exe File not found O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: lexplorer = C:\Windows\system32\lexplorer.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: lexplorer = C:\Windows\system32\lexplorer.exe File not found O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.03.03 23:12:23 | 000,000,038 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2010.02.03 17:17:08 | 000,000,032 | ---- | M] () - N:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{46dc1c61-6e8a-11df-ad44-0025118adbd2}\Shell - "" = AutoRun O33 - MountPoints2\{46dc1c61-6e8a-11df-ad44-0025118adbd2}\Shell\AutoRun\command - "" = O:\Set-up.exe -- File not found O33 - MountPoints2\{99fa2a6c-6e89-11df-bd2e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{99fa2a6c-6e89-11df-bd2e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\smoney_m_23_0_j_.exe -- [2009.03.03 22:45:32 | 139,864,448 | R--- | M] (Acresso Software Inc.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.03 22:57:19 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Roaming\Malwarebytes [2010.06.03 22:57:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.06.03 22:57:10 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.06.03 22:57:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.03 22:57:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.06.03 22:46:47 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\Documents\Native Instruments [2010.06.03 22:45:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D69A48BF-7653-4AA8-94BC-5847522A4573} [2010.06.03 22:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Digidesign [2010.06.03 22:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments [2010.06.03 22:44:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222} [2010.06.03 22:44:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2} [2010.06.03 22:44:31 | 000,000,000 | ---D | C] -- C:\Programme\Native Instruments [2010.06.03 22:44:31 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Native Instruments [2010.06.03 22:37:47 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Local\QuickPar [2010.06.03 22:17:34 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Roaming\CommunicaEtor [2010.06.03 22:03:07 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\Tracing [2010.06.03 22:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2010.06.03 22:02:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010.06.03 22:02:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive [2010.06.03 22:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2010.06.03 22:01:53 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010.06.03 21:59:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2010.06.03 21:56:51 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Roaming\skypePM [2010.06.03 21:56:25 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Roaming\Skype [2010.06.03 21:56:09 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2010.06.03 21:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010.06.03 21:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2010.06.03 20:32:42 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Roaming\ICQ [2010.06.03 20:32:41 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Local\AOL [2010.06.03 20:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.2 [2010.06.03 16:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2010.06.03 16:36:21 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Roaming\Trillian [2010.06.03 16:32:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trillian [2010.06.03 16:21:49 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.06.03 15:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM [2010.06.03 15:27:45 | 001,645,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll [2010.06.03 15:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BurnAware Free [2010.06.03 15:25:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player [2010.06.03 15:19:50 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe [2010.06.03 15:18:59 | 000,000,000 | ---D | C] -- C:\Programme\Adobe [2010.06.03 15:17:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2010.06.03 15:17:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2010.06.03 15:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010.06.03 15:12:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2010.06.03 15:11:24 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Local\Apple Computer [2010.06.03 15:11:23 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Roaming\Apple Computer [2010.06.03 15:11:16 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll [2010.06.03 15:11:16 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll [2010.06.03 15:11:16 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2010.06.03 15:11:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2010.06.03 15:10:49 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Local\Google [2010.06.03 15:10:36 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.06.03 15:10:35 