Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Virus bildet sich immer wieder neu! Was tun?

Virus bildet sich immer wieder neu! Was tun?


Log-Analyse und Auswertung: Virus bildet sich immer wieder neu! Was tun?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 07.11.2010, 21:45   #1
nosta
 
Virus bildet sich immer wieder neu! Was tun? - Standard

Virus bildet sich immer wieder neu! Was tun?


Also ich hab mir irgendwie nen Virus eingefangen.... Keine Ahnung wie! Aber auf jedenfall bildet sich der Virus immer wieder neu -.-

Ich finde zwar die Regedit Einträge, aber wenn ich diese lösche werden sie neu gebildet

Regedit-Eintrag:
HKEY_USERS\S-1-5-21-3330008136-3819608134-1290296467-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies

Beim Policies steht der Pfad den ich hier unten angegeben habe
I
V
Der Virus ist in C:\Microsoft(Der Ordner ist Versteckt)\WindowsUpdate.exe\



Naja ich hier der HiJack-Log:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:21, on 07.11.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Prey\platform\windows\cron.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\SysWOW64\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\S.A.D\CyberGhost VPN\CyberGhost.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\AcE\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15183&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) -  - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: The IP address should
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [Prey Laptop Tracker] C:\Prey\platform\windows\cron.exe --log
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Microsoft\WindowsUpdate.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Microsoft\WindowsUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: d:\vsocklib.dll
O10 - Unknown file in Winsock LSP: d:\vsocklib.dll
O13 - Gopher Prefix: 
O15 - Trusted IP range: hxxp://192.168.178.1
O15 - ESC Trusted IP range: hxxp://192.168.178.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\SysWow64\DreamScene.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files (x86)\Common Files\AVM\de_serv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Realtek87B - Realtek - C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe
O23 - Service: RealtekUSB - Realtek - C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files (x86)\WinPcap\rpcapd.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: S3D Service (Win32) - Unknown owner - C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe (file missing)
O23 - Service: S3D Service (Win64) - Unknown owner - C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - D:\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15287 bytes
Ich hoffe ihr könnt helfen

P.S:
h**p://www.virustotal.com/file-scan/report.html?id=2f6cef2b39c9f786230c08bda357b39fb686ba29c5e313140d8861a88c794cc6-1289162272

Alt 07.11.2010, 22:49   #2
Chris4You
 
Virus bildet sich immer wieder neu! Was tun? - Standard

Virus bildet sich immer wieder neu! Was tun?


Hi,

da ist er und wir schauen mal ob MAM das schafft:
Zitat:
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Microsoft\WindowsUpdate.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Microsoft\WindowsUpdate.exe

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

chris
__________________

__________________
Alt 08.11.2010, 17:10   #3
nosta
 
Virus bildet sich immer wieder neu! Was tun? - Standard

Virus bildet sich immer wieder neu! Was tun?


Her der Log von MOM:

