Zitat:

Zitat von Larusso

C:\qoobox ?
Das gehört zu CF.

Starte den Rechner neu auf.

Jupp, qoobox.
Rechner neugestartet.
Eine ComboFix.txt gibt es nicht (wohl weil abgebrochen). CF nocheinmal ausführen?

Hier noch kurz die Einträge, die der Avira Guard gemacht hat:

Code: Alles auswählenAufklappen

ATTFilter

In der Datei 'C:\Qoobox\32788R22FWJFW\ipsec.sys'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben
         

Code: Alles auswählenAufklappen

ATTFilter

In der Datei 'C:\Qoobox\32788R22FWJFW\ipsec.sys'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben
         

Code: Alles auswählenAufklappen

ATTFilter

In der Datei 'C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ipsec.sys.vir'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben
         

Nein noch nicht.

CF sagte Rootkit ?

start --> ausführen --> notepad (reinschreiben)
Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

cd "%systemdrive%"
copy /y "C:\WINDOWS\system32\dllhsn32.dll" C:\dllhsn32.dll.vir
del /f "C:\WINDOWS\system32\dllhsn32.dll"
del %0
         

Speichere diese unter file.bat auf Deinem Desktop.
Wähle bei Dateityp alle Dateien aus.
Doppelklich auf die file.bat, poste mir den Inhalt des Textdokuments.
Vista- User: Mit Rechtsklick "als Administrator starten"


Schritt 2

• Dowloade Dir bitte TDSS Killer und speichere es am Desktop.
• Extrahiere den Inhalt der Datei auf deinem Desktop.
  Gehe sicher das die TDSSKiller.exe am Desktop ist. Nicht in einem Ordner.
  
  
• Drücke Windows +R Taste und kopiere folgendes in die Zeile und drücke OK.
  

  "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

• Sollte die Meldung "Hidden service detected" schreiben keinesfalls irgendetwas hinein..Drücke nur ENTER !!!
• Wenn das Tool fertig ist, erstellt es eine Logfile
  C:\TDSSKiller.txt
• Bitte poste mir den Inhalt hier in deinen Thread.

Bitte poste in Deiner nächsten Antwort
TDSSKIller.txt

Zitat:

Zitat von Larusso

Nein noch nicht.

CF sagte Rootkit ?

Ja, Rootkit Activity detected, gefolgt von einem Neustart.

Zitat:

Zitat von Larusso

start --> ausführen --> notepad (reinschreiben)
Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

cd "%systemdrive%"
copy /y "C:\WINDOWS\system32\dllhsn32.dll" C:\dllhsn32.dll.vir
del /f "C:\WINDOWS\system32\dllhsn32.dll"
del %0
         

Speichere diese unter file.bat auf Deinem Desktop.
Wähle bei Dateityp alle Dateien aus.
Doppelklich auf die file.bat, poste mir den Inhalt des Textdokuments.

Die Batchdatei erzeugt keine Textdatei und löscht sich nach ausführung selbst, das DOS-fenster hat sich leider direkt selbst geschlossen, so dass ich den Output nicht kopieren konnte.

Weiter mit Schritt 2?

Sorry, wird auch keine Textdatei erzeugt
Hab vergessen das aus dem Baustein zu löschen.

Ja weiter

Zitat:

Zitat von Larusso

Schritt 2

• Dowloade Dir bitte TDSS Killer und speichere es am Desktop.
• Extrahiere den Inhalt der Datei auf deinem Desktop.
  Gehe sicher das die TDSSKiller.exe am Desktop ist. Nicht in einem Ordner.
  
  
• Drücke Windows +R Taste und kopiere folgendes in die Zeile und drücke OK.
  

  "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

• Sollte die Meldung "Hidden service detected" schreiben keinesfalls irgendetwas hinein..Drücke nur ENTER !!!
• Wenn das Tool fertig ist, erstellt es eine Logfile
  C:\TDSSKiller.txt
• Bitte poste mir den Inhalt hier in deinen Thread.

Bitte poste in Deiner nächsten Antwort
TDSSKIller.txt

Ausgeführt, nichts gefunden:

Code: Alles auswählenAufklappen

ATTFilter

17:07:24:796 2500	TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
17:07:24:796 2500	================================================================================
17:07:24:796 2500	SystemInfo:

17:07:24:796 2500	OS Version: 5.1.2600 ServicePack: 2.0
17:07:24:796 2500	Product type: Workstation
17:07:24:796 2500	ComputerName: ELCH
17:07:24:796 2500	UserName: *****
17:07:24:796 2500	Windows directory: C:\WINDOWS
17:07:24:796 2500	System windows directory: C:\WINDOWS
17:07:24:796 2500	Processor architecture: Intel x86
17:07:24:796 2500	Number of processors: 2
17:07:24:796 2500	Page size: 0x1000
17:07:24:796 2500	Boot type: Normal boot
17:07:24:796 2500	================================================================================
17:07:25:312 2500	Initialize success
17:07:25:312 2500	
17:07:25:312 2500	Scanning	Services ...
17:07:25:593 2500	Raw services enum returned 334 services
17:07:25:609 2500	
17:07:25:609 2500	Scanning	Drivers ...
17:07:26:343 2500	3xHybrid        (315a45b5a334ed03667b1aa95d4a1f15) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
17:07:26:390 2500	acedrv11        (a6fe70357a68ad1e279cd1012419cce6) C:\WINDOWS\system32\drivers\acedrv11.sys
17:07:26:453 2500	ACPI            (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:07:26:468 2500	ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:07:26:500 2500	aec             (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
17:07:26:546 2500	AFD             (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
17:07:26:578 2500	AmdK8           (58be3c2f1aa041ea56f7305a6463035c) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
17:07:26:609 2500	AmdLLD          (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
17:07:26:640 2500	AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:07:26:671 2500	atapi           (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:07:26:687 2500	Atmarpc         (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:07:26:718 2500	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:07:26:781 2500	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
17:07:26:812 2500	avgntflt        (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:07:26:843 2500	avipbb          (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:07:26:875 2500	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:07:26:968 2500	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:07:27:000 2500	CCDECODE        (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:07:27:000 2500	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:07:27:000 2500	Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
17:07:27:046 2500	Cdrom           (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:07:27:078 2500	CLEDX           (b53f9635457b56dcffef750e18aec6cb) C:\WINDOWS\system32\DRIVERS\cledx.sys
17:07:27:125 2500	Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
17:07:27:156 2500	dmboot          (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
17:07:27:218 2500	dmio            (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
17:07:27:234 2500	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:07:27:250 2500	DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
17:07:27:265 2500	drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
17:07:27:296 2500	Fastfat         (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
17:07:27:312 2500	Fdc             (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
17:07:27:312 2500	Fips            (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
17:07:27:312 2500	Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:07:27:359 2500	FltMgr          (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:07:27:359 2500	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:07:27:406 2500	Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:07:27:421 2500	Gpc             (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:07:27:453 2500	hamachi         (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
17:07:27:468 2500	HDAudBus        (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:07:27:484 2500	hidusb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:07:27:500 2500	HTTP            (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
17:07:27:531 2500	i8042prt        (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:07:27:546 2500	Imapi           (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:07:27:593 2500	Ip6Fw           (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:07:27:593 2500	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:07:27:609 2500	IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:07:27:625 2500	IpNat           (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:07:27:656 2500	IPSec           (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:07:27:671 2500	IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:07:27:703 2500	isapnp          (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:07:27:734 2500	Kbdclass        (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:07:27:750 2500	kbdhid          (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:07:27:781 2500	klmd23          (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
17:07:27:796 2500	kmixer          (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
17:07:27:828 2500	KSecDD          (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
17:07:27:859 2500	ManyCam         (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
17:07:27:890 2500	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:07:27:906 2500	Modem           (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
17:07:27:953 2500	monfilt         (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
17:07:28:000 2500	Mouclass        (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:07:28:000 2500	mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:07:28:000 2500	MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
17:07:28:031 2500	MPE             (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
17:07:28:031 2500	MRxDAV          (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:07:28:109 2500	MRxSmb          (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:07:28:125 2500	Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
17:07:28:140 2500	MSKSSRV         (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:07:28:156 2500	MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:07:28:171 2500	MSPQM           (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
17:07:28:203 2500	mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:07:28:203 2500	MSTEE           (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
17:07:28:218 2500	MTsensor        (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
17:07:28:234 2500	Mup             (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
17:07:28:250 2500	NABTSFEC        (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:07:28:265 2500	NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
17:07:28:265 2500	NdisIP          (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:07:28:281 2500	NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:07:28:312 2500	Ndisuio         (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:07:28:312 2500	NdisWan         (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:07:28:312 2500	NDProxy         (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
17:07:28:343 2500	NetBIOS         (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:07:28:406 2500	NetBT           (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:07:28:453 2500	NPF             (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
17:07:28:453 2500	Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
17:07:28:484 2500	Ntfs            (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
17:07:28:500 2500	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:07:28:671 2500	nv              (cb0ce8de9f66a297cd86eb98921b8e58) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:07:28:812 2500	NVENETFD        (70217a23470f4bb4c8fb4abe06813081) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
17:07:28:812 2500	nvnetbus        (be8513730653384939a4d2d977c81027) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
17:07:28:843 2500	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:07:28:843 2500	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:07:28:875 2500	Parport         (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
17:07:28:906 2500	PartMgr         (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
17:07:28:937 2500	ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:07:28:968 2500	PCI             (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
17:07:28:984 2500	PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:07:29:015 2500	Pcmcia          (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:07:29:046 2500	PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:07:29:078 2500	PQNTDrv         (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
17:07:29:109 2500	Processor       (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
17:07:29:109 2500	PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
17:07:29:125 2500	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:07:29:140 2500	PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:07:29:187 2500	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:07:29:203 2500	Rasl2tp         (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:07:29:203 2500	RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:07:29:218 2500	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:07:29:265 2500	Rdbss           (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:07:29:281 2500	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:07:29:281 2500	rdpdr           (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:07:29:312 2500	RDPWD           (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
17:07:29:359 2500	redbook         (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:07:29:437 2500	SANDRA          (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP1a\WNt500x86\Sandra.sys
17:07:29:468 2500	Secdrv          (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:07:29:484 2500	serenum         (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:07:29:515 2500	Serial          (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
17:07:29:531 2500	Sfloppy         (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:07:29:562 2500	SLIP            (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:07:29:578 2500	splitter        (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
17:07:29:625 2500	sptd            (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\System32\Drivers\sptd.sys
17:07:29:656 2500	sr              (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
17:07:29:671 2500	Srv             (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
17:07:29:687 2500	ssmdrv          (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:07:29:703 2500	streamip        (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:07:29:718 2500	swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:07:29:734 2500	swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
17:07:29:750 2500	sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
17:07:29:796 2500	Tcpip           (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:07:29:828 2500	TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:07:29:859 2500	TDTCP           (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
17:07:29:875 2500	TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:07:29:937 2500	truecrypt       (aceb4f4f83b895e15c8c1a2f55009783) C:\WINDOWS\system32\drivers\truecrypt.sys
17:07:29:968 2500	Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
17:07:29:984 2500	Update          (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
17:07:30:031 2500	usbaudio        (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
17:07:30:046 2500	usbccgp         (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:07:30:062 2500	usbehci         (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:07:30:078 2500	usbhub          (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:07:30:078 2500	usbohci         (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:07:30:109 2500	usbscan         (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:07:30:125 2500	USBSTOR         (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:07:30:156 2500	VgaSave         (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
17:07:30:156 2500	VIAHdAudAddService (80ed26c12af05779a3f897b9badf6f28) C:\WINDOWS\system32\drivers\viahduaa.sys
17:07:30:187 2500	VolSnap         (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
17:07:30:187 2500	Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:07:30:218 2500	wdmaud          (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
17:07:30:234 2500	WmBEnum         (59c90bc8317bd3f6e5559a4deaf35090) C:\WINDOWS\system32\drivers\WmBEnum.sys
17:07:30:234 2500	WmFilter        (999a4539ad634a741afd357e290bd461) C:\WINDOWS\system32\drivers\WmFilter.sys
17:07:30:250 2500	WmVirHid        (0b8c64b13776f17537f0705fe62799c6) C:\WINDOWS\system32\drivers\WmVirHid.sys
17:07:30:265 2500	WmXlCore        (8d388aeb1a12c1192aa9b4ebceabcba6) C:\WINDOWS\system32\drivers\WmXlCore.sys
17:07:30:281 2500	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:07:30:296 2500	WSTCODEC        (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:07:30:296 2500	
17:07:30:296 2500	Completed
17:07:30:296 2500	
17:07:30:296 2500	Results:
17:07:30:296 2500	Registry objects infected / cured / cured on reboot:	0 / 0 / 0
17:07:30:296 2500	File objects infected / cured / cured on reboot:	0 / 0 / 0
17:07:30:296 2500	
17:07:30:312 2500	KLMD(ARK) unloaded successfully
         

