Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
windows 7 infiziert?

windows 7 infiziert?


Plagegeister aller Art und deren Bekämpfung: windows 7 infiziert?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.07.2010, 13:26   #1
rainboww
 
windows 7 infiziert? - Standard

windows 7 infiziert?


hallo an alle auf trojaner board

mein prob ist ist ich kann kein windows update machen-> dienst konnte nicht gestartet werden und meine windows firewall ist aktiviert funktioniert aber nicht und ich kann kein net.framework4 installieren ich weiß nicht ob mein system infiziert aber ihr konnt ja mal mein hijack profil durchschauen

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:26:14, on 06.07.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\No-IP\DUC20.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\John Braun\AppData\Local\Temp\SIT19494.tmp\setup.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\John Braun\Downloads\HiJackThis204.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.161.8.146:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
O1 - Hosts: by the corresponding host name.
O1 - Hosts: 213.202.225.47 hwid123.justfree.com
O1 - Hosts: 213.202.225.47 twkprotector.tw.ohost.de
O1 - Hosts: 213.202.225.47 twk-protector.bplaced.net
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Msdriver] C:\Windows\system32\dwin32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [HKLM] C:\Windows\system32\System32\svchost.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HKCU] C:\Windows\system32\System32\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\System32\svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\System32\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: No-IP DUC.lnk = C:\Program Files (x86)\No-IP\DUC20.exe
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\windows\mfnspstd32.dll
O10 - Unknown file in Winsock LSP: c:\windows\mfnspstd32.dll
O10 - Unknown file in Winsock LSP: c:\windows\mfnspstd32.dll
O10 - Unknown file in Winsock LSP: c:\windows\mfnspstd32.dll
O10 - Unknown file in Winsock LSP: c:\windows\mfnspstd32.dll
O10 - Unknown file in Winsock LSP: c:\windows\mfnspstd32.dll
O10 - Unknown file in Winsock LSP: c:\windows\mfnspstd32.dll
O10 - Unknown file in Winsock LSP: c:\windows\mfnspstd32.dll
O10 - Unknown file in Winsock LSP: c:\windows\mfnspstd32.dll
O10 - Unknown file in Winsock LSP: c:\windows\mfnspstd32.dll
O10 - Unknown file in Winsock LSP: c:\windows\mfnspstd32.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~3\AVP11\mzvkbd3.dll,C:\PROGRA~3\AVP11\sbhook.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe
O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe
O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
O23 - Service: Defragmentation-Service (DfSdkS) - Unknown owner - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HTTP Debugger (HTTPDebugger) - Unknown owner - C:\Program Files (x86)\HTTP Debugger Pro\mfnsvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Unsigned Themes (UnsignedThemes) - The Within Network, LLC - C:\Windows\UnsignedThemesSvc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11512 bytes
--- --- ---
Alt 06.07.2010, 13:52   #2
Breedfight
 
windows 7 infiziert? - Standard

windows 7 infiziert?


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.161.8.146:8080


R3 - URLSearchHook: (no name) - - (no file)

O1 - Hosts: 213.202.225.47 hwid123.justfree.com

O1 - Hosts: by the corresponding host name.

O1 - Hosts: 213.202.225.47 twkprotector.tw.ohost.de

O1 - Hosts: 213.202.225.47 twk-protector.bplaced.net

O4 - HKLM\..\Run: [Msdriver] C:\Windows\system32\dwin32.exe

O4 - HKLM\..\Run: [HKLM] C:\Windows\system32\System32\svchost.exe

O4 - HKCU\..\Run: [HKCU] C:\Windows\system32\System32\svchost.exe

O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\System32\svchost.exe

O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\System32\svchost.exe

Diese solltest du löschen



















O10 - Unknown file in Winsock LSP: c:\windows\mfnspstd32.dll

Prüf deine Festplatte mit Spybot S&D von Kolla.de oder LSPFix von Cexx.org! Diese Einträge sollten nicht manuell gelöscht werden! (Gibt ja mehrere davon)







Desweiteren wäre es sinvoll zu wissen, ob du schon möglicherweise infizierte software oder so runtergeladen hast und mach einen viren check
__________________
Alt 06.07.2010, 14:04   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
windows 7 infiziert? - Standard

windows 7 infiziert?


Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
__________________
Alt 06.07.2010, 18:18   #4
rainboww
 
windows 7 infiziert? - Standard

windows 7 infiziert?


hier ist einmal das Malwarebytes logfile

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4260

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

06.07.2010 15:57:53
mbam-log-2010-07-06 (15-57-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 302258
Laufzeit: 55 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien:

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Windows\System32\System32 (Trojan.Agent) -> No action taken.
und das OLT logfile