Code:
ATTFilter
OTL logfile created on: 08.11.2010 17:00:36 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\AcE\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 27,55 Gb Free Space | 11,83% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 213,17 Gb Free Space | 91,69% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: AcE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\AcE\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Programme\S.A.D\CyberGhost VPN\CyberGhost.exe (mobile concepts GmbH)
PRC - C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Prey\platform\windows\cron.exe ()
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - D:\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Programme\S.A.D\CyberGhost VPN\OpenVPN\openvpn.exe ()
PRC - C:\Program Files (x86)\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\TOSHIBA\TOSHIBA Recovery Media Creator\TRMCLcher.exe (TOSHIBA Europe GmbH)
PRC - C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtWlan.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe (Realtek)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\AcE\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (VMware NAT Service) -- C:\Windows\SysNative\vmnat.exe File not found
SRV:64bit: - (VMnetDHCP) -- C:\Windows\SysNative\vmnetdhcp.exe File not found
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV:64bit: - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\SysNative\TUProgSt.exe (TuneUp Software)
SRV:64bit: - (TuneUp.Defrag) -- C:\Windows\SysNative\TuneUpDefragService.exe (TuneUp Software)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TlntSvr) -- C:\Windows\SysNative\tlntsvr.exe (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (CGVPNCliSrvc) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- D:\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (ufad-ws60) -- D:\vmware-ufad.exe (VMware, Inc.)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (RealtekUSB) -- C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (Realtek87B) -- C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (de_serv) -- C:\Program Files (x86)\Common Files\AVM\de_serv.exe (AVM Berlin)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aadev) -- C:\Windows\SysNative\DRIVERS\aadev.sys File not found
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (tdrpman139) Acronis Try&Decide and Restore Points filter (build 139) -- C:\Windows\SysNative\drivers\tdrpm139.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\drivers\tifsfilt.sys (Acronis)
DRV:64bit: - (snapman380) Acronis Snapshots Manager (Build 380) -- C:\Windows\SysNative\drivers\snman380.sys (Acronis)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (RTL8187) -- C:\Windows\SysNative\drivers\RTL8187.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (RTL8187Se) -- C:\Windows\SysNative\drivers\RTL8187Se.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (AF15BDA) -- C:\Windows\SysNative\drivers\AF15BDA.sys (AfaTech                  )
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (RtlProt) -- C:\Windows\SysNative\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (vstor2-ws60) -- D:\vstor2-ws60.sys (VMware, Inc.)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (NPF) -- C:\Windows\SysWOW64\drivers\npf.sys (CACE Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15183&l=dis
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:6.4.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: fireforce@scrt.ch:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {ab1c90b8-303d-3736-a28e-0433853da20b}:2.0.2
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.http: "82.113.61.150"
FF - prefs.js..network.proxy.http_port: 80
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.21 12:51:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.08.07 18:27:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 2\components [2010.08.12 15:50:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.10.09 16:27:26 | 000,000,000 | ---D | M]
 