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.06.03 15:10:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2010.06.03 15:10:35 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2010.06.03 15:09:46 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Local\Adobe [2010.06.03 15:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.06.03 15:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010.06.03 15:09:34 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Local\Apple [2010.06.03 15:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2010.06.03 15:09:19 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple [2010.06.03 15:09:12 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.06.03 15:09:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2010.06.03 15:08:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2010.06.03 15:08:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2010.06.03 14:54:32 | 000,372,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NVUNINST.EXE [2010.06.03 14:54:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2010.06.03 14:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2010.06.03 14:48:22 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation [2010.06.03 14:20:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010.06.03 00:36:53 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft LifeCam [2010.06.03 00:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam [2010.06.03 00:35:59 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll [2010.06.03 00:35:57 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll [2010.06.03 00:33:08 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Roaming\system32 [2010.06.03 00:30:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2010.06.03 00:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\StarMoney 7.0 [2010.06.03 00:16:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarMoney 7.0 Commerzbank-Edition [2010.06.03 00:10:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes [2010.06.03 00:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2010.06.03 00:09:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.06.03 00:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2010.06.03 00:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2010.06.03 00:08:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2010.06.03 00:07:55 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2010.06.03 00:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe [2010.06.03 00:06:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nvu [2010.06.03 00:04:22 | 000,047,560 | ---- | C] (F-Secure Corporation) -- C:\Windows\SysNative\drivers\fses.sys [2010.06.03 00:04:18 | 000,574,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp50.dll [2010.06.03 00:04:18 | 000,094,024 | ---- | C] (F-Secure Corporation) -- C:\Windows\SysNative\drivers\fsdfw.sys [2010.06.03 00:04:06 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Roaming\vlc [2010.06.03 00:03:42 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Roaming\Foxit [2010.06.03 00:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software [2010.06.03 00:03:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\F-Secure [2010.06.03 00:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAMN NFO Viewer [2010.06.03 00:01:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo [2010.06.02 23:57:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2010.06.02 23:57:37 | 000,000,000 | -HSD | C] -- C:\Boot [2010.06.02 23:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\fssg [2010.06.02 23:57:11 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Roaming\TeamViewer [2010.06.02 23:56:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer [2010.06.02 23:56:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tinypic [2010.06.02 23:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\ConeXware [2010.06.02 23:55:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickPar [2010.06.02 23:55:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerArchiver [2010.06.02 23:55:14 | 000,000,000 | ---D | C] -- C:\Programme\CommunicaEtor [2010.06.02 23:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\CommunicaEtor [2010.06.02 23:51:00 | 000,241,664 | ---- | C] (Namtuk.com) -- C:\Windows\SysWow64\MyFramePanel.ocx [2010.06.02 23:50:59 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX [2010.06.02 23:50:59 | 000,609,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ComCtl32.ocx [2010.06.02 23:50:59 | 000,245,760 | ---- | C] (LansSoft Studio) -- C:\Windows\SysWow64\aUpdateNow.ocx [2010.06.02 23:50:59 | 000,140,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX [2010.06.02 23:50:59 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinet.ocx [2010.06.02 23:50:59 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6STKIT.DLL [2010.06.02 23:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FriendBlasterPro [2010.06.02 23:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\f-secure [2010.06.02 23:45:01 