Code:
ATTFilter
OTL logfile created on: 06.07.2010 19:01:19 - Run 1
OTL by OldTimer - Version 3.2.7.1     Folder = C:\Users\John Braun\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488,18 Gb Total Space | 215,93 Gb Free Space | 44,23% Space Free | Partition Type: NTFS
Drive D: | 488,28 Gb Total Space | 488,14 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JOHNBRAUN-PC
Current User Name: John Braun
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\John Braun\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\No-IP\DUC20.exe (Vitalwerks LLC)
PRC - C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe (ESET)
PRC - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe ()
PRC - C:\Program Files (x86)\Microsoft Virtual PC\Virtual PC.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\John Braun\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Xfire\xfire_toucan_42784.dll (Xfire Inc.)
MOD - C:\Windows\SysWOW64\Msvcr71.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wsock32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (nHancer) -- C:\Program Files\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering)
SRV:64bit: - (CaretakerProxy) -- C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe (SurfRight B.V.)
SRV:64bit: - (CaretakerAntispam) -- C:\Program Files\SurfRight\Caretaker\AntispamService.exe (SurfRight B.V.)
SRV:64bit: - (CaretakerUpdate) -- C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe (SurfRight B.V.)
SRV:64bit: - (CaretakerSvc) -- C:\Program Files\SurfRight\Caretaker\CaretakerService.exe (SurfRight B.V.)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (sdCoreService) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (UnsignedThemes) -- C:\Windows\UnsignedThemesSvc.exe (The Within Network, LLC)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (uxpatch) -- C:\Windows\SysNative\drivers\uxpatch.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (ctredr15.sys) -- C:\Windows\SysNative\drivers\ctredr15.sys (SurfRight B.V.)
DRV:64bit: - (vmm) -- C:\Windows\SysNative\Treiber\VMM.sys (Microsoft Corporation)
DRV:64bit: - (VPCNetS2) -- C:\Windows\SysNative\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
 
FF - HKLM\software\mozilla\Minefield 3.7a6pre\extensions\\Components: C:\Program Files (x86)\Minefield\components [2010.06.23 20:24:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Minefield 3.7a6pre\extensions\\Plugins: C:\Program Files (x86)\Minefield\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.06.28 02:52:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.04 16:31:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010.07.01 12:16:29 | 000,000,000 | ---D | M]
 