[2010.05.08 00:36:15 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\mozilla\Extensions
[2010.11.07 19:30:28 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\mozilla\Firefox\Profiles\7q4pv604.default\extensions
[2010.08.30 15:47:55 | 000,000,000 | ---D | M] (Spambog.com) -- C:\Users\AcE\AppData\Roaming\mozilla\Firefox\Profiles\7q4pv604.default\extensions\{ab1c90b8-303d-3736-a28e-0433853da20b}
[2010.06.24 13:30:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\AcE\AppData\Roaming\mozilla\Firefox\Profiles\7q4pv604.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.07.11 18:18:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AcE\AppData\Roaming\mozilla\Firefox\Profiles\7q4pv604.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010.11.03 22:20:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\AcE\AppData\Roaming\mozilla\Firefox\Profiles\7q4pv604.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.07.28 15:11:57 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\AcE\AppData\Roaming\mozilla\Firefox\Profiles\7q4pv604.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.05.09 10:32:24 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\AcE\AppData\Roaming\mozilla\Firefox\Profiles\7q4pv604.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2010.07.17 18:45:26 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\mozilla\Firefox\Profiles\7q4pv604.default\extensions\fireforce@scrt.ch
[2010.11.07 00:07:23 | 000,002,394 | ---- | M] () -- C:\Users\AcE\AppData\Roaming\Mozilla\FireFox\Profiles\7q4pv604.default\searchplugins\askcom.xml
[2010.11.08 16:57:02 | 000,001,056 | ---- | M] () -- C:\Users\AcE\AppData\Roaming\Mozilla\FireFox\Profiles\7q4pv604.default\searchplugins\icqplugin.xml
[2010.05.08 00:26:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.05.12 14:25:57 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
[2010.04.01 17:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 17:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 17:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 17:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 17:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.11.07 20:23:24 | 000,000,900 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 0.0.0.0       scanner.virus.org
O1 - Hosts: 0.0.0.0       www.scanner.virus.org
O1 - Hosts: 0.0.0.0       www.virusscan.jotti.org
O1 - Hosts: The IP address should
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Prey Laptop Tracker] C:\Prey\platform\windows\cron.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\AcE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Microsoft\WindowsUpdate.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Microsoft\WindowsUpdate.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.22.254.22
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL) - C:\Windows\SysWOW64\RtlGina\RtlGina.dll (Realtek)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysWOW64\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4ad44354-6680-11df-9abd-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{4ad44354-6680-11df-9abd-005056c00008}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found
O33 - MountPoints2\{f9137a35-de08-11df-a5fa-cfbf5e52da9c}\Shell - "" = AutoRun
O33 - MountPoints2\{f9137a35-de08-11df-a5fa-cfbf5e52da9c}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.08 16:58:21 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\AcE\Desktop\OTL.exe
[2010.11.07 21:08:39 | 000,000,000 | ---D | C] -- C:\avrescue
[2010.11.07 19:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.11.07 19:59:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.11.07 19:52:55 | 035,385,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2010.11.07 19:52:50 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Users\AcE\Desktop\spybotsd162.exe
[2010.11.07 19:44:38 | 011,701,704 | ---- | C] (Microsoft Corporation) -- C:\Users\AcE\Desktop\windows-kb890830-v3.12.exe
[2010.11.07 19:39:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.11.07 19:06:02 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\AcE\Desktop\HijackThis.exe
[2010.11.05 19:37:18 | 000,000,000 | ---D | C] -- C:\Users\AcE\Desktop\Neuer Ordner
[2010.11.05 19:37:11 | 000,000,000 | ---D | C] -- C:\Users\AcE\Desktop\bo
[2010.11.04 00:02:53 | 000,000,000 | ---D | C] -- C:\Users\AcE\Desktop\[ghbsys.net] GuidTech-Client
[2010.11.03 22:47:21 | 000,000,000 | ---D | C] -- C:\Users\AcE\Desktop\Dinar Bot
[2010.11.03 19:59:02 | 000,000,000 | ---D | C] -- C:\Users\AcE\Desktop\Windows XP 4
[2010.11.02 23:14:55 | 000,000,000 | ---D | C] -- C:\Users\AcE\Desktop\Windows XP 3
[2010.11.02 22:45:22 | 000,000,000 | ---D | C] -- C:\Users\AcE\Desktop\Windows XP 2
[2010.11.02 19:59:31 | 000,000,000 | ---D | C] -- C:\Users\AcE\Desktop\Windows XP 1
[2010.11.02 17:39:37 | 000,000,000 | ---D | C] -- C:\Users\AcE\Desktop\xxxxxx
[2010.11.01 21:48:34 | 000,000,000 | ---D | C] -- C:\Users\AcE\Desktop\Mukke
[2010.11.01 19:49:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoIt3
[2010.10.30 20:34:55 | 000,000,000 | ---D | C] -- C:\Users\AcE\AppData\Roaming\dBpoweramp