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Roaming\Thunderbird [2010.06.02 23:45:01 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Local\Thunderbird [2010.06.02 23:45:01 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Roaming\Mozilla [2010.06.02 23:44:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2010.06.02 23:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MozBackup [2010.06.02 23:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2010.06.02 23:37:01 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2010.06.02 23:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink [2010.06.02 23:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2010.06.02 23:36:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2010.06.02 23:36:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2010.06.02 23:35:50 | 000,505,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll [2010.06.02 23:35:50 | 000,353,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll [2010.06.02 23:35:50 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll [2010.06.02 23:35:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink [2010.06.02 23:33:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2010.06.02 23:26:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nvidia Omega Drivers [2010.06.02 23:20:42 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Roaming\Opera [2010.06.02 23:20:42 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Local\Opera [2010.06.02 23:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2010.06.02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2010.06.02 23:16:58 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Roaming\Macromedia [2010.06.02 23:16:58 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Roaming\Adobe [2010.06.02 23:16:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2010.06.02 23:11:26 | 000,000,000 | R--D | C] -- C:\Users\Dave-RockZ\Searches [2010.06.02 23:11:19 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Roaming\Identities [2010.06.02 23:11:18 | 000,000,000 | R--D | C] -- C:\Users\Dave-RockZ\Contacts [2010.06.02 23:11:16 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Local\VirtualStore [2010.06.02 23:11:11 | 000,000,000 | --SD | C] -- C:\Users\Dave-RockZ\AppData\Roaming\Microsoft [2010.06.02 23:11:11 | 000,000,000 | R--D | C] -- C:\Users\Dave-RockZ\Videos [2010.06.02 23:11:11 | 000,000,000 | R--D | C] -- C:\Users\Dave-RockZ\Saved Games [2010.06.02 23:11:11 | 000,000,000 | R--D | C] -- C:\Users\Dave-RockZ\Pictures [2010.06.02 23:11:11 | 000,000,000 | R--D | C] -- C:\Users\Dave-RockZ\Music [2010.06.02 23:11:11 | 000,000,000 | R--D | C] -- C:\Users\Dave-RockZ\Links [2010.06.02 23:11:11 | 000,000,000 | R--D | C] -- C:\Users\Dave-RockZ\Favorites [2010.06.02 23:11:11 | 000,000,000 | R--D | C] -- C:\Users\Dave-RockZ\Downloads [2010.06.02 23:11:11 | 000,000,000 | R--D | C] -- C:\Users\Dave-RockZ\Documents [2010.06.02 23:11:11 | 000,000,000 | R--D | C] -- C:\Users\Dave-RockZ\Desktop [2010.06.02 23:11:11 | 000,000,000 | -HSD | C] -- C:\Users\Dave-RockZ\Vorlagen [2010.06.02 23:11:11 | 000,000,000 | -HSD | C] -- C:\Users\Dave-RockZ\AppData\Local\Verlauf [2010.06.02 23:11:11 | 000,000,000 | -HSD | C] -- C:\Users\Dave-RockZ\AppData\Local\Temporary Internet Files [2010.06.02 23:11:11 | 000,000,000 | -HSD | C] -- C:\Users\Dave-RockZ\Startmenü [2010.06.02 23:11:11 | 000,000,000 | -HSD | C] -- C:\Users\Dave-RockZ\SendTo [2010.06.02 23:11:11 | 000,000,000 | -HSD | C] -- C:\Users\Dave-RockZ\Recent [2010.06.02 23:11:11 | 000,000,000 | -HSD | C] -- C:\Users\Dave-RockZ\Netzwerkumgebung [2010.06.02 23:11:11 | 000,000,000 | -HSD | C] -- C:\Users\Dave-RockZ\Lokale Einstellungen [2010.06.02 23:11:11 | 000,000,000 | -HSD | C] -- C:\Users\Dave-RockZ\Documents\Eigene Videos [2010.06.02 23:11:11 | 000,000,000 | -HSD | C] -- C:\Users\Dave-RockZ\Documents\Eigene Musik [2010.06.02 23:11:11 | 000,000,000 | -HSD | C] -- C:\Users\Dave-RockZ\Eigene Dateien [2010.06.02 23:11:11 | 000,000,000 | -HSD | C] -- C:\Users\Dave-RockZ\Documents\Eigene Bilder [2010.06.02 23:11:11 | 000,000,000 | -HSD | C] -- C:\Users\Dave-RockZ\Druckumgebung [2010.06.02 23:11:11 | 000,000,000 | -HSD | C] -- C:\Users\Dave-RockZ\Cookies [2010.06.02 23:11:11 | 000,000,000 | -HSD | C] -- C:\Users\Dave-RockZ\AppData\Local\Anwendungsdaten [2010.06.02 23:11:11 | 000,000,000 | -HSD | C] -- C:\Users\Dave-RockZ\Anwendungsdaten [2010.06.02 23:11:11 | 000,000,000 | -H-D | C] -- C:\Users\Dave-RockZ\AppData [2010.06.02 23:11:11 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Local\Temp [2010.06.02 23:11:11 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Local\Microsoft [2010.06.02 23:11:11 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\AppData\Roaming\Media Center Programs [2010.06.02 23:10:59 | 000,000,000 | -HSD | C] -- C:\Recovery [2010.06.02 23:10:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2010.06.02 23:10:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2010.06.02 23:10:58 | 000,000,000 | -HSD | C] -- C:\Programme [2010.06.02 23:10:58 