[2010.05.02 09:02:43 | 000,000,000 | ---D | M] -- C:\Users\John Braun\AppData\Roaming\mozilla\Extensions
[2010.07.06 14:43:50 | 000,000,000 | ---D | M] -- C:\Users\John Braun\AppData\Roaming\mozilla\Firefox\Profiles\u77nyryq.default\extensions
[2010.05.02 09:10:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\John Braun\AppData\Roaming\mozilla\Firefox\Profiles\u77nyryq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.25 13:44:46 | 000,000,000 | ---D | M] -- C:\Users\John Braun\AppData\Roaming\mozilla\Firefox\Profiles\u77nyryq.default\extensions\personas@christopher.beard
[2010.06.30 09:43:08 | 000,001,056 | ---- | M] () -- C:\Users\John Braun\AppData\Roaming\Mozilla\FireFox\Profiles\u77nyryq.default\searchplugins\icqplugin.xml
[2010.07.06 14:43:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.06.03 19:12:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.07.01 13:09:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010.06.30 19:45:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2010.06.03 19:11:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.06 15:34:35 | 000,001,275 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 0.0.0.0       scanner.virus.org
O1 - Hosts: 0.0.0.0       hackforums.net
O1 - Hosts: 0.0.0.0       www.scanner.virus.org
O1 - Hosts: 0.0.0.0       www.virusscan.jotti.org
O1 - Hosts: 0.0.0.0       www.hackforums.net
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 adobe.com
O1 - Hosts: 127.0.0.1 2o7.net
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [CaretakerNotifier] C:\Programme\SurfRight\Caretaker\Notifier.exe (SurfRight B.V.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\John Braun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\No-IP DUC.lnk = C:\Program Files (x86)\No-IP\DUC20.exe (Vitalwerks LLC)
O4 - Startup: C:\Users\John Braun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~3\AVP11\mzvkbd3.dll) - C:\ProgramData\AVP11\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~3\AVP11\sbhook.dll) - C:\ProgramData\AVP11\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{8617d6dc-578b-11df-9890-002618ac37ec}\Shell - "" = AutoRun
O33 - MountPoints2\{8617d6dc-578b-11df-9890-002618ac37ec}\Shell\AutoRun\command - "" = P:\setup.exe -- File not found
O33 - MountPoints2\{c03bdc32-55c9-11df-9aa4-002618ac37ec}\Shell - "" = AutoRun
O33 - MountPoints2\{c03bdc32-55c9-11df-9aa4-002618ac37ec}\Shell\AutoRun\command - "" = O:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.06 18:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010.07.06 16:42:13 | 005,615,104 | ---- | C] (Cyber-Sec) -- C:\Users\John Braun\Desktop\Cyber-Sec Crypter.exe
[2010.07.06 15:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.07.06 15:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.07.05 21:09:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JSD
[2010.07.05 16:51:45 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Local\Fallout3
[2010.07.04 21:26:05 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\Usenext_Creator_by_moepOmat
[2010.07.04 20:59:33 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\UseNeXT_Pack
[2010.07.04 20:51:14 | 000,906,240 | ---- | C] (Blizzard) -- C:\Users\John Braun\Desktop\WOW GameCard Generator.exe
[2010.07.04 20:31:13 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\ScanCrypt
[2010.07.04 20:28:37 | 000,000,000 | R--D | C] -- C:\Users\John Braun\Documents\Scanned Documents
[2010.07.04 20:28:36 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Documents\Fax
[2010.07.04 19:55:16 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\downloader+usg
[2010.07.04 19:40:14 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\Tool Store Keylogger 0.5.1
[2010.07.04 18:07:12 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\Trial Account Creator Lite 1.1
[2010.07.04 17:24:40 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\Twinkle_Crypt_-_CRACKED
[2010.07.04 17:08:36 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\M_RU_Crypter_-_CRACKED
[2010.07.04 16:55:08 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\twinkle_public_v1.2
[2010.07.01 15:13:21 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\IMP2010
[2010.07.01 14:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Parallel Password Recovery
[2010.07.01 14:49:20 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\crark33
[2010.07.01 14:24:46 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\igrargpu_v05
[2010.07.01 12:15:56 | 000,560,216 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010.06.30 20:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2010.06.30 16:21:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\AVP11
[2010.06.30 16:18:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2010.06.30 09:32:47 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2010.06.30 09:24:30 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Roaming\Malwarebytes
[2010.06.30 09:24:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.06.30 09:24:25 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.06.30 09:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.06.30 09:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.28 19:42:33 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Local\TechSmith
[2010.06.28 19:42:22 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Documents\Camtasia Studio
[2010.06.28 19:04:28 | 000,411,480 | ---- | C] (TechSmith Corporation) -- C:\Windows\SysWow64\tsccvid.dll
[2010.06.28 19:04:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2010.06.28 19:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010.06.28 19:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.06.28 19:03:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2010.06.28 19:03:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2010.06.28 03:04:31 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2010.06.28 03:04:31 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2010.06.28 03:04:31 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2010.06.28 03:04:31 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2010.06.28 03:04:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2010.06.28 03:04:20 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2010.06.28 03:04:19 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010.06.28 03:04:19 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2010.06.28 03:04:19 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2010.06.28 03:04:19 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2010.06.28 03:04:19 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax
[2010.06.28 03:04:19 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2010.06.28 03:04:19 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2010.06.28 03:04:19 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2010.06.28 03:04:19 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2010.06.28 03:04:19 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2010.06.28 03:04:19 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2010.06.28 03:04:19 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2010.06.28 03:04:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2010.06.27 20:30:37 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\Schwarze_Sonne_RAT_1.0
[2010.06.25 21:19:05 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.06.25 17:53:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winrar
[2010.06.25 17:47:35 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Documents\UseNeXT
[2010.06.25 17:47:35 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Roaming\UseNeXT
[2010.06.25 17:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UseNeXT
[2010.06.25 17:42:54 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Roaming\REM
[2010.06.25 17:23:46 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Local\LogMeIn Hamachi
[2010.06.25 17:18:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2010.06.25 14:24:54 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Documents\BioWare
[2010.06.25 14:11:29 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Local\Logitech
[2010.06.25 14:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010.06.25 14:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2010.06.25 14:10:50 | 000,000,000 | ---D | C] -- C:\Programme\Logitech
[2010.06.25 14:07:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010.06.25 14:07:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2010.06.25 13:50:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mass Effect
[2010.06.24 22:42:12 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Documents\Web Page Maker
[2010.06.24 22:42:12 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Roaming\Web Page Maker
[2010.06.24 22:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Web Page Maker
[2010.06.24 11:48:49 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Documents\Eigene virtuelle Computer
[2010.06.23 20:22:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Minefield
[2010.06.23 18:52:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Treiber
[2010.06.23 18:52:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Virtual PC
[2010.06.23 18:35:02 | 000,000,000 | ---D | C] -- C:\Users\John Braun\.VirtualBox
[2010.06.23 18:25:13 | 000,000,000 | ---D | C] -- C:\Programme\Oracle
[2010.06.23 18:24:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010.06.23 17:47:12 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Roaming\FileZilla
[2010.06.23 17:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2010.06.23 17:21:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2010.06.23 17:20:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cain
[2010.06.22 20:15:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebClicker
[2010.06.22 16:28:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExeIco
[2010.06.22 16:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\123IconHunter
[2010.06.22 13:43:31 | 000,000,000 | ---D | C] -- C:\Programme\SurfRight
[2010.06.22 13:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SurfRight
[2010.06.21 20:28:08 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Roaming\Chilirec
[2010.06.21 20:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Chilirec
[2010.06.21 15:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GiliSoft
[2010.06.20 18:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HyCam2
[2010.06.18 12:12:19 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Roaming\install
[2010.06.17 19:29:08 | 000,000,000 | ---D | C] -- C:\test
[2010.06.17 18:51:34 | 000,000,000 | ---D | C] -- C:\directory
[2010.06.17 17:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio
[2010.06.16 18:15:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\No-IP
[2010.06.14 20:11:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010.06.14 20:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010.06.13 20:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Visual Basic 6.0 Runtime&Steuerelemente
[2010.06.13 20:28:27 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010.06.13 20:28:26 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2010.06.13 20:20:59 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pskill.exe
[2010.06.13 20:20:54 | 000,271,872 | ---- | C] (The UPX Team hxxp://upx.sf.net) -- C:\Windows\SysWow64\upx.exe
[2010.06.13 20:19:11 | 000,000,000 | ---D | C] -- C:\Windows\vbSkinner
[2010.06.13 20:18:38 | 001,077,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2010.06.13 20:18:38 | 000,209,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TABCTL32.OCX
[2010.06.13 20:18:38 | 000,198,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MCI32.OCX
[2010.06.13 20:18:38 | 000,140,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ComDlg32.OCX
[2010.06.13 20:18:38 | 000,115,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSINET.OCX
[2010.06.13 20:18:37 | 000,412,672 | ---- | C] (JB) -- C:\Windows\SysWow64\vbskpro.ocx
[2010.06.13 20:18:37 | 000,108,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSWINSCK.OCX
[2010.06.13 17:21:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NoVirusThanks
[2010.06.13 17:06:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ACProtect
[2010.06.13 17:04:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\svchost
[2010.06.12 02:49:10 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.06.12 02:49:10 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010.06.12 02:49:10 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010.06.12 02:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010.06.12 02:49:07 | 000,000,000 | ---D | C] -- C:\Programme\Hitman Pro 3.5
[2010.06.12 02:48:37 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010.06.12 02:48:37 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010.06.12 02:48:34 | 000,233,488 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010.06.12 02:48:30 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010.06.12 02:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010.06.12 02:48:23 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Roaming\PC Tools