Ja, da hat CF schon gearbeitet.

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Lass CF erneut laufen.

ForoSpyware.com Link ist tot, lade von BleepingComputer.com herunter, benenne um in Combo-Fix.exe und starte.
Welches Vorgehen, wenn sich Avira nach einem Neustart wieder einmischt? Ignorieren? Löschen?

Danke für den Hinweis.

Wähle Ignorieren.

CF läuft::

1.) Beim Start nach Annahme des Disclaimers erscheint erneut folgende Nachricht:

Code: Alles auswählenAufklappen

ATTFilter

Folgende Dateien haben versucht, sich an Combofix anzuhelften und wurden deaktiviert. Bitte notiere Die den Namen jeder Datei auf einem Stueck Papier. Wir benötigen diese vielleicht später noch einmal.
C:\WINDOWS\system32\dllhsn32.dll
         

2.) keine Rootkit-Meldung diesmal, Scan startet ohne Neustart

3.) Scan bis Stufe_50 läuft durch. Logfile wird generiert. Im Hintergrund erklingt mehrmals ein Windows "Pling"-Sound (wie wenn man auf eine ungültige Schaltfläche klickt oder ein Alert aufpoppt).

4.) Windows erscheint im XP-Look (vorher war Klassisches Erscheinungsbild eingestellt), Logfile wird angezeigt:

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 10-07-16.02 - Administrator 18.07.2010  17:42:11.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.49.1033.18.2047.1520 [GMT 2:00]
ausgeführt von:: c:\documents and settings\****\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
Die folgenden Dateien wurden während des Laufs deaktiviert:
c:\windows\system32\dllhsn32.dll


((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\CmdLineExt.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2010-06-18 bis 2010-07-18  ))))))))))))))))))))))))))))))
.

2010-07-18 14:57 . 2010-07-16 22:19	46592	----a-w-	C:\dllhsn32.dll.vir
2010-07-18 11:28 . 2010-07-18 11:28	--------	d-----w-	C:\_OTL
2010-07-17 15:36 . 2010-07-17 15:36	--------	d-s---w-	c:\documents and settings\****\UserData
2010-07-17 12:58 . 2010-07-17 12:58	--------	d-----w-	c:\program files\CCleaner
2010-07-17 12:38 . 2010-07-17 12:38	--------	d-----w-	c:\program files\lynx
2010-07-17 11:16 . 2010-07-17 11:16	--------	d-----w-	c:\documents and settings\****\Application Data\Wireshark
2010-07-17 11:08 . 2010-07-17 11:08	--------	d-----w-	c:\program files\WinPcap
2010-07-17 11:07 . 2010-07-17 11:08	--------	d-----w-	c:\program files\Wireshark
2010-07-16 23:37 . 2010-07-17 15:35	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-16 23:37 . 2010-07-16 23:43	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-07-16 23:30 . 2010-07-16 23:30	--------	d-----w-	c:\documents and settings\****\Application Data\Malwarebytes
2010-07-16 23:30 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-16 23:30 . 2010-07-16 23:30	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-07-16 23:30 . 2010-07-16 23:30	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-16 23:30 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-07-16 22:19 . 2010-07-16 22:19	46592	----a-w-	c:\windows\system32\dllhsn32.dll.vir
2010-07-15 00:36 . 2010-07-15 00:36	--------	d-s---w-	c:\documents and settings\NetworkService\UserData
2010-07-14 08:49 . 2010-07-14 08:49	--------	d-----w-	c:\program files\Common Files\Skype
2010-07-13 00:09 . 2010-07-16 23:24	--------	d-----w-	c:\documents and settings\****\Application Data\Dropbox
2010-07-11 15:01 . 2010-07-11 15:01	--------	d-----w-	c:\program files\ProtectDisc Driver Installer
2010-07-11 15:01 . 2010-07-11 15:01	4764120	----a-w-	c:\documents and settings\****\Application Data\ProtectDisc\pe17da5e84.dll
2010-07-11 15:01 . 2010-07-11 15:01	--------	d-----w-	c:\documents and settings\****\Application Data\ProtectDisc
2010-07-08 01:00 . 2010-07-09 22:11	--------	d-----w-	c:\documents and settings\****\Local Settings\Application Data\Gas Powered Games
2010-07-08 00:58 . 2010-07-08 00:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\Media Center Programs
2010-07-05 22:03 . 2010-07-05 22:03	--------	d-----w-	c:\program files\MusicLab
2010-06-29 23:22 . 2010-06-29 23:22	--------	d-----w-	c:\documents and settings\****\Application Data\Steinberg
2010-06-29 23:18 . 2005-05-09 18:08	33792	----a-w-	c:\windows\system32\drivers\cledx.sys
2010-06-29 23:18 . 2002-11-25 03:46	16896	----a-w-	c:\windows\system32\drivers\synasUSB.sys
2010-06-26 00:40 . 2010-07-10 20:13	--------	d-----w-	c:\documents and settings\****\Local Settings\Application Data\My Games