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien [2010.06.02 23:10:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2010.06.02 23:10:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2010.06.02 23:10:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2010.06.02 23:10:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2010.06.02 23:10:58 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2010.06.02 23:10:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2010.06.02 23:10:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop [2010.06.02 23:10:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2010.06.02 23:10:54 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010.06.02 22:59:09 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2010.06.02 22:59:04 | 000,000,000 | ---D | C] -- C:\Windows\CSC [2010.05.31 21:01:31 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\Documents\Simply Super Software [2010.05.30 15:54:44 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\Documents\Alpha Protocol [2010.05.26 21:52:56 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\Documents\GcMail [2010.05.25 18:44:55 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\Documents\microsoft [2010.05.24 13:40:05 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\Documents\MeineWebSeiten [2010.05.24 13:40:05 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\Documents\Meine Corel-Shows [2010.05.24 13:40:03 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\Documents\ICQ [2010.05.24 13:40:03 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\Documents\HP Photosmart Projects [2010.05.24 13:39:56 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\Documents\Eigene Scans [2010.05.24 13:39:55 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\Documents\Eigene PaperPort-Dokumente [2010.05.24 13:39:55 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\Documents\CyberLink [2010.05.24 13:39:46 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\Documents\Temporary Downloaded Files [2010.05.24 13:39:46 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\Documents\Adobe [2010.05.24 13:39:45 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\Documents\Outlook-Dateien [2010.05.24 13:39:45 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\Documents\OneNote-Notizbücher [2010.05.24 13:39:45 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\Documents\Notes [2010.05.24 13:39:44 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\Documents\My PSP Files [2010.05.24 13:37:58 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\Documents\Downloads [2010.05.24 13:30:52 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\Documents\DriverGenius [2010.05.24 13:01:47 | 000,000,000 | ---D | C] -- C:\Users\Dave-RockZ\Desktop\Desktop [2010.05.11 23:05:43 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2010.05.11 22:44:30 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2010.05.11 22:41:57 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2010.05.11 22:41:06 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2010.05.11 22:40:35 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll [2010.05.11 22:40:28 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll [2010.05.11 22:39:45 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2010.05.11 22:39:09 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2010.05.11 22:38:50 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2010.05.11 22:38:49 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll [2010.05.11 22:37:20 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll [2010.05.11 22:37:15 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll [2010.05.11 22:37:14 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll [2010.05.11 22:37:10 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll [2010.05.11 22:37:09 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll [2010.05.11 22:37:09 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll [2010.05.11 22:37:08 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll [2010.05.11 22:37:08 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll [2010.05.11 22:37:06 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll [2010.05.11 22:37:06 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll [2010.05.11 22:36:53 | 000,960,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2010.05.11 22:36:52 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2010.05.11 22:36:50 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2010.05.11 22:36:47 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll [2010.05.11 22:36:47 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2010.05.11 22:36:46 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2010.05.11 22:36:41 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2010.05.11 22:35:43 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2010.05.11 22:35:42 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys [2010.05.11 22:35:41 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2010.05.11 22:35:41 