[2010.06.12 02:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.06.12 02:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010.06.12 00:10:32 | 000,313,344 | ---- | C] (Emblem) -- C:\Users\John Braun\AppData\Roaming\Emblem_Crypter.exe
[2010.06.11 22:13:58 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.06.11 22:13:58 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.06.11 22:13:58 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.06.11 22:13:58 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.06.09 16:12:56 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Roaming\Cerberus
[2010.06.08 16:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy Crypter 2010
[2010.06.08 13:24:58 | 000,144,656 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
[2010.06.08 13:24:54 | 000,318,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNotify.dll
[2010.06.07 19:16:52 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Roaming\bizarre creations
[2010.06.07 17:28:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2010.06.07 17:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.06.07 17:11:22 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Roaming\ICQ
[2010.06.07 17:11:20 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Local\AOL
[2010.06.07 17:11:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.2
[2010.06.06 20:24:29 | 000,000,000 | RHSD | C] -- C:\Windows\Cerberus
[2010.06.06 20:00:10 | 016,800,040 | ---- | C] (Smart PC Solutions                                          ) -- C:\Windows\SysWow64\startupbooster24.exe
[2010.06.06 19:20:11 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010.06.06 19:20:11 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010.06.06 19:20:11 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010.06.06 19:20:11 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010.06.06 19:20:11 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010.06.06 19:20:11 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010.06.06 19:20:11 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010.06.06 19:20:11 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010.06.06 19:12:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.06 19:03:08 | 002,359,296 | ---- | M] () -- C:\Users\John Braun\ntuser.dat
[2010.07.06 16:44:31 | 000,018,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.06 16:44:31 | 000,018,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.06 16:42:27 | 005,615,104 | ---- | M] (Cyber-Sec) -- C:\Users\John Braun\Desktop\Cyber-Sec Crypter.exe
[2010.07.06 16:39:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.06 16:39:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.06 16:39:06 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.06 16:32:21 | 001,940,857 | ---- | M] () -- C:\Users\John Braun\Desktop\twinkle_public_v1.2.rar
[2010.07.06 16:17:31 | 000,000,022 | ---- | M] () -- C:\Users\John Braun\Desktop\CyberGate v1.04.8.zip
[2010.07.06 16:06:48 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.07.06 16:06:48 | 000,645,304 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.07.06 16:06:48 | 000,607,666 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.07.06 16:06:48 | 000,126,904 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.07.06 16:06:48 | 000,104,044 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.07.06 15:59:22 | 002,540,538 | -H-- | M] () -- C:\Users\John Braun\AppData\Local\IconCache.db
[2010.07.06 15:34:35 | 000,001,344 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100706-153435.backup
[2010.07.06 15:34:35 | 000,001,275 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.07.06 15:05:50 | 000,001,278 | ---- | M] () -- C:\Users\John Braun\Desktop\Spybot - Search & Destroy.lnk
[2010.07.05 22:10:26 | 000,001,139 | ---- | M] () -- C:\Users\John Braun\Desktop\Microsoft Visual Basic 2010 Express installieren.lnk
[2010.07.05 20:43:41 | 000,002,041 | ---- | M] () -- C:\Users\John Braun\Desktop\Adobe Photoshop CS4 (64 Bit).lnk
[2010.07.05 20:31:26 | 000,019,016 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010.07.05 16:15:19 | 000,121,727 | ---- | M] () -- C:\Users\John Braun\Desktop\gh.jpg
[2010.07.05 14:59:01 | 000,045,229 | ---- | M] () -- C:\Users\John Braun\Desktop\EMO Girls 131_07.jpg
[2010.07.05 14:57:43 | 000,055,353 | ---- | M] () -- C:\Users\John Braun\Desktop\EMO Girls 136_09.jpg
[2010.07.04 21:25:48 | 000,548,309 | ---- | M] () -- C:\Users\John Braun\Desktop\Usenext_Creator_by_moepOmat.rar
[2010.07.04 20:51:59 | 007,253,380 | ---- | M] () -- C:\Users\John Braun\Desktop\UseNeXT_Pack.rar
[2010.07.04 20:51:18 | 000,906,240 | ---- | M] (Blizzard) -- C:\Users\John Braun\Desktop\WOW GameCard Generator.exe
[2010.07.04 20:29:51 | 002,293,456 | ---- | M] () -- C:\Users\John Braun\Desktop\ScanCrypt.rar
[2010.07.04 19:42:34 | 000,456,172 | ---- | M] () -- C:\Users\John Braun\Desktop\downloader+usg.rar
[2010.07.04 18:32:14 | 001,373,237 | ---- | M] () -- C:\Users\John Braun\Desktop\Tool Store Keylogger 0.5.1.rar
[2010.07.04 18:07:00 | 002,363,812 | ---- | M] () -- C:\Users\John Braun\Desktop\Trial Account Creator Lite 1.1.zip
[2010.07.04 17:16:12 | 003,536,354 | ---- | M] () -- C:\Users\John Braun\Desktop\Twinkle_Crypt_-_CRACKED.rar
[2010.07.04 17:07:39 | 003,392,147 | ---- | M] () -- C:\Users\John Braun\Desktop\M_RU_Crypter_-_CRACKED.rar
[2010.07.04 16:31:14 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.07.01 15:12:53 | 085,584,584 | ---- | M] () -- C:\Users\John Braun\Desktop\IMP2010.rar
[2010.07.01 14:50:21 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Parallel Password Recovery Manager.lnk
[2010.07.01 14:50:21 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\Password Definition Master.lnk
[2010.07.01 14:24:31 | 000,323,000 | ---- | M] () -- C:\Users\John Braun\Desktop\igrargpu_v05.zip
[2010.07.01 12:17:30 | 000,149,773 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010.07.01 12:17:30 | 000,106,765 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010.07.01 12:15:56 | 000,560,216 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010.07.01 12:10:58 | 000,524,288 | -HS- | M] () -- C:\Users\John Braun\ntuser.dat{e6ff50d1-84f8-11df-b16f-002618ac37ec}.TMContainer00000000000000000002.regtrans-ms
[2010.07.01 12:10:58 | 000,524,288 | -HS- | M] () -- C:\Users\John Braun\ntuser.dat{e6ff50d1-84f8-11df-b16f-002618ac37ec}.TMContainer00000000000000000001.regtrans-ms
[2010.07.01 12:10:58 | 000,065,536 | -HS- | M] () -- C:\Users\John Braun\ntuser.dat{e6ff50d1-84f8-11df-b16f-002618ac37ec}.TM.blf
[2010.06.30 19:58:29 | 003,708,512 | ---- | M] () -- C:\Users\John Braun\Desktop\crack.zip