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-18 14:57 . 2010-02-05 22:43	--------	d-----w-	c:\documents and settings\****\Application Data\EditPlus 3
2010-07-18 13:17 . 2010-02-05 20:17	--------	d-----w-	c:\program files\Mozilla Thunderbird
2010-07-18 12:41 . 2010-02-05 22:38	2828	--sha-w-	c:\windows\system32\KGyGaAvL.sys
2010-07-18 12:38 . 2010-02-05 20:17	--------	d-----w-	c:\documents and settings\****\Application Data\Skype
2010-07-18 11:48 . 2010-02-05 20:20	--------	d-----w-	c:\documents and settings\****\Application Data\skypePM
2010-07-18 11:21 . 2010-02-05 21:57	--------	d-----w-	c:\documents and settings\****\Application Data\uTorrent
2010-07-18 03:27 . 2010-02-05 20:01	--------	d-----w-	c:\documents and settings\****\Application Data\Media Player Classic
2010-07-18 03:05 . 2010-02-14 17:55	--------	d-----w-	c:\documents and settings\****\Application Data\FileZilla
2010-07-17 08:09 . 2010-02-05 19:59	--------	d-----w-	c:\documents and settings\****\Application Data\Winamp
2010-07-10 20:13 . 2010-02-05 19:37	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-07-10 20:06 . 2010-06-17 09:18	--------	d-----w-	c:\documents and settings\****\Application Data\Microsoft Games
2010-07-07 00:21 . 2010-02-18 19:31	25	----a-w-	c:\windows\popcinfot.dat
2010-07-06 11:54 . 2010-02-05 19:41	119000	----a-w-	c:\documents and settings\****\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-05 22:03 . 2010-02-05 22:28	--------	d-----w-	c:\program files\Vstplugins
2010-07-04 21:06 . 2010-02-05 19:55	--------	d-----w-	c:\program files\Opera
2010-06-29 23:36 . 2010-04-22 04:24	--------	d-----w-	c:\program files\Steinberg
2010-06-26 00:39 . 2004-07-17 15:36	163644	----a-w-	c:\windows\system32\drivers\secdrv.sys
2010-06-16 23:04 . 2010-06-16 23:04	--------	d-----w-	c:\program files\FreePDF_XP
2010-06-16 23:04 . 2010-06-16 23:04	--------	d-----w-	c:\documents and settings\All Users\Application Data\FreePDF
2010-06-16 23:04 . 2010-06-16 23:04	--------	d-----w-	c:\program files\gs
2010-06-14 11:24 . 2010-06-10 11:40	--------	d-----w-	c:\program files\FileZilla
2010-06-08 07:03 . 2010-06-08 07:03	--------	d-----w-	c:\program files\FileZilla FTP Client
2010-06-07 14:14 . 2010-06-07 14:12	--------	d-----w-	c:\program files\Any Video Converter
2010-06-07 14:12 . 2010-06-07 14:12	--------	d-----w-	c:\documents and settings\****\Application Data\AnvSoft
2010-06-05 01:41 . 2010-06-05 01:41	--------	d-----w-	c:\program files\trueSpace761
2010-06-05 00:48 . 2010-06-05 00:47	--------	d-----w-	c:\program files\Python26
2010-06-05 00:41 . 2010-06-05 00:41	--------	d-----w-	c:\program files\Blender Foundation
2010-05-30 06:41 . 2010-05-30 06:36	--------	d-----w-	c:\documents and settings\****\Application Data\DVDVideoSoftIEHelpers
2010-05-30 06:40 . 2010-05-30 06:36	--------	d-----w-	c:\program files\Free YouTube to MP3 Converter
2010-05-30 06:36 . 2010-05-30 06:36	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2010-05-30 06:36 . 2010-05-30 06:36	--------	d-----w-	c:\program files\DVDVideoSoft
2010-05-29 09:12 . 2010-02-05 22:26	278240	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-29 01:12 . 2010-05-28 18:04	27126	----a-w-	c:\windows\DIIUnin.dat
2010-05-28 18:05 . 2010-05-28 18:05	21840	----a-w-	c:\windows\system32\SIntfNT.dll
2010-05-28 18:05 . 2010-05-28 18:05	17212	----a-w-	c:\windows\system32\SIntf32.dll
2010-05-28 18:05 . 2010-05-28 18:05	12067	----a-w-	c:\windows\system32\SIntf16.dll
2010-05-28 18:04 . 2010-05-28 18:04	2829	----a-w-	c:\windows\DIIUnin.pif
2010-05-28 18:04 . 2010-05-28 18:04	94208	----a-w-	c:\windows\DIIUnin.exe
2010-02-05 22:38 . 2010-02-05 22:38	88	--sha-r-	c:\windows\system32\5AFCDF6B76.sys
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 29831168]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TerraTec Remote Control"="c:\program files\Common Files\TerraTec\Remote\TTTVRC.exe" [2005-12-21 987136]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"TerraTec Scheduler"="c:\progra~1\COMMON~1\TerraTec\SCHEDU~1\TTTimer.exe" [2005-02-24 618496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06	976832	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09	413696	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"gupdate"=2 (0x2)
"SandraAgentSrv"=3 (0x3)
"Hamachi2Svc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TerraTec Scheduler"=c:\progra~1\COMMON~1\TerraTec\SCHEDU~1\TTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"g:\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"g:\\Mass Effect 2\\MassEffect2Launcher.exe"=
"g:\\Steam\\Steam.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010.SP1a\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010.SP1a\\WNt500x86\\RpcSandraSrv.exe"=
"g:\\Blood Bowl\\BB.exe"=
"g:\\Blood Bowl\\Autorun\\Exe\\Autorun.exe"=
"g:\\Steam\\steamapps\\common\\natural selection 2\\NS2.exe"=
"g:\\Split Second\\SplitSecond.exe"=
"g:\\Neverwinter Nights 2\\nwn2main.exe"=
"g:\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"g:\\Neverwinter Nights 2\\nwupdate.exe"=
"g:\\Neverwinter Nights 2\\nwn2server.exe"=
"g:\\Supreme Commander\\bin\\SupremeCommander.exe"=
"g:\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [19.01.2009 20:31 277544]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [05.02.2010 22:40 108289]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 20:19 50704]
R3 3xHybrid;Cinergy 400 TV service;c:\windows\system32\drivers\3xHybrid.sys [04.12.2006 17:13 1121536]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14.01.2008 12:06 21632]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [05.02.2010 21:44 238080]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [30.06.2010 01:18 33792]
S3 cpuz130;cpuz130;\??\c:\docume~1\HYPERG~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\HYPERG~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [09.02.2010 13:42 135664]
S4 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP1a\RpcAgentSrv.exe [05.04.2010 03:11 93336]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05.02.2010 22:32 691696]

--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - KLMD23
*Deregistered* - klmd23
.
.
------- Zusätzlicher Suchlauf -------
.
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: {AE0FA877-AD1C-49D6-AFB9-2806D13C77F9} = 192.168.1.1,212.37.37.37
FF - ProfilePath - 

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-nwiz - nwiz.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-18 17:45
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2052111302-343818398-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:6a,a9,3c,62,f7,46,80,7d,aa,78,7c,02,c9,52,e8,da,7a,18,31,5f,04,
   46,2c,3c,31,bd,fc,f0,5e,27,00,b0,f9,56,73,55,82,03,27,20,09,a9,df,ac,62,d3,\
"rkeysecu"=hex:a2,83,41,12,f1,11,63,8a,33,8e,6a,3e,f9,d3,1a,f5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\nvLsp.dll
.
Zeit der Fertigstellung: 2010-07-18  17:46:42
ComboFix-quarantined-files.txt  2010-07-18 15:46

Vor Suchlauf: 26.532.515.840 bytes free
Nach Suchlauf: 26.505.170.944 bytes free

- - End Of File - - 7E8D2FA3C71BA4B670FF2B383FB09229
         

--- --- ---

Bitte lasse die Dateien aus der Code-Box bei Virustotal überprüfen

Code: Alles auswählenAufklappen

ATTFilter

c:\windows\system32\dllhsn32.dll
         

Also gehe wie hier beschrieben vor:

• Öffne diese Webseite: virustotal
• Klicke auf "Durchsuchen"
• Suche die Datei auf deinem Rechner--> Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
• "Senden der Datei"
• Warte, bis der Scandurchlauf aller Virenscanner beendet ist
• Auf "Filter" klicken
• dann auf "Ergebnisse"
• das Ergebnis (wie Du es bekommst )
  komplett markieren und hier rein kopieren

Sollte die Datei als schädlich erkannt werden bitte noch nicht entfernen

Ausgabe von Virustotal

Code: Alles auswählenAufklappen

ATTFilter

Datei dllhsn32.dll empfangen 2010.07.18 16:06:04 (UTC)Antivirus	Version	letzte aktualisierung	Ergebnis
Kaspersky	7.0.0.125	2010.07.18	Backdoor.Win32.Papras.li
McAfee-GW-Edition	2010.1	2010.07.16	Heuristic.LooksLike.Trojan.Backdoor.Papras.I
Panda	10.0.2.7	2010.07.18	Trj/CI.A
Prevx	3.0	2010.07.18	Medium Risk Malware

weitere Informationen
File size: 46592 bytes
MD5...: 7a8c330fe611d713202f72ab84e2e66c
SHA1..: 626b51a9c2623c6c731d8910ff6c2f60344a58a7
SHA256: 0c0451c824f75e4343617b40f309d91cd364880a4c98a7af6604d5b82005305f
ssdeep: 768:kbwVf8AtC7IgfUoqFhlJrnRiYZNp6xfDTie6IJV+tsc4:kbwt8xI+U37rnex<br>ffD61tsc<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x13e7<br>timedatestamp.....: 0x3c624182 (Thu Feb 07 08:57:38 2002)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x7000 0x6800 7.17 67d358b8411c59c255d57e1e9c1187f9<br>.data 0x8000 0x1000 0x200 2.82 96845e53e1f7963737b2c834312aac9a<br>.kdata 0x9000 0x5000 0x4600 7.09 cacd373dbc270bce96cfbca6ee2105e1<br>.reloc 0xe000 0x1000 0x200 0.45 50d818beb1e1bfd1f9672495c8edbb3e<br><br>( 1 imports ) <br>&gt; KERNEL32.dll: CreateEventA, GetProcessId, ExitProcess, LoadLibraryExA, GetCurrentProcessId<br><br>( 3 exports ) <br>ClientDllCleanup, ClientDllStartup, CreateProcessNotify<br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
Symantec Reputation Network: Suspicious.Insight hxxp://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
&lt;a href='hxxp://info.prevx.com/aboutprogramtext.asp?PX5=A53AB91100093627B667007322251700CC4C3361' target='_blank'&gt;hxxp://info.prevx.com/aboutprogramtext.asp?PX5=A53AB91100093627B667007322251700CC4C3361&lt;/a&gt;
         

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code: Alles auswählenAufklappen

ATTFilter

http://www.trojaner-board.de/88317-browser-oeffnen-spam-links-winupdate-geblockt-iexplorer-kann-gar-nicht-geoeffnet-werden-3.html#post543508

KillAll::
Collect::
c:\windows\system32\dllhsn32.dll

File::
C:\dllhsn32.dll.vir

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls]
"odbcdial"=-
         

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:

• Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
  Danach wieder anstellen nicht vergessen!
• Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
  Dies kann dazu führen, dass ComboFix sich aufhängt.
• Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
• Mache nichts am PC solange ComboFix läuft.

• In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
• Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Hinweis für Mitleser:
Obiges Combofix-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!


Schritt 2

Starte bitte OTL.exe und klicke auf den Quick Scan Button.


Bitte poste in Deiner nächsten Antwort
Combofix.txt
OTL.txt

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 10-07-16.02 - **** 18.07.2010  18:18:14.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.49.1033.18.2047.1645 [GMT 2:00]
ausgeführt von:: c:\documents and settings\****\Desktop\Combo-Fix.exe
Benutzte Befehlsschalter :: c:\documents and settings\****\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"C:\dllhsn32.dll.vir"

file zipped: c:\windows\system32\dllhsn32.dll
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\dllhsn32.dll.vir
c:\windows\system32\dllhsn32.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2010-06-18 bis 2010-07-18  ))))))))))))))))))))))))))))))
.

2010-07-18 15:50 . 2010-07-18 15:50	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2010-07-18 11:28 . 2010-07-18 11:28	--------	d-----w-	C:\_OTL
2010-07-17 15:36 . 2010-07-17 15:36	--------	d-s---w-	c:\documents and settings\****\UserData
2010-07-17 12:58 . 2010-07-17 12:58	--------	d-----w-	c:\program files\CCleaner
2010-07-17 12:38 . 2010-07-17 12:38	--------	d-----w-	c:\program files\lynx
2010-07-17 11:16 . 2010-07-17 11:16	--------	d-----w-	c:\documents and settings\****\Application Data\Wireshark
2010-07-17 11:08 . 2010-07-17 11:08	--------	d-----w-	c:\program files\WinPcap
2010-07-17 11:07 . 2010-07-17 11:08	--------	d-----w-	c:\program files\Wireshark
2010-07-16 23:37 . 2010-07-17 15:35	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-16 23:37 . 2010-07-16 23:43	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-07-16 23:30 . 2010-07-16 23:30	--------	d-----w-	c:\documents and settings\****\Application Data\Malwarebytes
2010-07-16 23:30 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-16 23:30 . 2010-07-16 23:30	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-07-16 23:30 . 2010-07-16 23:30	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-16 23:30 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-07-15 00:36 . 2010-07-15 00:36	--------	d-s---w-	c:\documents and settings\NetworkService\UserData
2010-07-14 08:49 . 2010-07-14 08:49	--------	d-----w-	c:\program files\Common Files\Skype
2010-07-13 00:09 . 2010-07-16 23:24	--------	d-----w-	c:\documents and settings\****\Application Data\Dropbox
2010-07-11 15:01 . 2010-07-11 15:01	--------	d-----w-	c:\program files\ProtectDisc Driver Installer
2010-07-11 15:01 . 2010-07-11 15:01	4764120	----a-w-	c:\documents and settings\****\Application Data\ProtectDisc\pe17da5e84.dll
2010-07-11 15:01 . 2010-07-11 15:01	--------	d-----w-	c:\documents and settings\****\Application Data\ProtectDisc
2010-07-08 01:00 . 2010-07-09 22:11	--------	d-----w-	c:\documents and settings\****\Local Settings\Application Data\Gas Powered Games
2010-07-08 00:58 . 2010-07-08 00:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\Media Center Programs
2010-07-05 22:03 . 2010-07-05 22:03	--------	d-----w-	c:\program files\MusicLab
2010-06-29 23:22 . 2010-06-29 23:22	--------	d-----w-	c:\documents and settings\****\Application Data\Steinberg
2010-06-29 23:18 . 2005-05-09 18:08	33792	----a-w-	c:\windows\system32\drivers\cledx.sys
2010-06-29 23:18 . 2002-11-25 03:46	16896	----a-w-	c:\windows\system32\drivers\synasUSB.sys
2010-06-26 00:40 . 2010-07-10 20:13	--------	d-----w-	c:\documents and settings\****\Local Settings\Application Data\My Games