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll [2010.05.11 22:35:39 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2010.05.11 22:35:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2010.05.11 22:35:38 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll [2010.05.11 22:35:37 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll [2010.05.11 22:35:37 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll [2010.05.11 22:35:37 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll [2010.05.11 22:35:37 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll [2010.05.11 22:35:37 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe [2010.05.11 22:35:37 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe [2010.05.11 22:35:37 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe [2010.05.11 22:35:36 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe [2010.05.11 22:35:36 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe [2010.05.11 22:35:36 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe [2010.05.11 22:35:36 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe [2010.05.11 22:35:36 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe [2010.05.11 22:35:36 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll [2010.05.11 22:35:36 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll [2010.05.11 22:35:36 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll [2010.05.11 22:35:36 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll [2010.05.11 22:35:31 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2010.05.11 22:35:22 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2010.05.11 22:35:19 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2010.05.11 22:35:12 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2010.05.11 22:35:07 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2010.05.11 22:35:05 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe [2010.05.11 22:35:05 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2010.05.11 22:35:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2010.05.11 22:35:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2010.05.11 22:35:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2010.05.11 22:35:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2010.05.11 22:35:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2010.05.11 22:35:03 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2010.05.11 22:35:02 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2010.05.11 22:35:01 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll [2010.05.11 22:35:01 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll [2010.05.11 22:35:01 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll [2010.05.11 22:35:01 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll [2010.05.11 22:35:01 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll [2010.05.11 22:35:01 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll [2010.05.11 22:35:01 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll [2010.05.11 22:34:54 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.05.11 22:34:54 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.05.11 22:34:54 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys [2010.05.11 22:34:54 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll [2010.05.11 22:34:54 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll [2010.05.11 22:34:54 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2010.05.11 22:34:54 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2010.05.11 22:07:29 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch ========== Files - Modified Within 30 Days ========== [2010.06.03 23:08:38 | 001,310,720 | -HS- | M] () -- C:\Users\Dave-RockZ\NTUSER.DAT [2010.06.03 22:57:14 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.03 22:45:34 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\Guitar Rig 4.lnk [2010.06.03 22:15:00 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-53557663-373289401-340324060-1001UA.job [2010.06.03 21:56:52 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2010.06.03 21:56:09 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010.06.03 20:38:23 | 000,018,938 | ---- | M] () -- C:\Users\Dave-RockZ\Desktop\75530-2357-not_my_president.jpg [2010.06.03 20:33:44 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.2.lnk [2010.06.03 20:32:04 | 000,012,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.03 20:32:04 | 000,012,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.03 20:29:16 | 001,493,750 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.06.03 20:29:16 | 000,650,756 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.06.03 20:29:16 | 000,614,120 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.06.03 20:29:16 | 000,129,432 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.06.03 20:29:16 | 000,106,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.06.03 20:24:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.03 20:24:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.03 