[2010.06.30 09:32:47 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2010.06.30 09:24:28 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.29 20:52:10 | 000,005,632 | ---- | M] () -- C:\Users\John Braun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.28 19:48:01 | 099,616,814 | ---- | M] () -- C:\Users\John Braun\Documents\Aufnahme-1.avi
[2010.06.28 02:46:30 | 121,180,364 | ---- | M] () -- C:\Users\John Braun\Documents\clip0004.avi
[2010.06.28 02:43:43 | 067,529,446 | ---- | M] () -- C:\Users\John Braun\Documents\clip0003.avi
[2010.06.28 02:21:59 | 000,009,662 | ---- | M] () -- C:\Windows\SysWow64\WoW_Cata_Beta_keygen.exe#32512.ico
[2010.06.25 21:22:29 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010.06.25 21:18:59 | 278,203,761 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.06.25 16:46:37 | 000,644,517 | ---- | M] () -- C:\Users\John Braun\Desktop\mixed girl wallpaper.jpg
[2010.06.25 14:11:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSBW_01_00_00.Wdf
[2010.06.25 14:11:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
[2010.06.23 13:51:41 | 000,524,288 | -HS- | M] () -- C:\Users\John Braun\NTUSER.DAT{ca263a64-7df1-11df-9ac0-002618ac37ec}.TMContainer00000000000000000002.regtrans-ms
[2010.06.23 13:51:41 | 000,524,288 | -HS- | M] () -- C:\Users\John Braun\NTUSER.DAT{ca263a64-7df1-11df-9ac0-002618ac37ec}.TMContainer00000000000000000001.regtrans-ms
[2010.06.23 13:51:41 | 000,065,536 | -HS- | M] () -- C:\Users\John Braun\NTUSER.DAT{ca263a64-7df1-11df-9ac0-002618ac37ec}.TM.blf
[2010.06.22 16:28:35 | 000,000,022 | ---- | M] () -- C:\Windows\SysWow64\mseixml.sei
[2010.06.22 16:28:35 | 000,000,022 | ---- | M] () -- C:\Windows\mseixml.sei
[2010.06.22 16:28:35 | 000,000,002 | ---- | M] () -- C:\Users\John Braun\Documents\eisavedicon.bmp
[2010.06.22 13:33:10 | 004,861,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.06.21 12:44:08 | 025,237,620 | ---- | M] () -- C:\Users\John Braun\Documents\clip0002.avi
[2010.06.20 21:46:12 | 000,313,344 | ---- | M] (Emblem) -- C:\Users\John Braun\AppData\Roaming\Emblem_Crypter.exe
[2010.06.20 18:54:22 | 018,481,424 | ---- | M] () -- C:\Users\John Braun\Documents\clip0001.avi
[2010.06.20 16:26:03 | 000,000,965 | ---- | M] () -- C:\Users\John Braun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\No-IP DUC.lnk
[2010.06.20 16:24:43 | 000,062,952 | ---- | M] () -- C:\Users\John Braun\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.15 13:47:36 | 000,125,952 | ---- | M] () -- C:\Users\John Braun\Desktop\WoW_Cata_Beta_keygen.exe
[2010.06.14 20:11:01 | 000,000,020 | ---- | M] () -- C:\Windows\hô¨
[2010.06.13 21:04:50 | 000,000,099 | ---- | M] () -- C:\Windows\SysWow64\lncom.exe.bat
[2010.06.13 20:34:33 | 000,087,600 | ---- | M] () -- C:\Windows\comp.wav
[2010.06.13 20:34:33 | 000,032,304 | ---- | M] () -- C:\Windows\broke.wav
[2010.06.13 20:34:32 | 000,235,056 | ---- | M] () -- C:\Windows\Discon.wav
[2010.06.13 20:34:32 | 000,068,016 | ---- | M] () -- C:\Windows\Growl.wav
[2010.06.13 20:34:31 | 002,014,348 | ---- | M] () -- C:\Windows\op.wav
[2010.06.13 20:31:51 | 000,000,124 | ---- | M] () -- C:\Windows\remove.bat
[2010.06.13 20:28:27 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010.06.13 20:28:26 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2010.06.13 20:25:29 | 000,586,232 | ---- | M] () -- C:\Users\John Braun\Documents\Config.Cerberus
[2010.06.13 20:22:13 | 000,412,672 | ---- | M] (JB) -- C:\Windows\SysWow64\vbskpro.ocx
[2010.06.13 20:20:59 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pskill.exe
[2010.06.13 20:20:54 | 000,271,872 | ---- | M] (The UPX Team hxxp://upx.sf.net) -- C:\Windows\SysWow64\upx.exe
[2010.06.13 20:18:38 | 001,077,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2010.06.13 20:18:38 | 000,209,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\TABCTL32.OCX
[2010.06.13 20:18:38 | 000,198,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MCI32.OCX
[2010.06.13 20:18:38 | 000,140,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ComDlg32.OCX
[2010.06.13 20:18:38 | 000,115,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSINET.OCX
[2010.06.13 20:18:37 | 000,108,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSWINSCK.OCX
[2010.06.13 15:15:09 | 000,035,592 | ---- | M] () -- C:\Users\John Braun\AppData\Roaming\SQLite3.dll
[2010.06.08 13:24:58 | 000,144,656 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
[2010.06.08 13:24:54 | 000,318,992 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNotify.dll
[2010.06.06 20:00:10 | 016,800,040 | ---- | M] (Smart PC Solutions                                          ) -- C:\Windows\SysWow64\startupbooster24.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.06 15:32:30 | 000,000,022 | ---- | C] () -- C:\Users\John Braun\Desktop\CyberGate v1.04.8.zip
[2010.07.06 15:05:50 | 000,001,278 | ---- | C] () -- C:\Users\John Braun\Desktop\Spybot - Search & Destroy.lnk
[2010.07.05 21:48:40 | 000,001,139 | ---- | C] () -- C:\Users\John Braun\Desktop\Microsoft Visual Basic 2010 Express installieren.lnk
[2010.07.05 16:15:17 | 000,121,727 | ---- | C] () -- C:\Users\John Braun\Desktop\gh.jpg
[2010.07.05 14:59:00 | 000,045,229 | ---- | C] () -- C:\Users\John Braun\Desktop\EMO Girls 131_07.jpg
[2010.07.05 14:57:42 | 000,055,353 | ---- | C] () -- C:\Users\John Braun\Desktop\EMO Girls 136_09.jpg
[2010.07.04 21:25:48 | 000,548,309 | ---- | C] () -- C:\Users\John Braun\Desktop\Usenext_Creator_by_moepOmat.rar
[2010.07.04 20:51:04 | 007,253,380 | ---- | C] () -- C:\Users\John Braun\Desktop\UseNeXT_Pack.rar
[2010.07.04 20:29:35 | 002,293,456 | ---- | C] () -- C:\Users\John Braun\Desktop\ScanCrypt.rar
[2010.07.04 19:42:33 | 000,456,172 | ---- | C] () -- C:\Users\John Braun\Desktop\downloader+usg.rar
[2010.07.04 19:40:09 | 001,373,237 | ---- | C] () -- C:\Users\John Braun\Desktop\Tool Store Keylogger 0.5.1.rar
[2010.07.04 18:06:55 | 002,363,812 | ---- | C] () -- C:\Users\John Braun\Desktop\Trial Account Creator Lite 1.1.zip
[2010.07.04 17:16:05 | 003,536,354 | ---- | C] () -- C:\Users\John Braun\Desktop\Twinkle_Crypt_-_CRACKED.rar
[2010.07.04 17:07:29 | 003,392,147 | ---- | C] () -- C:\Users\John Braun\Desktop\M_RU_Crypter_-_CRACKED.rar
[2010.07.04 16:54:46 | 001,940,857 | ---- | C] () -- C:\Users\John Braun\Desktop\twinkle_public_v1.2.rar
[2010.07.04 16:31:14 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.07.01 15:01:48 | 085,584,584 | ---- | C] () -- C:\Users\John Braun\Desktop\IMP2010.rar
[2010.07.01 14:50:21 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Parallel Password Recovery Manager.lnk