[2010.10.30 20:29:02 | 000,000,000 | ---D | C] -- C:\Downloads
[2010.10.30 20:27:14 | 000,467,288 | ---- | C] (Microsoft Corp.) -- C:\Users\AcE\Desktop\WPFToolkit.dll
[2010.10.30 20:27:14 | 000,324,608 | ---- | C] (Microsoft) -- C:\Users\AcE\Desktop\sharkThief.exe
[2010.10.30 20:27:14 | 000,241,664 | ---- | C] (Microsoft) -- C:\Users\AcE\Desktop\sharkThieflib.dll
[2010.10.29 22:44:33 | 000,000,000 | ---D | C] -- C:\Users\AcE\AppData\Roaming\.minecraft
[2010.10.29 22:09:10 | 003,239,424 | ---- | C] (PC) -- C:\Users\AcE\Desktop\Teeworlds Server Creator 3.1.exe
[2010.10.29 22:04:56 | 000,000,000 | ---D | C] -- C:\Users\AcE\AppData\Roaming\Teeworlds
[2010.10.29 22:04:45 | 000,000,000 | ---D | C] -- C:\Users\AcE\Desktop\teeworlds-0.5.2-win32
[2010.10.28 19:40:52 | 000,029,696 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgx64modem.sys
[2010.10.28 19:40:52 | 000,027,136 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgx64diag.sys
[2010.10.28 19:40:52 | 000,016,896 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgx64bus.sys
[2010.10.28 19:40:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2010.10.28 14:56:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veetle
[2010.10.27 19:07:31 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.10.27 19:07:31 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.10.27 19:07:30 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.10.27 19:07:30 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.10.27 19:07:30 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010.10.27 19:07:30 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.10.27 19:07:30 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010.10.27 19:06:58 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010.10.26 22:22:31 | 000,000,000 | ---D | C] -- C:\Users\AcE\Desktop\xxxx
[2010.10.26 19:20:21 | 000,000,000 | ---D | C] -- C:\Users\AcE\AppData\Roaming\Ubisoft
[2010.10.26 18:05:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kroll Ontrack
[2010.10.26 18:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010.10.25 19:10:14 | 000,000,000 | ---D | C] -- C:\Users\AcE\Desktop\alles
[2010.10.23 21:39:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2010.10.23 21:39:30 | 000,000,000 | ---D | C] -- C:\Users\AcE\Documents\EA Games
[2010.10.23 21:09:30 | 000,000,000 | RH-D | C] -- C:\Users\AcE\AppData\Roaming\SecuROM
[2010.10.23 20:59:37 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010.10.23 20:59:37 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010.10.23 20:59:37 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010.10.23 20:59:37 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010.10.23 20:59:37 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010.10.23 20:59:37 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010.10.23 20:59:36 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010.10.23 20:59:36 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010.10.22 18:54:26 | 000,000,000 | ---D | C] -- C:\Users\AcE\AppData\Roaming\DAEMON Tools Lite
[2010.10.22 18:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010.10.21 21:08:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2010.10.21 20:20:40 | 000,000,000 | ---D | C] -- C:\Users\AcE\Documents\Reflector
[2010.10.21 18:02:09 | 000,000,000 | ---D | C] -- C:\Users\AcE\AppData\Local\Red Gate
[2010.10.21 13:24:46 | 000,000,000 | R--D | C] -- C:\Sandbox
[2010.10.21 13:24:09 | 000,000,000 | ---D | C] -- C:\Programme\Sandboxie
[2010.10.21 13:02:49 | 000,000,000 | ---D | C] -- C:\Users\AcE\AppData\Local\Vitalwerks
[2010.10.21 13:02:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\No-IP
[2010.10.21 12:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PFPortChecker
[2010.10.21 12:51:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2010.10.21 11:58:30 | 000,000,000 | ---D | C] -- C:\Users\AcE\AppData\Roaming\Imperium Romanum
[2010.10.21 11:53:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kalypso
[2010.10.20 19:48:53 | 000,000,000 | ---D | C] -- C:\Users\AcE\Documents\Need for Speed World
[2010.10.17 18:04:09 | 000,000,000 | ---D | C] -- C:\gamigo
[2010.10.16 19:58:21 | 000,000,000 | ---D | C] -- C:\Users\AcE\AppData\Roaming\AccurateRip
[2010.10.16 19:58:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Illustrate
[2010.10.15 16:31:12 | 000,000,000 | ---D | C] -- C:\Users\AcE\AppData\Roaming\Need for Speed World
[2010.10.15 14:53:56 | 000,000,000 | ---D | C] -- C:\Users\AcE\AppData\Local\Electronic_Arts_Inc