20:24:40 | 536,219,647 | -HS- | M] () -- C:\hiberfil.sys [2010.06.03 18:05:32 | 001,432,959 | -H-- | M] () -- C:\Users\Dave-RockZ\AppData\Local\IconCache.db [2010.06.03 17:55:14 | 000,057,569 | ---- | M] () -- C:\Users\Dave-RockZ\Desktop\schueler-ges.jpg [2010.06.03 16:50:05 | 000,057,944 | ---- | M] () -- C:\Users\Dave-RockZ\AppData\Local\GDIPFONTCACHEV1.DAT [2010.06.03 16:36:20 | 000,001,087 | ---- | M] () -- C:\Users\Dave-RockZ\Desktop\Trillian.lnk [2010.06.03 16:22:37 | 004,831,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.06.03 16:21:30 | 623,303,599 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.06.03 15:27:46 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\BurnAware Free.lnk [2010.06.03 15:15:00 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-53557663-373289401-340324060-1001Core.job [2010.06.03 15:13:36 | 000,002,338 | ---- | M] () -- C:\Users\Dave-RockZ\Desktop\Google Chrome.lnk [2010.06.03 15:11:19 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.06.03 15:10:00 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.06.03 15:08:34 | 000,001,246 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk [2010.06.03 14:20:42 | 000,002,089 | ---- | M] () -- C:\Users\Dave-RockZ\Desktop\HijackThis.lnk [2010.06.03 14:19:41 | 001,402,880 | ---- | M] () -- C:\Users\Dave-RockZ\Desktop\HiJackThis.msi [2010.06.03 00:41:04 | 000,047,560 | ---- | M] (F-Secure Corporation) -- C:\Windows\SysNative\drivers\fses.sys [2010.06.03 00:38:34 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk [2010.06.03 00:35:42 | 000,033,920 | ---- | M] () -- C:\Windows\SysWow64\drivers\fsbts.sys [2010.06.03 00:32:51 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\F-Secure Internet Security 2010.lnk [2010.06.03 00:31:04 | 000,524,288 | -HS- | M] () -- C:\Users\Dave-RockZ\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.06.03 00:31:04 | 000,524,288 | -HS- | M] () -- C:\Users\Dave-RockZ\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.06.03 00:31:04 | 000,065,536 | -HS- | M] () -- C:\Users\Dave-RockZ\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.06.03 00:18:39 | 000,002,248 | ---- | M] () -- C:\Users\Public\Desktop\StarMoney 7.0 Commerzbank-Edition.lnk [2010.06.03 00:07:24 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk [2010.06.03 00:04:24 | 001,516,002 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.06.03 00:03:42 | 000,001,226 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2010.06.03 00:02:13 | 000,001,197 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 2010.lnk [2010.06.02 23:58:18 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.06.02 23:57:38 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010.06.02 23:57:05 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk [2010.06.02 23:56:23 | 000,000,987 | ---- | M] () -- C:\Users\Dave-RockZ\Desktop\TinyPic.lnk [2010.06.02 23:55:56 | 000,001,964 | ---- | M] () -- C:\Users\Public\Desktop\PowerArchiver.lnk [2010.06.02 23:55:51 | 000,001,003 | ---- | M] () -- C:\Users\Dave-RockZ\Desktop\QuickPar.lnk [2010.06.02 23:51:00 | 000,001,921 | ---- | M] () -- C:\Users\Dave-RockZ\Desktop\FriendBlasterPro.lnk [2010.06.02 23:44:21 | 000,002,001 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2010.06.02 23:44:09 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk [2010.06.02 23:37:12 | 000,002,113 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 10.lnk [2010.06.02 23:36:46 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\DivX Converter.lnk [2010.06.02 23:36:46 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\DivX Player.lnk [2010.06.02 23:36:38 | 000,001,615 | ---- | M] () -- C:\Users\Dave-RockZ\Desktop\DivX Movies.lnk [2010.06.02 23:33:15 | 000,505,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll [2010.06.02 23:33:15 | 000,353,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll [2010.06.02 23:33:15 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll [2010.06.02 23:26:58 | 000,472,576 | ---- | M] () -- C:\Windows\Nvidia Omega Drivers v1.169.25 Uninstall.exe [2010.06.02 23:20:39 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2010.06.02 23:11:11 | 000,000,020 | -HS- | M] () -- C:\Users\Dave-RockZ\ntuser.ini [2010.06.02 23:02:33 | 000,000,751 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2010.06.02 23:02:33 | 000,000,751 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2010.06.02 23:00:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010.06.01 23:03:28 | 024,063,155 | ---- | M] () -- C:\Users\Dave-RockZ\Documents\[aF]Death.Note.-.04.