[2010.07.01 14:50:21 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\Password Definition Master.lnk
[2010.07.01 14:24:15 | 000,323,000 | ---- | C] () -- C:\Users\John Braun\Desktop\igrargpu_v05.zip
[2010.07.01 12:17:30 | 000,149,773 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2010.07.01 12:17:30 | 000,106,765 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2010.07.01 12:10:58 | 000,524,288 | -HS- | C] () -- C:\Users\John Braun\ntuser.dat{e6ff50d1-84f8-11df-b16f-002618ac37ec}.TMContainer00000000000000000002.regtrans-ms
[2010.07.01 12:10:58 | 000,524,288 | -HS- | C] () -- C:\Users\John Braun\ntuser.dat{e6ff50d1-84f8-11df-b16f-002618ac37ec}.TMContainer00000000000000000001.regtrans-ms
[2010.07.01 12:10:58 | 000,065,536 | -HS- | C] () -- C:\Users\John Braun\ntuser.dat{e6ff50d1-84f8-11df-b16f-002618ac37ec}.TM.blf
[2010.06.30 09:24:28 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.28 19:48:49 | 099,616,814 | ---- | C] () -- C:\Users\John Braun\Documents\Aufnahme-1.avi
[2010.06.28 19:48:03 | 000,005,632 | ---- | C] () -- C:\Users\John Braun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.28 03:04:31 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.06.28 03:04:19 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2010.06.28 03:04:19 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2010.06.28 03:04:19 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2010.06.28 03:04:19 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2010.06.28 03:04:19 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2010.06.28 03:04:19 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2010.06.28 03:04:19 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2010.06.28 03:04:19 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2010.06.28 02:46:01 | 121,180,364 | ---- | C] () -- C:\Users\John Braun\Documents\clip0004.avi
[2010.06.28 02:43:24 | 067,529,446 | ---- | C] () -- C:\Users\John Braun\Documents\clip0003.avi
[2010.06.28 02:40:47 | 000,125,952 | ---- | C] () -- C:\Users\John Braun\Desktop\WoW_Cata_Beta_keygen.exe
[2010.06.28 02:21:59 | 000,009,662 | ---- | C] () -- C:\Windows\SysWow64\WoW_Cata_Beta_keygen.exe#32512.ico
[2010.06.25 21:22:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.06.25 21:18:59 | 278,203,761 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.06.25 18:04:40 | 003,708,512 | ---- | C] () -- C:\Users\John Braun\Desktop\crack.zip
[2010.06.25 14:11:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSBW_01_00_00.Wdf
[2010.06.25 14:11:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
[2010.06.25 08:31:53 | 000,644,517 | ---- | C] () -- C:\Users\John Braun\Desktop\mixed girl wallpaper.jpg
[2010.06.23 13:51:41 | 000,524,288 | -HS- | C] () -- C:\Users\John Braun\NTUSER.DAT{ca263a64-7df1-11df-9ac0-002618ac37ec}.TMContainer00000000000000000002.regtrans-ms
[2010.06.23 13:51:41 | 000,524,288 | -HS- | C] () -- C:\Users\John Braun\NTUSER.DAT{ca263a64-7df1-11df-9ac0-002618ac37ec}.TMContainer00000000000000000001.regtrans-ms
[2010.06.23 13:51:41 | 000,065,536 | -HS- | C] () -- C:\Users\John Braun\NTUSER.DAT{ca263a64-7df1-11df-9ac0-002618ac37ec}.TM.blf
[2010.06.22 16:28:35 | 000,000,022 | ---- | C] () -- C:\Windows\SysWow64\mseixml.sei
[2010.06.22 16:28:35 | 000,000,022 | ---- | C] () -- C:\Windows\mseixml.sei
[2010.06.22 16:28:35 | 000,000,002 | ---- | C] () -- C:\Users\John Braun\Documents\eisavedicon.bmp
[2010.06.21 12:43:09 | 025,237,620 | ---- | C] () -- C:\Users\John Braun\Documents\clip0002.avi
[2010.06.20 18:51:37 | 018,481,424 | ---- | C] () -- C:\Users\John Braun\Documents\clip0001.avi
[2010.06.17 18:50:17 | 000,000,965 | ---- | C] () -- C:\Users\John Braun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\No-IP DUC.lnk
[2010.06.14 20:11:01 | 000,000,020 | ---- | C] () -- C:\Windows\hô¨
[2010.06.13 21:04:50 | 000,000,099 | ---- | C] () -- C:\Windows\SysWow64\lncom.exe.bat
[2010.06.13 20:31:45 | 000,000,124 | ---- | C] () -- C:\Windows\remove.bat
[2010.06.13 20:18:38 | 000,235,056 | ---- | C] () -- C:\Windows\Discon.wav
[2010.06.13 20:18:38 | 000,087,600 | ---- | C] () -- C:\Windows\comp.wav
[2010.06.13 20:18:38 | 000,068,016 | ---- | C] () -- C:\Windows\Growl.wav
[2010.06.13 20:18:38 | 000,032,304 | ---- | C] () -- C:\Windows\broke.wav
[2010.06.13 20:18:37 | 002,014,348 | ---- | C] () -- C:\Windows\op.wav
[2010.06.13 15:15:09 | 000,035,592 | ---- | C] () -- C:\Users\John Braun\AppData\Roaming\SQLite3.dll
[2010.06.12 03:03:40 | 000,019,016 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010.06.12 02:49:10 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010.06.12 02:49:10 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.06.12 02:49:10 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010.06.12 02:49:10 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010.06.12 02:49:10 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010.06.12 02:48:37 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010.06.12 02:48:34 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010.06.12 02:48:30 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010.06.12 00:16:10 | 000,586,232 | ---- | C] () -- C:\Users\John Braun\Documents\Config.Cerberus
[2010.05.28 02:09:00 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.05.21 14:27:55 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2010.05.12 18:55:01 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll
[2010.05.06 15:08:13 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll
[2010.05.06 15:08:12 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\harmony.dll
[2010.05.02 12:55:53 | 000,102,912 | ---- | C] () -- C:\Windows\SysWow64\xlive_d.dll
[2010.05.02 08:44:58 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.05.02 08:44:58 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.05.02 08:44:54 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010.05.02 08:44:54 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010.05.02 08:42:02 | 000,026,787 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010.05.02 08:41:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.05.02 08:41:40 | 000,020,736 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.08.16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.05.29 15:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.05.29 15:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.04.02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2002.07.31 22:32:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2002.07.31 22:32:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\iacenc.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:CC2DDA0D
< End of report >