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-18 14:57 . 2010-02-05 22:43	--------	d-----w-	c:\documents and settings\****\Application Data\EditPlus 3
2010-07-18 13:17 . 2010-02-05 20:17	--------	d-----w-	c:\program files\Mozilla Thunderbird
2010-07-18 12:41 . 2010-02-05 22:38	2828	--sha-w-	c:\windows\system32\KGyGaAvL.sys
2010-07-18 12:38 . 2010-02-05 20:17	--------	d-----w-	c:\documents and settings\****\Application Data\Skype
2010-07-18 11:48 . 2010-02-05 20:20	--------	d-----w-	c:\documents and settings\****\Application Data\skypePM
2010-07-18 11:21 . 2010-02-05 21:57	--------	d-----w-	c:\documents and settings\****\Application Data\uTorrent
2010-07-18 03:27 . 2010-02-05 20:01	--------	d-----w-	c:\documents and settings\****\Application Data\Media Player Classic
2010-07-18 03:05 . 2010-02-14 17:55	--------	d-----w-	c:\documents and settings\****\Application Data\FileZilla
2010-07-17 08:09 . 2010-02-05 19:59	--------	d-----w-	c:\documents and settings\****\Application Data\Winamp
2010-07-10 20:13 . 2010-02-05 19:37	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-07-10 20:06 . 2010-06-17 09:18	--------	d-----w-	c:\documents and settings\****\Application Data\Microsoft Games
2010-07-07 00:21 . 2010-02-18 19:31	25	----a-w-	c:\windows\popcinfot.dat
2010-07-06 11:54 . 2010-02-05 19:41	119000	----a-w-	c:\documents and settings\****\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-05 22:03 . 2010-02-05 22:28	--------	d-----w-	c:\program files\Vstplugins
2010-07-04 21:06 . 2010-02-05 19:55	--------	d-----w-	c:\program files\Opera
2010-06-29 23:36 . 2010-04-22 04:24	--------	d-----w-	c:\program files\Steinberg
2010-06-26 00:39 . 2004-07-17 15:36	163644	----a-w-	c:\windows\system32\drivers\secdrv.sys
2010-06-16 23:04 . 2010-06-16 23:04	--------	d-----w-	c:\program files\FreePDF_XP
2010-06-16 23:04 . 2010-06-16 23:04	--------	d-----w-	c:\documents and settings\All Users\Application Data\FreePDF
2010-06-16 23:04 . 2010-06-16 23:04	--------	d-----w-	c:\program files\gs
2010-06-14 11:24 . 2010-06-10 11:40	--------	d-----w-	c:\program files\FileZilla
2010-06-08 07:03 . 2010-06-08 07:03	--------	d-----w-	c:\program files\FileZilla FTP Client
2010-06-07 14:14 . 2010-06-07 14:12	--------	d-----w-	c:\program files\Any Video Converter
2010-06-07 14:12 . 2010-06-07 14:12	--------	d-----w-	c:\documents and settings\****\Application Data\AnvSoft
2010-06-05 01:41 . 2010-06-05 01:41	--------	d-----w-	c:\program files\trueSpace761
2010-06-05 00:48 . 2010-06-05 00:47	--------	d-----w-	c:\program files\Python26
2010-06-05 00:41 . 2010-06-05 00:41	--------	d-----w-	c:\program files\Blender Foundation
2010-05-30 06:41 . 2010-05-30 06:36	--------	d-----w-	c:\documents and settings\****\Application Data\DVDVideoSoftIEHelpers
2010-05-30 06:40 . 2010-05-30 06:36	--------	d-----w-	c:\program files\Free YouTube to MP3 Converter
2010-05-30 06:36 . 2010-05-30 06:36	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2010-05-30 06:36 . 2010-05-30 06:36	--------	d-----w-	c:\program files\DVDVideoSoft
2010-05-29 09:12 . 2010-02-05 22:26	278240	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-29 01:12 . 2010-05-28 18:04	27126	----a-w-	c:\windows\DIIUnin.dat
2010-05-28 18:05 . 2010-05-28 18:05	21840	----a-w-	c:\windows\system32\SIntfNT.dll
2010-05-28 18:05 . 2010-05-28 18:05	17212	----a-w-	c:\windows\system32\SIntf32.dll
2010-05-28 18:05 . 2010-05-28 18:05	12067	----a-w-	c:\windows\system32\SIntf16.dll
2010-05-28 18:04 . 2010-05-28 18:04	2829	----a-w-	c:\windows\DIIUnin.pif
2010-05-28 18:04 . 2010-05-28 18:04	94208	----a-w-	c:\windows\DIIUnin.exe
2010-02-05 22:38 . 2010-02-05 22:38	88	--sha-r-	c:\windows\system32\5AFCDF6B76.sys
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 29831168]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TerraTec Remote Control"="c:\program files\Common Files\TerraTec\Remote\TTTVRC.exe" [2005-12-21 987136]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"TerraTec Scheduler"="c:\progra~1\COMMON~1\TerraTec\SCHEDU~1\TTTimer.exe" [2005-02-24 618496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06	976832	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09	413696	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"gupdate"=2 (0x2)
"SandraAgentSrv"=3 (0x3)
"Hamachi2Svc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TerraTec Scheduler"=c:\progra~1\COMMON~1\TerraTec\SCHEDU~1\TTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"g:\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"g:\\Mass Effect 2\\MassEffect2Launcher.exe"=
"g:\\Steam\\Steam.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010.SP1a\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010.SP1a\\WNt500x86\\RpcSandraSrv.exe"=
"g:\\Blood Bowl\\BB.exe"=
"g:\\Blood Bowl\\Autorun\\Exe\\Autorun.exe"=
"g:\\Steam\\steamapps\\common\\natural selection 2\\NS2.exe"=
"g:\\Split Second\\SplitSecond.exe"=
"g:\\Neverwinter Nights 2\\nwn2main.exe"=
"g:\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"g:\\Neverwinter Nights 2\\nwupdate.exe"=
"g:\\Neverwinter Nights 2\\nwn2server.exe"=
"g:\\Supreme Commander\\bin\\SupremeCommander.exe"=
"g:\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [19.01.2009 20:31 277544]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [05.02.2010 22:40 108289]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 20:19 50704]
R3 3xHybrid;Cinergy 400 TV service;c:\windows\system32\drivers\3xHybrid.sys [04.12.2006 17:13 1121536]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14.01.2008 12:06 21632]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [05.02.2010 21:44 238080]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [30.06.2010 01:18 33792]
S3 cpuz130;cpuz130;\??\c:\docume~1\HYPERG~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\HYPERG~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [09.02.2010 13:42 135664]
S4 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP1a\RpcAgentSrv.exe [05.04.2010 03:11 93336]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05.02.2010 22:32 691696]
.
.
------- Zusätzlicher Suchlauf -------
.
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: {AE0FA877-AD1C-49D6-AFB9-2806D13C77F9} = 192.168.1.1,212.37.37.37
FF - ProfilePath - 

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-18 18:23
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2052111302-343818398-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:6a,a9,3c,62,f7,46,80,7d,aa,78,7c,02,c9,52,e8,da,7a,18,31,5f,04,
   46,2c,3c,31,bd,fc,f0,5e,27,00,b0,f9,56,73,55,82,03,27,20,09,a9,df,ac,62,d3,\
"rkeysecu"=hex:a2,83,41,12,f1,11,63,8a,33,8e,6a,3e,f9,d3,1a,f5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\nvLsp.dll

- - - - - - - > 'explorer.exe'(1916)
c:\windows\system32\msi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DEU
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-07-18  18:25:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-07-18 16:25
ComboFix2.txt  2010-07-18 15:46

Vor Suchlauf: 26.497.904.640 bytes free
Nach Suchlauf: 26.488.745.984 bytes free

- - End Of File - - 9EFEF88542B651CF2AB89835FA5B1CCB
         

--- --- ---



OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 18.07.2010 18:27:49 - Run 3
OTL by OldTimer - Version 3.2.9.0     Folder = C:\Documents and Settings\****\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73,24 Gb Total Space | 24,69 Gb Free Space | 33,71% Space Free | Partition Type: NTFS
Drive D: | 5,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 100,01 Gb Total Space | 9,57 Gb Free Space | 9,57% Space Free | Partition Type: NTFS
Drive H: | 132,87 Gb Total Space | 3,90 Gb Free Space | 2,94% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive X: | 224,85 Gb Total Space | 3,49 Gb Free Space | 1,55% Space Free | Partition Type: NTFS
 