-.Verfolgt[80A38759].mp4 [2010.05.24 20:35:04 | 000,026,624 | ---- | M] () -- C:\Users\Dave-RockZ\Documents\RockZ-Photography Konzept Intern.doc.doc [2010.05.16 18:56:44 | 000,032,256 | ---- | M] () -- C:\Users\Dave-RockZ\Documents\RockZ-Photography Konzept Intern.doc [2010.05.16 18:53:27 | 000,017,435 | ---- | M] () -- C:\Users\Dave-RockZ\Documents\RockZ-Photography Konzept Intern.docx [2010.05.16 14:42:44 | 000,012,468 | ---- | M] () -- C:\Users\Dave-RockZ\Documents\Filme-Box.xlsx ========== Files Created - No Company Name ========== [2010.06.03 22:57:14 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.03 22:45:34 | 000,001,044 | ---- | C] () -- C:\Users\Public\Desktop\Guitar Rig 4.lnk [2010.06.03 21:56:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.06.03 21:56:09 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2010.06.03 20:38:23 | 000,018,938 | ---- | C] () -- C:\Users\Dave-RockZ\Desktop\75530-2357-not_my_president.jpg [2010.06.03 20:33:44 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.2.lnk [2010.06.03 17:55:14 | 000,057,569 | ---- | C] () -- C:\Users\Dave-RockZ\Desktop\schueler-ges.jpg [2010.06.03 16:36:20 | 000,001,087 | ---- | C] () -- C:\Users\Dave-RockZ\Desktop\Trillian.lnk [2010.06.03 16:21:30 | 623,303,599 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.06.03 15:27:46 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\BurnAware Free.lnk [2010.06.03 15:13:36 | 000,002,338 | ---- | C] () -- C:\Users\Dave-RockZ\Desktop\Google Chrome.lnk [2010.06.03 15:11:19 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.06.03 15:10:53 | 000,001,138 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-53557663-373289401-340324060-1001UA.job [2010.06.03 15:10:51 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-53557663-373289401-340324060-1001Core.job [2010.06.03 15:10:00 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.06.03 14:20:42 | 000,002,089 | ---- | C] () -- C:\Users\Dave-RockZ\Desktop\HijackThis.lnk [2010.06.03 14:19:37 | 001,402,880 | ---- | C] () -- C:\Users\Dave-RockZ\Desktop\HiJackThis.msi [2010.06.03 00:38:34 | 000,002,041 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk [2010.06.03 00:32:51 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\F-Secure Internet Security 2010.lnk [2010.06.03 00:18:38 | 000,002,248 | ---- | C] () -- C:\Users\Public\Desktop\StarMoney 7.0 Commerzbank-Edition.lnk [2010.06.03 00:11:20 | 000,001,246 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk [2010.06.03 00:07:24 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk [2010.06.03 00:05:05 | 000,033,920 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys [2010.06.03 00:04:09 | 001,516,002 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.06.03 00:03:42 | 000,001,226 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2010.06.03 00:02:13 | 000,001,197 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 2010.lnk [2010.06.02 23:58:18 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.06.02 23:57:38 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2010.06.02 23:57:37 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2010.06.02 23:57:05 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk [2010.06.02 23:56:23 | 000,000,987 | ---- | C] () -- C:\Users\Dave-RockZ\Desktop\TinyPic.lnk [2010.06.02 23:55:56 | 000,001,964 | ---- | C] () -- C:\Users\Public\Desktop\PowerArchiver.lnk [2010.06.02 23:55:51 | 000,001,003 | ---- | C] () -- C:\Users\Dave-RockZ\Desktop\QuickPar.lnk [2010.06.02 23:51:00 | 000,001,921 | ---- | C] () -- C:\Users\Dave-RockZ\Desktop\FriendBlasterPro.lnk [2010.06.02 23:44:21 | 000,002,001 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2010.06.02 23:44:09 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk [2010.06.02 23:37:12 | 000,002,113 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 10.lnk [2010.06.02 23:36:46 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\DivX Converter.lnk [2010.06.02 23:36:46 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\DivX Player.lnk [2010.06.02 23:36:38 | 000,001,615 | ---- | C] () -- C:\Users\Dave-RockZ\Desktop\DivX Movies.lnk [2010.06.02 23:26:58 | 000,472,576 | ---- | C] () -- C:\Windows\Nvidia Omega Drivers v1.169.25 Uninstall.exe [2010.06.02 23:20:39 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2010.06.02 23:11:11 | 001,310,720 | -HS- | C] () -- C:\Users\Dave-RockZ\NTUSER.DAT [2010.06.02 23:11:11 | 000,524,288 | -HS- | C] () -- C:\Users\Dave-RockZ\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.06.02 23:11:11 | 000,524,288 | -HS- | C] () -- C:\Users\Dave-RockZ\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.06.02 23:11:11 | 000,262,144 | -HS- | C] () -- C:\Users\Dave-RockZ\ntuser.dat.LOG1 [2010.06.02 23:11:11 | 000,065,536 | -HS- | C] () -- C:\Users\Dave-RockZ\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.06.02 23:11:11 | 000,000,020 | -HS- | C] () -- C:\Users\Dave-RockZ\ntuser.ini [2010.06.02 23:11:11 | 000,000,000 | -HS- | C] () -- C:\Users\Dave-RockZ\ntuser.dat.LOG2 [2010.06.02 23:00:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010.06.02 22:58:37 | 536,219,647 | -HS- | C] () -- C:\hiberfil.sys [2010.06.01 23:01:59 | 024,063,155 | ---- | C] () -- C:\Users\Dave-RockZ\Documents\[aF]Death.Note.-.04.