Alt 06.07.2010, 19:25   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
windows 7 infiziert? - Standard

windows 7 infiziert?


Hast Du die Funde mit Malwarebytes auch entfernt?
Wurde Dein PC schon zuvor mit Malwarebytes mal gescannt? Wenn ja, bitte auch alle alten Logfiles posten!

Wie dem auch denn...

Zitat:
Datenbank Version: 4260
Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und den Vollscan wiederholen. Und auch alle etwaigen Funde entfernen lassen.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.07.2010, 20:42   #6
rainboww
 
windows 7 infiziert? - Standard

windows 7 infiziert?


hier ist nochmal das Malwarebytes logfile

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4303

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11.07.2010 21:38:53
mbam-log-2010-07-11 (21-38-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 303664
Laufzeit: 58 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 12.07.2010, 10:05   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
windows 7 infiziert? - Ausrufezeichen

windows 7 infiziert?


Zitat:
[2010.06.28 02:40:47 | 000,125,952 | ---- | C] () -- C:\Users\***\Desktop\WoW_Cata_Beta_keygen.exe
[2010.06.28 02:21:59 | 000,009,662 | ---- | C] () -- C:\Windows\SysWow64\WoW_Cata_Beta_keygen.exe#32512.ico
Sry, aber hier endet der Support.

Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu windows 7 infiziert?
adobe, avp, avp.exe, bho, browser, browser guard, defender, explorer, firefox, firewall, hijack, hijackthis, infiziert, infiziert?, internet, internet explorer, internet security 2011, kaspersky, local\temp, mozilla, no-ip, nvidia, plug-in, security, software, spyware, system, syswow64, tastatur, temp, trojaner, windows


« AV Security Suite - Systemprüfung nach Entfernung gemäß FAQ | Worm:Win32/Conficker.B Virus:Win32/Sality.AM PWS:Win32/Verweli.A »


Ähnliche Themen: windows 7 infiziert?


  1. Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002
    Log-Analyse und Auswertung - 11.09.2015 (60)
  2. Standrechner (Windows 7) und Laptop (Windows Vista SP2) infiziert - PUP Optional Frostwire TB
    Log-Analyse und Auswertung - 18.10.2014 (14)
  3. Windows 7: infiziert mit ib.adnxs.com
    Log-Analyse und Auswertung - 29.08.2013 (5)
  4. Windows 7; Alle Dlls infiziert
    Plagegeister aller Art und deren Bekämpfung - 30.09.2012 (3)
  5. Mit BKA Virus 1.13 infiziert, Windows 7
    Log-Analyse und Auswertung - 06.09.2012 (9)
  6. Windows Verschlüsselungs Trojaner infiziert
    Log-Analyse und Auswertung - 29.06.2012 (5)
  7. Mit Windows-VerschlüsselungsTrojaner infiziert!
    Log-Analyse und Auswertung - 20.06.2012 (35)
  8. Windows XP: "Sie haben sich mit einem Windows-Verschlüsselungs Trojaner infiziert."
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (2)
  9. Infiziert mit Windows-Update-Trojaner
    Log-Analyse und Auswertung - 08.06.2012 (1)
  10. Willkomen bei Windows Update, Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 06.06.2012 (1)
  11. Ukash 100€ Trojaner Windows XP SP3 PC infiziert
    Plagegeister aller Art und deren Bekämpfung - 06.06.2012 (47)
  12. Infiziert mit Windows-Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 29.05.2012 (1)
  13. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  14. "Willkommen bei Windows Update Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 27.04.2012 (3)
  15. Windows 2003 Server W32/Downadupjob.gen!A infiziert C:/windows/tasks/AT1.job
    Log-Analyse und Auswertung - 08.04.2010 (3)
  16. Windows installiert gleich infiziert :)
    Plagegeister aller Art und deren Bekämpfung - 25.04.2007 (3)
  17. C:/Windows/Hosts - infiziert....
    Plagegeister aller Art und deren Bekämpfung - 17.07.2004 (27)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema windows 7 infiziert? - hallo an alle auf trojaner board mein prob ist ist ich kann kein windows update machen-> dienst konnte nicht gestartet werden und meine windows firewall ist aktiviert funktioniert aber nicht - windows 7 infiziert?...
Archiv
Du betrachtest: windows 7 infiziert? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131