Computer Name: ELCH
Current User Name: ****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.07.17 17:47:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\****\Desktop\OTL.exe
PRC - [2010.06.30 14:52:22 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2010.01.14 00:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009.09.05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.01.21 15:19:54 | 000,092,168 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2008.04.24 04:32:30 | 000,598,016 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008.04.24 04:31:54 | 000,176,128 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005.12.21 12:52:36 | 000,987,136 | ---- | M] (TerraTec Eletronic GmbH) -- C:\Program Files\Common Files\TerraTec\Remote\TTTVRC.exe
PRC - [2004.08.04 06:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.07.17 17:47:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\****\Desktop\OTL.exe
MOD - [2004.08.04 06:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004.08.04 05:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.08.17 08:54:36 | 000,093,336 | ---- | M] (SiSoftware) [Disabled | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP1a\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.04.24 04:32:30 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008.04.24 04:31:54 | 000,176,128 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HYPERG~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Combo-Fix\catchme.sys -- (catchme)
DRV - [2010.02.05 22:32:48 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.02.05 22:18:15 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010.02.03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010.01.12 06:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009.11.25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP1a\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.01.13 20:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009.01.13 20:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009.01.13 20:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009.01.13 20:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008.05.08 23:23:22 | 000,238,080 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008.03.25 13:48:08 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008.03.25 13:48:06 | 000,054,400 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008.02.14 16:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2008.01.14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007.06.29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006.12.04 17:13:14 | 001,121,536 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006.07.02 00:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005.05.09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005.01.07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004.08.12 20:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.08.04 00:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004.08.03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2002.09.16 18:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
FF - prefs.js..extensions.enabledItems: {AB7308B2-C13C-4eba-AC78-2AD55B96EE09}:3.0.0
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.01 14:04:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.01 14:04:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.06.18 15:22:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.03.11 16:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Mozilla\Extensions
[2010.02.05 22:23:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\****\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.03.11 16:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010.07.17 12:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Mozilla\Firefox\Profiles\s7dsvfdj.default\extensions
[2010.02.08 19:06:04 | 000,000,000 | ---D | M] (Html Validator) -- C:\Documents and Settings\****\Application Data\Mozilla\Firefox\Profiles\s7dsvfdj.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2010.02.08 19:06:02 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\****\Application Data\Mozilla\Firefox\Profiles\s7dsvfdj.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010.02.08 19:06:02 | 000,000,000 | ---D | M] (CSS Validator) -- C:\Documents and Settings\****\Application Data\Mozilla\Firefox\Profiles\s7dsvfdj.default\extensions\{AB7308B2-C13C-4eba-AC78-2AD55B96EE09}
[2010.02.08 00:24:50 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\****\Application Data\Mozilla\Firefox\Profiles\s7dsvfdj.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.04.23 10:39:28 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\****\Application Data\Mozilla\Firefox\Profiles\s7dsvfdj.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.02.05 22:04:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.07.01 14:04:13 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.01 14:04:13 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.01 14:04:13 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.01 14:04:13 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.01 14:04:13 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.18 18:23:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [TerraTec Remote Control] C:\Program Files\Common Files\TerraTec\Remote\TTTVRC.exe (TerraTec Eletronic GmbH)
O4 - HKLM..\Run: [TerraTec Scheduler] C:\Program Files\Common Files\TerraTec\Scheduler\TTTimer.exe (TerraTec Electronic GmbH)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\****\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\****\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.05 21:10:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.06.10 15:32:42 | 000,000,044 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.07.18 18:25:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.07.18 17:05:10 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\****\Desktop\TDSSKiller.exe
[2010.07.18 15:35:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.07.18 15:33:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.07.18 15:33:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.07.18 15:33:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.07.18 15:33:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.07.18 15:29:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.07.18 14:40:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.07.18 13:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Desktop\GooredFix Backups
[2010.07.18 13:31:07 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\****\Desktop\GooredFix.exe
[2010.07.18 13:28:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.07.17 17:47:45 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\****\Desktop\OTL.exe
[2010.07.17 17:36:24 | 000,000,000 | --SD | C] -- C:\Documents and Settings\****\UserData
[2010.07.17 17:33:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\****\Recent
[2010.07.17 14:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.07.17 14:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\lynx
[2010.07.17 14:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Desktop\osam_autorun_manager_5_0_portable
[2010.07.17 13:16:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\Wireshark
[2010.07.17 13:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010.07.17 13:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2010.07.17 06:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010.07.17 06:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010.07.17 01:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.07.17 01:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010.07.17 01:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\Malwarebytes
[2010.07.17 01:30:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.17 01:30:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.17 01:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.07.17 01:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.07.17 00:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010.07.14 10:49:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.07.13 02:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\Dropbox
[2010.07.11 17:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\My Documents\Drakensang
[2010.07.11 17:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\ProtectDisc Driver Installer
[2010.07.11 17:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\ProtectDisc
[2010.07.09 23:49:57 | 005,619,712 | ---- | C] (Gas Powered Games) -- C:\Documents and Settings\****\Desktop\supcom_fa_patch_1.5.3596_to_1.5.3599.exe
[2010.07.09 23:36:06 | 039,362,560 | ---- | C] (Gas Powered Games) -- C:\Documents and Settings\****\Desktop\supcom_patch_1.0.3189_to_1.1.3280.exe
[2010.07.09 07:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Desktop\dummy file generator12
[2010.07.08 03:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Local Settings\Application Data\Gas Powered Games
[2010.07.08 02:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Media Center Programs
[2010.07.06 00:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\MusicLab
[2010.06.30 01:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\Steinberg
[2010.06.30 01:18:18 | 000,033,792 | ---- | C] (Team H2O) -- C:\WINDOWS\System32\drivers\cledx.sys
[2010.06.30 01:18:11 | 000,016,896 | ---- | C] (Syncrosoft GmbH) -- C:\WINDOWS\System32\drivers\synasUSB.sys
[2010.06.26 02:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Local Settings\Application Data\My Games
[2010.06.22 03:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\My Documents\Neverwinter Nights 2
[2010.06.17 16:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Local Settings\Application Data\FreePDF_XP
[2010.06.17 11:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\Microsoft Games
[2010.06.17 01:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\FreePDF_XP
[2010.06.17 01:04:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FreePDF
[2010.06.17 01:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\gs
[2010.06.10 13:40:40 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla
[2010.06.08 09:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2010.06.07 16:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\My Documents\Any Video Converter
[2010.06.07 16:12:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\AnvSoft
[2010.06.07 16:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Any Video Converter
[2010.06.07 06:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\My Documents\Disney Interactive Studios
[2010.06.05 03:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\trueSpace761
[2010.06.05 02:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\Python26
[2010.06.05 02:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation
[2010.05.30 08:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\DVDVideoSoftIEHelpers
[2010.05.30 08:36:49 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010.05.30 08:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Free YouTube to MP3 Converter
[2010.05.30 08:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010.05.28 20:04:25 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2010.05.27 14:37:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010.05.27 12:26:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010.05.19 16:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\ManyCam 2.4
[2010.05.19 16:28:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\ManyCam
[2010.05.19 16:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\Webcam Simulator
[2010.05.17 23:29:20 | 000,278,528 | ---- | C] (Big Sphicter productions) -- C:\Documents and Settings\****\Desktop\cac106.exe
[2010.05.16 01:52:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010.05.16 01:27:11 | 000,131,072 | ---- | C] (Sunplus) -- C:\WINDOWS\System\SP5X_32.DLL
[2010.05.09 16:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\X-Chat 2
[2010.05.09 16:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\X-Chat 2
[2010.05.06 02:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Local Settings\Application Data\WMTools Downloaded Files
[2010.05.05 19:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\quassel-irc.org
[2010.05.03 18:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Desktop\schach
[2010.05.02 17:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\InfraRecorder
[2010.05.02 17:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\InfraRecorder
[2010.04.28 23:34:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.04.22 06:28:57 | 000,704,512 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\WINDOWS\System32\SYNSOACC.dll
[2010.04.22 06:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg
[2010.04.21 19:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\LucasArts
[2010.04.21 15:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\****\My Documents\DVDVideoSoft
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010.07.18 18:23:45 | 000,000,270 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.07.18 18:23:38 | 000,275,208 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.07.18 18:23:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.07.18 18:23:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.18 18:23:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.18 18:22:44 | 013,893,632 | -H-- | M] () -- C:\Documents and Settings\****\NTUSER.DAT
[2010.07.18 18:16:51 | 003,737,904 | R--- | M] () -- C:\Documents and Settings\****\Desktop\Combo-Fix.exe
[2010.07.18 17:02:59 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\Lynx Browser.lnk
[2010.07.18 15:35:19 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010.07.18 14:41:13 | 000,002,828 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010.07.18 13:48:53 | 000,002,285 | ---- | M] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010.07.18 13:31:07 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\****\Desktop\GooredFix.exe
[2010.07.18 05:46:54 | 000,165,376 | ---- | M] () -- C:\Documents and Settings\****\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.18 04:43:24 | 000,037,680 | ---- | M] () -- C:\Documents and Settings\****\Desktop\wundenmann.jpg
[2010.07.18 02:06:18 | 000,000,574 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.07.18 02:06:18 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2010.07.17 22:38:41 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\****\defogger_reenable
[2010.07.17 22:37:38 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\****\Desktop\Defogger.exe
[2010.07.17 17:47:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\****\Desktop\OTL.exe
[2010.07.17 15:15:14 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\****\Desktop\xtj2z9vg.exe
[2010.07.17 15:02:26 | 000,088,606 | ---- | M] () -- C:\Documents and Settings\****\My Documents\cc_20100717_150208.reg
[2010.07.17 14:58:43 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\****\Desktop\CCleaner.lnk
[2010.07.17 13:08:18 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
[2010.07.17 13:07:51 | 000,001,501 | ---- | M] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2010.07.17 11:20:58 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\****\Desktop\Miet-Anzeigen.doc