[2010.10.15 14:52:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010.10.14 12:54:15 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.10.14 12:54:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.10.14 12:54:14 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010.10.14 12:54:12 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010.10.14 12:53:35 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010.10.14 12:53:35 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010.10.14 12:53:34 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010.10.14 12:53:31 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010.10.14 12:53:31 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010.10.14 12:53:29 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010.10.14 12:53:27 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010.10.14 12:53:25 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010.10.14 12:53:25 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010.10.14 12:53:24 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010.10.14 12:53:14 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.10.14 12:53:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.10.14 12:53:13 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.10.14 12:53:13 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.10.14 12:53:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.10.14 12:53:12 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.10.14 12:53:12 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.10.14 12:53:12 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.10.14 12:53:12 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.10.14 12:53:12 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.10.14 12:53:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.10.14 12:53:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.10.14 12:53:12 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.10.14 12:53:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.10.13 15:02:59 | 000,000,000 | ---D | C] -- C:\Users\AcE\AppData\Local\Windows Live
[2010.10.13 15:02:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2010.10.11 19:21:47 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010.10.11 19:21:15 | 000,000,000 | ---D | C] -- C:\Prey
[2010.10.09 21:09:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gamigo
[2010.10.09 20:51:19 | 000,000,000 | ---D | C] -- C:\Users\AcE\.etracer
[2010.10.09 20:50:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Extreme Tux Racer
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.08 17:02:02 | 000,025,832 | ---- | M] () -- C:\Users\AcE\AppData\Roaming\logs.dat
[2010.11.08 17:00:12 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.11.08 16:58:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\AcE\Desktop\OTL.exe
[2010.11.08 16:52:24 | 000,002,046 | ---- | M] () -- C:\Users\AcE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2010.11.08 16:45:32 | 000,000,431 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2010.11.08 16:31:51 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3330008136-3819608134-1290296467-1000UA.job
[2010.11.08 16:31:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.07 20:41:11 | 000,295,424 | ---- | M] () -- C:\Users\AcE\Desktop\2niyy5r6.exe
[2010.11.07 20:37:08 | 000,081,584 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.11.07 20:23:24 | 000,000,969 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20101107-202324.backup
[2010.11.07 20:23:24 | 000,000,900 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.11.07 19:59:14 | 000,001,269 | ---- | M] () -- C:\Users\AcE\Desktop\Spybot - Search & Destroy.lnk
[2010.11.07 19:54:43 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Users\AcE\Desktop\spybotsd162.exe
[2010.11.07 19:49:19 | 011,701,704 | ---- | M] (Microsoft Corporation) -- C:\Users\AcE\Desktop\windows-kb890830-v3.12.exe
[2010.11.07 19:28:12 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3330008136-3819608134-1290296467-1000Core.job
[2010.11.07 19:05:57 | 000,318,369 | ---- | M] () -- C:\Users\AcE\Desktop\HiJackThis.zip
[2010.11.07 18:58:45 | 000,017,036 | ---- | M] () -- C:\Users\AcE\Desktop\cc_20101107_185840.reg
[2010.11.07 18:46:29 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.07 18:46:29 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.07 18:38:06 | 3112,562,688 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.07 00:19:00 | 000,007,595 | ---- | M] () -- C:\Users\AcE\AppData\Local\Resmon.ResmonCfg
[2010.11.03 22:44:29 | 000,106,190 | ---- | M] () -- C:\Users\AcE\Desktop\Dinar Bot.rar
[2010.11.02 17:11:43 | 000,000,263 | ---- | M] () -- C:\Users\AcE\Desktop\1226660.flv
[2010.11.02 13:54:55 | 000,000,309 | ---- | M] () -- C:\Users\AcE\SciTE.session
[2010.11.02 13:54:53 | 000,008,987 | ---- | M] () -- C:\Users\AcE\Desktop\warrock-script.au3
[2010.11.01 21:48:39 | 000,002,540 | ---- | M] () -- C:\Users\AcE\Desktop\Requiem Loader.zip
[2010.11.01 20:13:39 | 000,000,726 | ---- | M] () -- C:\Users\AcE\Desktop\WarRock.lnk
[2010.11.01 20:02:58 | 000,276,427 | ---- | M] () -- C:\Users\AcE\Desktop\WarrockEnterBot.exe
[2010.10.30 21:30:48 | 000,001,560 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010.10.29 22:13:42 | 000,004,457 | ---- | M] () -- C:\Users\AcE\Desktop\Andis Teeworld.xml
[2010.10.29 21:55:44 | 003,099,848 | ---- | M] () -- C:\Users\AcE\Desktop\TeamViewer_Setup-wq.exe
[2010.10.29 13:17:22 | 000,000,219 | ---- | M] () -- C:\Users\AcE\Desktop\Counter-Strike Source.url
[2010.10.28 22:52:40 | 000,000,716 | ---- | M] () -- C:\Users\AcE\Documents\Setting.ini
[2010.10.28 22:22:59 | 033,268,079 | ---- | M] () -- C:\Users\AcE\Desktop\eminem_feat_lil_wayne_no_love.flv