-.Verfolgt[80A38759].mp4 [2010.05.24 20:35:21 | 000,026,624 | ---- | C] () -- C:\Users\Dave-RockZ\Documents\RockZ-Photography Konzept Intern.doc.doc [2010.05.24 13:39:46 | 001,752,590 | ---- | C] () -- C:\Users\Dave-RockZ\Documents\Vorschau.pdf [2010.05.24 13:39:46 | 000,032,256 | ---- | C] () -- C:\Users\Dave-RockZ\Documents\RockZ-Photography Konzept Intern.doc [2010.05.24 13:39:46 | 000,017,435 | ---- | C] () -- C:\Users\Dave-RockZ\Documents\RockZ-Photography Konzept Intern.docx [2010.05.24 13:39:46 | 000,012,468 | ---- | C] () -- C:\Users\Dave-RockZ\Documents\Filme-Box.xlsx [2010.05.24 13:39:46 | 000,002,684 | ---- | C] () -- C:\Users\Dave-RockZ\Documents\hosts [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 20 bytes -> C:\Users\Dave-RockZ\Documents\Vorschau.pdf:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Dave-RockZ\Documents\Temporary Downloaded Files:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Dave-RockZ\Documents\RockZ-Photography Konzept Intern.docx:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Dave-RockZ\Documents\RockZ-Photography Konzept Intern.doc:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Dave-RockZ\Documents\RockZ-Photography Konzept Intern.doc.doc:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Dave-RockZ\Documents\Outlook-Dateien:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Dave-RockZ\Documents\OneNote-Notizbücher:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Dave-RockZ\Documents\Notes:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Dave-RockZ\Documents\My PSP Files:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Dave-RockZ\Documents\MeineWebSeiten:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Dave-RockZ\Documents\Meine Corel-Shows:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Dave-RockZ\Documents\ICQ:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Dave-RockZ\Documents\HP Photosmart Projects:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Dave-RockZ\Documents\hosts:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Dave-RockZ\Documents\Filme-Box.xlsx:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Dave-RockZ\Documents\Eigene Scans:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Dave-RockZ\Documents\Eigene PaperPort-Dokumente:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Dave-RockZ\Documents\DriverGenius:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Dave-RockZ\Documents\Downloads:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Dave-RockZ\Documents\CyberLink:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Dave-RockZ\Documents\Adobe:Mac_Metadata @Alternate Data Stream - 20 bytes -> C:\Users\Dave-RockZ\Desktop\Desktop:Mac_Metadata < End of report > und Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4168 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 03.06.2010 23:54:58 mbam-log-2010-06-03 (23-54-58).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|H:\|N:\|) Durchsuchte Objekte: 418255 Laufzeit: 41 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{sjh5qq24-ed6n-wb4h-svu6-010843642ux7} (Generic.Bot.H) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Cerberus (Backdoor.Trace) -> No action taken. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate (Spyware.Passwords) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Geändert von Dave-RockZ (03.06.2010 um 22:58 Uhr) |
|
04.06.2010, 08:32
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Generic.2861923 nach Neuinstallation Hast Du die Funde mit Malwarebytes entfernt?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.06.2010, 11:31
| #11 |
| | Trojan.Generic.2861923 nach Neuinstallation Malwarebytes hat soweit alles gelöscht. Nach den Neustart ist auch der autostart Eintrag weg. Bei einen erneuten Scan wird auch nichts gefunden. Ist der Trojaner nun endlich komplett weg? Vielen vielen Dank schon mal. |
|
04.06.2010, 11:42
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Generic.2861923 nach NeuinstallationZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.06.2010, 13:20
| #13 |
| | Trojan.Generic.2861923 nach Neuinstallation Von da: https://www.adobe.com/cfusion/tdrc/index.cfm?product=master_collection&promoid=EBYET |
|
04.06.2010, 14:38
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Generic.2861923 nach Neuinstallation Du hast diese Trialversion aber nicht mit einem dubiosen Tool in eine Vollversion verwandelt?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.06.2010, 16:42
| #15 |
| | Trojan.Generic.2861923 nach Neuinstallation Nein die wurde mit einen Studenten Key freigeschalten. Ich bin langsam mit meinen Nerven am Ende. immer wenn ich den Rechner nun starte dauert es sehr lange bis es beim Start die Tastatur und Maus erkennt. Ich glaube ich schmeiß bald alle Windows Rechner raus und steige nun endgültig auf Mac um. Jedenfalls scheint der Trojaner nun von mein System runter zu sein. Vielen Dank für deine Hilfe. |
|
| Themen zu Trojan.Generic.2861923 nach Neuinstallation |
| agent, askbar, autostart, bho, firewall, fsm, hijackthis, icq, internet, internet explorer, lsass.exe, micro, microsoft, neu, object, programme, security, software, spoolsv.exe, starmoney, system, system neu, system32, syswow64, trojan.generic., userinit, windows, windows media player, wmp, wurm |
Linear-Darstellung