[2010.07.17 10:06:39 | 100,667,044 | ---- | M] () -- C:\Documents and Settings\****\Desktop\chaosradio_express_159_nachrichtendienste.mp3
[2010.07.17 01:37:08 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\****\Desktop\Spybot - Search & Destroy.lnk
[2010.07.17 01:30:38 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.17 01:24:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.17 01:24:39 | 000,393,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.07.15 00:03:16 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\00001119.LCS
[2010.07.13 09:14:26 | 006,178,944 | ---- | M] () -- C:\Documents and Settings\****\Desktop\Delta Blues- Drunk Hearted Man ('Personally Groovy' take ).mp3
[2010.07.12 09:33:50 | 000,119,000 | ---- | M] () -- C:\Documents and Settings\****\Application Data\GDIPFONTCACHEV1.DAT
[2010.07.11 21:34:38 | 118,095,214 | ---- | M] () -- C:\Documents and Settings\****\Desktop\chaosradio_express_158_liquidfeedback.mp3
[2010.07.11 01:36:53 | 000,021,558 | ---- | M] () -- C:\Documents and Settings\****\My Documents\019._2wav.wav
[2010.07.11 01:35:46 | 000,021,558 | ---- | M] () -- C:\Documents and Settings\****\My Documents\019.wav
[2010.07.10 23:15:49 | 000,000,551 | ---- | M] () -- C:\Documents and Settings\****\Desktop\Drakensang.lnk
[2010.07.09 23:50:31 | 005,619,712 | ---- | M] (Gas Powered Games) -- C:\Documents and Settings\****\Desktop\supcom_fa_patch_1.5.3596_to_1.5.3599.exe
[2010.07.09 23:41:22 | 039,362,560 | ---- | M] (Gas Powered Games) -- C:\Documents and Settings\****\Desktop\supcom_patch_1.0.3189_to_1.1.3280.exe
[2010.07.09 02:56:26 | 002,806,805 | ---- | M] () -- C:\Documents and Settings\****\Desktop\09 - Fantasy IV - Final Fantasy - Bombing Mission.mp3
[2010.07.08 02:59:06 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Supreme Commander.lnk
[2010.07.07 02:21:00 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010.07.06 13:54:06 | 000,119,000 | ---- | M] () -- C:\Documents and Settings\****\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010.07.04 23:06:48 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010.06.30 17:25:08 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\****\Desktop\TDSSKiller.exe
[2010.06.30 01:55:24 | 000,071,052 | ---- | M] () -- C:\Documents and Settings\****\Desktop\breeda_110g_e.mp3
[2010.06.30 01:55:15 | 000,084,844 | ---- | M] () -- C:\Documents and Settings\****\Desktop\shunta_92c_fsharp.mp3
[2010.06.30 01:55:08 | 000,070,634 | ---- | M] () -- C:\Documents and Settings\****\Desktop\breeda_110i_asharp.mp3
[2010.06.30 01:55:02 | 000,066,872 | ---- | M] () -- C:\Documents and Settings\****\Desktop\masha_117e_a.mp3
[2010.06.30 01:54:27 | 000,071,052 | ---- | M] () -- C:\Documents and Settings\****\Desktop\breeda_110e_c.mp3
[2010.06.30 01:54:21 | 000,106,578 | ---- | M] () -- C:\Documents and Settings\****\Desktop\clankmonsta_146b_fsharp.mp3
[2010.06.30 01:54:12 | 000,084,844 | ---- | M] () -- C:\Documents and Settings\****\Desktop\shunta_92i_b.mp3
[2010.06.30 01:54:05 | 000,084,426 | ---- | M] () -- C:\Documents and Settings\****\Desktop\shunta_92a_e.mp3
[2010.06.29 17:31:09 | 000,000,246 | ---- | M] () -- C:\WINDOWS\Caligari.ini
[2010.06.29 10:23:16 | 000,006,498 | ---- | M] () -- C:\Documents and Settings\****\Desktop\Ablauf Conquest.pdf
[2010.06.29 09:44:58 | 000,136,524 | ---- | M] () -- C:\Documents and Settings\****\Desktop\Geoffrey_Fahne.aep
[2010.06.29 09:30:37 | 000,080,236 | ---- | M] () -- C:\Documents and Settings\****\Desktop\Geoffrey.jpg
[2010.06.22 00:48:21 | 000,040,645 | ---- | M] () -- C:\Documents and Settings\****\Desktop\****062010.pdf
[2010.06.17 16:11:30 | 000,056,681 | ---- | M] () -- C:\Documents and Settings\****\Desktop\****thage.pdf
[2010.06.17 16:09:34 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\****\Desktop\****Angebot.doc
[2010.06.17 11:12:51 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010.06.15 15:29:49 | 000,278,231 | ---- | M] () -- C:\Documents and Settings\****\Desktop\ARF_telserkd.sql
[2010.06.15 02:05:10 | 011,683,654 | ---- | M] () -- C:\Documents and Settings\****\My Documents\ColdSteel.pdf
[2010.06.14 15:18:37 | 175,413,889 | ---- | M] () -- C:\Documents and Settings\****\My Documents\FootballAll.mov
[2010.06.14 00:51:00 | 001,658,438 | ---- | M] () -- C:\Documents and Settings\****\Desktop\RW_ConQuest_V5.pdf
[2010.06.12 07:14:17 | 007,955,708 | -H-- | M] () -- C:\Documents and Settings\****\Local Settings\Application Data\IconCache.db
[2010.06.09 01:09:34 | 000,769,114 | ---- | M] () -- C:\Documents and Settings\****\Desktop\demo_loop_fahrstuhltechno.mp3
[2010.06.08 03:41:28 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\Any Video Converter.lnk
[2010.06.05 13:59:19 | 000,071,537 | ---- | M] () -- C:\Documents and Settings\****\My Documents\Strecklade_01.RsScn
[2010.06.05 03:43:37 | 000,001,634 | ---- | M] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\trueSpace7.61 Beta 8.lnk
[2010.06.05 02:48:20 | 000,001,751 | ---- | M] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\Blender.lnk
[2010.06.04 23:48:28 | 000,936,078 | ---- | M] () -- C:\Documents and Settings\****\Desktop\IMAG0184.JPG
[2010.06.01 06:59:05 | 003,294,650 | ---- | M] () -- C:\Documents and Settings\****\Desktop\turrican.mp3
[2010.05.31 01:47:44 | 000,013,155 | ---- | M] () -- C:\Documents and Settings\****\Desktop\Bauchbinde_01.png
[2010.05.29 03:12:12 | 000,027,126 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[2010.05.28 20:05:23 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010.05.28 20:05:23 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2010.05.28 20:05:23 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2010.05.28 20:04:26 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DIIUnin.exe
[2010.05.28 20:04:26 | 000,002,829 | ---- | M] () -- C:\WINDOWS\DIIUnin.pif
[2010.05.27 14:35:49 | 000,000,224 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010.05.27 14:34:57 | 000,488,244 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.05.27 14:34:57 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.05.27 14:34:57 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.05.24 14:26:03 | 000,308,772 | ---- | M] () -- C:\Documents and Settings\****\Desktop\ZSL_Edirol_Performance.ope
[2010.05.19 16:28:41 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam 2.4.lnk
[2010.05.15 10:40:21 | 000,308,772 | ---- | M] () -- C:\Documents and Settings\****\Desktop\Danglar_Trailer_Edirol_Performance.ope
[2010.05.11 04:50:16 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\X-Chat 2.lnk
[2010.05.10 13:53:38 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\****\Desktop\Kandeko - FAQ Quicktext.doc
[2010.05.02 17:33:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\InfraRecorder.lnk
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010.04.19 23:23:37 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\HijackThis.lnk
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.18 18:16:23 | 003,737,904 | R--- | C] () -- C:\Documents and Settings\****\Desktop\Combo-Fix.exe
[2010.07.18 17:02:59 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\Lynx Browser.lnk
[2010.07.18 15:35:19 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010.07.18 15:35:16 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010.07.18 15:33:23 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.07.18 15:33:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.07.18 15:33:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.07.18 15:33:23 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.07.18 15:33:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.07.18 04:30:37 | 000,037,680 | ---- | C] () -- C:\Documents and Settings\****\Desktop\wundenmann.jpg
[2010.07.17 22:38:38 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\****\defogger_reenable
[2010.07.17 22:37:38 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\****\Desktop\Defogger.exe
[2010.07.17 15:15:14 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\****\Desktop\xtj2z9vg.exe
[2010.07.17 15:02:12 | 000,088,606 | ---- | C] () -- C:\Documents and Settings\****\My Documents\cc_20100717_150208.reg
[2010.07.17 14:58:43 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\****\Desktop\CCleaner.lnk
[2010.07.17 13:08:17 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\-1
[2010.07.17 13:07:51 | 000,001,501 | ---- | C] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2010.07.17 09:11:31 | 100,667,044 | ---- | C] () -- C:\Documents and Settings\****\Desktop\chaosradio_express_159_nachrichtendienste.mp3
[2010.07.17 01:37:08 | 000,000,939 | ---- | C] () -- C:\Documents and Settings\****\Desktop\Spybot - Search & Destroy.lnk
[2010.07.17 01:30:38 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.13 09:14:16 | 006,178,944 | ---- | C] () -- C:\Documents and Settings\****\Desktop\Delta Blues- Drunk Hearted Man ('Personally Groovy' take ).mp3
[2010.07.11 17:01:39 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\00001119.LCS
[2010.07.11 17:01:30 | 118,095,214 | ---- | C] () -- C:\Documents and Settings\****\Desktop\chaosradio_express_158_liquidfeedback.mp3
[2010.07.11 01:36:53 | 000,021,558 | ---- | C] () -- C:\Documents and Settings\****\My Documents\019._2wav.wav
[2010.07.11 01:32:45 | 000,021,558 | ---- | C] () -- C:\Documents and Settings\****\My Documents\019.wav
[2010.07.10 23:15:49 | 000,000,551 | ---- | C] () -- C:\Documents and Settings\****\Desktop\Drakensang.lnk
[2010.07.09 02:56:24 | 002,806,805 | ---- | C] () -- C:\Documents and Settings\****\Desktop\09 - Fantasy IV - Final Fantasy - Bombing Mission.mp3
[2010.07.08 02:59:06 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Supreme Commander.lnk
[2010.07.01 16:58:56 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\****\Desktop\Miet-Anzeigen.doc
[2010.06.30 01:55:23 | 000,071,052 | ---- | C] () -- C:\Documents and Settings\****\Desktop\breeda_110g_e.mp3
[2010.06.30 01:55:15 | 000,084,844 | ---- | C] () -- C:\Documents and Settings\****\Desktop\shunta_92c_fsharp.mp3
[2010.06.30 01:55:08 | 000,070,634 | ---- | C] () -- C:\Documents and Settings\****\Desktop\breeda_110i_asharp.mp3
[2010.06.30 01:55:02 | 000,066,872 | ---- | C] () -- C:\Documents and Settings\****\Desktop\masha_117e_a.mp3
[2010.06.30 01:54:26 | 000,071,052 | ---- | C] () -- C:\Documents and Settings\****\Desktop\breeda_110e_c.mp3
[2010.06.30 01:54:21 | 000,106,578 | ---- | C] () -- C:\Documents and Settings\****\Desktop\clankmonsta_146b_fsharp.mp3
[2010.06.30 01:54:12 | 000,084,844 | ---- | C] () -- C:\Documents and Settings\****\Desktop\shunta_92i_b.mp3
[2010.06.30 01:54:05 | 000,084,426 | ---- | C] () -- C:\Documents and Settings\****\Desktop\shunta_92a_e.mp3
[2010.06.29 10:23:12 | 000,006,498 | ---- | C] () -- C:\Documents and Settings\****\Desktop\Ablauf Conquest.pdf
[2010.06.29 09:17:34 | 000,136,524 | ---- | C] () -- C:\Documents and Settings\****\Desktop\Geoffrey_Fahne.aep
[2010.06.29 08:49:01 | 000,080,236 | ---- | C] () -- C:\Documents and Settings\****\Desktop\Geoffrey.jpg
[2010.06.22 00:48:21 | 000,040,645 | ---- | C] () -- C:\Documents and Settings\****\Desktop\****062010.pdf
[2010.06.17 16:10:06 | 000,056,681 | ---- | C] () -- C:\Documents and Settings\****\Desktop\****thage.pdf
[2010.06.17 01:04:54 | 000,119,152 | ---- | C] () -- C:\WINDOWS\System32\redmon.hlp
[2010.06.17 01:04:54 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010.06.17 01:04:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2010.06.15 15:29:49 | 000,278,231 | ---- | C] () -- C:\Documents and Settings\****\Desktop\ARF_telserkd.sql
[2010.06.15 14:39:51 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\****\Desktop\****.doc
[2010.06.15 02:02:13 | 011,683,654 | ---- | C] () -- C:\Documents and Settings\****\My Documents\ColdSteel.pdf
[2010.06.14 14:33:30 | 175,413,889 | ---- | C] () -- C:\Documents and Settings\****\My Documents\FootballAll.mov
[2010.06.14 00:51:00 | 001,658,438 | ---- | C] () -- C:\Documents and Settings\****\Desktop\RW_ConQuest_V5.pdf
[2010.06.09 01:09:20 | 000,769,114 | ---- | C] () -- C:\Documents and Settings\****\Desktop\demo_loop_fahrstuhltechno.mp3
[2010.06.08 03:41:28 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\Any Video Converter.lnk
[2010.06.05 13:32:01 | 000,071,537 | ---- | C] () -- C:\Documents and Settings\****\My Documents\Strecklade_01.RsScn
[2010.06.05 03:43:37 | 000,001,634 | ---- | C] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\trueSpace7.61 Beta 8.lnk
[2010.06.05 03:43:14 | 000,000,819 | ---- | C] () -- C:\WINDOWS\System32\regpackages.bat
[2010.06.05 02:48:20 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\Blender.lnk
[2010.06.05 02:15:55 | 000,000,246 | ---- | C] () -- C:\WINDOWS\Caligari.ini
[2010.06.04 23:48:28 | 000,936,078 | ---- | C] () -- C:\Documents and Settings\****\Desktop\IMAG0184.JPG
[2010.06.01 06:53:26 | 003,294,650 | ---- | C] () -- C:\Documents and Settings\****\Desktop\turrican.mp3
[2010.05.31 01:38:40 | 000,013,155 | ---- | C] () -- C:\Documents and Settings\****\Desktop\Bauchbinde_01.png
[2010.05.28 20:05:23 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010.05.28 20:05:23 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010.05.28 20:05:23 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010.05.28 20:04:27 | 000,027,126 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2010.05.28 20:04:26 | 000,002,829 | ---- | C] () -- C:\WINDOWS\DIIUnin.pif
[2010.05.27 14:35:49 | 000,000,224 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010.05.22 01:43:11 | 000,308,772 | ---- | C] () -- C:\Documents and Settings\****\Desktop\ZSL_Edirol_Performance.ope
[2010.05.19 16:28:41 | 000,001,592 | ---- | C] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam 2.4.lnk
[2010.05.11 04:50:16 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\X-Chat 2.lnk
[2010.05.07 14:06:55 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\****\Desktop\Kandeko - FAQ Quicktext.doc
[2010.05.02 17:33:39 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\InfraRecorder.lnk
[2010.04.19 23:23:37 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\****\Application Data\Microsoft\Internet Explorer\Quick Launch\HijackThis.lnk
[2010.02.06 00:38:12 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010.02.06 00:38:12 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\5AFCDF6B76.sys
[2010.02.05 23:37:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010.02.05 22:38:08 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.02.05 21:35:43 | 000,031,890 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010.02.05 21:35:11 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010.02.05 21:34:51 | 000,031,577 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010.02.05 21:34:51 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008.05.03 00:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008.02.01 01:55:20 | 000,000,109 | ---- | C] () -- C:\WINDOWS\System32\OSENXPSUITE2005.INI
[2007.04.17 16:34:40 | 000,135,716 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2006.12.04 17:13:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2004.08.04 06:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
 