[2010.10.26 22:24:59 | 000,000,710 | ---- | M] () -- C:\Users\AcE\Desktop\Xilisoft Video Converter Ultimate.lnk
[2010.10.26 19:20:16 | 000,000,977 | ---- | M] () -- C:\Users\AcE\Desktop\Assassin's Creed.lnk
[2010.10.25 19:18:17 | 000,001,215 | ---- | M] () -- C:\Users\AcE\Desktop\FileZilla™.lnk
[2010.10.25 19:17:32 | 000,001,000 | ---- | M] () -- C:\Users\AcE\Desktop\Steam.lnk
[2010.10.22 18:55:12 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.10.17 19:57:32 | 027,061,875 | ---- | M] () -- C:\Users\AcE\Desktop\laserkraft_nein_nein_nein_flv_16_9.flv
[2010.10.16 19:58:20 | 000,017,772 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2010.10.16 19:58:06 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010.10.16 19:56:48 | 006,814,952 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010.10.14 13:39:01 | 002,902,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.10.13 13:40:05 | 000,000,608 | ---- | M] () -- C:\Users\AcE\Documents\xxx.rtf
[2010.10.11 21:59:24 | 001,488,784 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.10.11 21:59:24 | 000,650,060 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.10.11 21:59:24 | 000,612,778 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.10.11 21:59:24 | 000,128,614 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.10.11 21:59:24 | 000,105,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.07 20:48:58 | 000,025,832 | ---- | C] () -- C:\Users\AcE\AppData\Roaming\logs.dat
[2010.11.07 20:41:10 | 000,295,424 | ---- | C] () -- C:\Users\AcE\Desktop\2niyy5r6.exe
[2010.11.07 19:59:14 | 000,001,269 | ---- | C] () -- C:\Users\AcE\Desktop\Spybot - Search & Destroy.lnk
[2010.11.07 19:05:50 | 000,318,369 | ---- | C] () -- C:\Users\AcE\Desktop\HiJackThis.zip
[2010.11.07 18:58:42 | 000,017,036 | ---- | C] () -- C:\Users\AcE\Desktop\cc_20101107_185840.reg
[2010.11.02 17:11:43 | 000,000,263 | ---- | C] () -- C:\Users\AcE\Desktop\1226660.flv
[2010.11.02 13:54:53 | 000,008,987 | ---- | C] () -- C:\Users\AcE\Desktop\warrock-script.au3
[2010.11.01 21:48:38 | 000,002,540 | ---- | C] () -- C:\Users\AcE\Desktop\Requiem Loader.zip
[2010.11.01 20:13:39 | 000,000,726 | ---- | C] () -- C:\Users\AcE\Desktop\WarRock.lnk
[2010.11.01 20:02:57 | 000,276,427 | ---- | C] () -- C:\Users\AcE\Desktop\WarrockEnterBot.exe
[2010.11.01 20:01:01 | 000,000,309 | ---- | C] () -- C:\Users\AcE\SciTE.session
[2010.10.31 22:19:08 | 840,116,704 | ---- | C] () -- C:\Users\AcE\Desktop\2. Rambo 2 - Der Auftrag.mpg
[2010.10.31 22:17:41 | 685,765,920 | ---- | C] () -- C:\Users\AcE\Desktop\Vollidiot.mpg
[2010.10.29 22:13:42 | 000,004,457 | ---- | C] () -- C:\Users\AcE\Desktop\Andis Teeworld.xml
[2010.10.29 21:55:10 | 003,099,848 | ---- | C] () -- C:\Users\AcE\Desktop\TeamViewer_Setup-wq.exe
[2010.10.29 13:17:22 | 000,000,219 | ---- | C] () -- C:\Users\AcE\Desktop\Counter-Strike Source.url
[2010.10.28 22:17:32 | 033,268,079 | ---- | C] () -- C:\Users\AcE\Desktop\eminem_feat_lil_wayne_no_love.flv
[2010.10.28 14:52:38 | 000,000,016 | ---- | C] () -- C:\Users\AcE\schneider.txt
[2010.10.27 19:28:01 | 000,000,716 | ---- | C] () -- C:\Users\AcE\Documents\Setting.ini
[2010.10.26 22:49:25 | 005,695,593 | ---- | C] () -- C:\Users\AcE\Desktop\056 - Jasper Forks - River flows in you.mp3
[2010.10.26 22:49:12 | 006,737,835 | ---- | C] () -- C:\Users\AcE\Desktop\052 - Paul & Fritz Kalkbrenner - Sky And Sand.mp3
[2010.10.26 22:24:59 | 000,000,710 | ---- | C] () -- C:\Users\AcE\Desktop\Xilisoft Video Converter Ultimate.lnk
[2010.10.26 19:20:16 | 000,000,977 | ---- | C] () -- C:\Users\AcE\Desktop\Assassin's Creed.lnk
[2010.10.25 19:18:17 | 000,001,215 | ---- | C] () -- C:\Users\AcE\Desktop\FileZilla™.lnk
[2010.10.25 19:17:32 | 000,001,000 | ---- | C] () -- C:\Users\AcE\Desktop\Steam.lnk
[2010.10.22 18:55:12 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.10.21 13:24:23 | 000,001,560 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010.10.17 19:56:02 | 027,061,875 | ---- | C] () -- C:\Users\AcE\Desktop\laserkraft_nein_nein_nein_flv_16_9.flv
[2010.10.16 19:58:20 | 006,814,952 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010.10.16 19:58:20 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010.10.16 19:58:20 | 000,017,772 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2010.10.13 13:40:05 | 000,000,608 | ---- | C] () -- C:\Users\AcE\Documents\xxx.rtf
[2010.08.07 13:46:55 | 000,185,344 | ---- | C] () -- C:\Windows\SysWow64\PCGW32.DLL
[2010.07.23 13:00:26 | 000,000,106 | ---- | C] () -- C:\Windows\Podcasts.INI
[2010.07.09 20:00:32 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.06.16 18:35:01 | 000,007,595 | ---- | C] () -- C:\Users\AcE\AppData\Local\Resmon.ResmonCfg
[2010.05.08 10:40:44 | 001,508,562 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.03.21 07:57:17 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009.11.25 12:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.10.20 19:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.08.02 23:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.04.28 04:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
 