========== LOP Check ==========
 
[2010.02.09 00:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2010.02.05 22:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010.06.17 01:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreePDF
[2010.02.18 21:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010.02.06 00:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010.02.05 22:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrueCrypt
[2010.06.07 16:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\AnvSoft
[2010.02.09 00:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Ashampoo
[2010.02.22 03:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Braid
[2010.03.10 04:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Builder
[2010.02.07 02:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\DAEMON Tools Lite
[2010.07.17 01:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Dropbox
[2010.05.30 08:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\DVDVideoSoftIEHelpers
[2010.07.18 16:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\EditPlus 3
[2010.07.18 05:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\FileZilla
[2010.05.02 17:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\InfraRecorder
[2010.04.21 19:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\LucasArts
[2010.05.19 16:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\ManyCam
[2010.04.11 06:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Natural Selection 2
[2010.05.23 18:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Opera
[2010.07.11 17:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\ProtectDisc
[2010.02.06 00:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Publish Providers
[2010.05.05 20:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\quassel-irc.org
[2010.03.25 06:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Red Alert 3
[2010.02.25 15:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Sony
[2010.02.06 00:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Sony Setup
[2010.06.30 01:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Steinberg
[2010.02.05 22:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Thunderbird
[2010.02.06 00:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\TrueCrypt
[2010.07.18 13:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\uTorrent
[2010.07.17 13:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Wireshark
[2010.05.09 16:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\X-Chat 2
[2010.03.03 00:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\****\Application Data\Zen of Sudoku
 
========== Purity Check ==========
 
 
< End of report >
         

--- --- ---