========== LOP Check ==========
 
[2010.10.29 22:49:07 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\.minecraft
[2010.08.01 23:29:02 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\Acronis
[2010.06.06 17:16:51 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\Apowersoft
[2010.08.26 19:49:37 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\Ashampoo
[2010.07.26 15:57:50 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\Cerberus
[2010.10.22 19:22:26 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\DAEMON Tools Lite
[2010.10.30 20:34:55 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\dBpoweramp
[2010.05.07 23:54:44 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\DonationCoder
[2010.11.07 21:18:12 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\EurekaLog
[2010.05.30 18:25:24 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\FileZilla
[2010.08.06 19:20:26 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\FRITZ!
[2010.07.28 20:06:16 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\ICQ
[2010.10.21 11:58:30 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\Imperium Romanum
[2010.10.15 16:31:12 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\Need for Speed World
[2010.07.02 23:07:22 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\REM
[2010.09.06 22:01:14 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\SecondLife
[2010.11.07 20:09:50 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\Sysutils_Update
[2010.08.03 19:00:59 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\TeamViewer
[2010.10.29 22:13:52 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\Teeworlds
[2010.10.09 16:27:26 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\Thunderbird
[2010.05.08 10:38:38 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\Toshiba
[2010.05.08 23:09:51 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\TubeBox
[2010.08.03 15:00:00 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\TuneUp Software
[2010.10.26 19:20:21 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\Ubisoft
[2010.05.07 12:34:25 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\WildTangent
[2010.10.04 21:26:58 | 000,000,000 | ---D | M] -- C:\Users\AcE\AppData\Roaming\Wireshark
[2010.11.08 17:00:12 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2010.10.13 19:30:37 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:41ADDB8A
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
__________________
Alt 10.11.2010, 09:05   #4
Chris4You
 
Virus bildet sich immer wieder neu! Was tun? - Standard

Virus bildet sich immer wieder neu! Was tun?


Hi,

Deine Javasoftware ist veraltet!
Download Java-Downloads für alle Betriebssysteme
Schliesse alle Programme auch Deinen Webbrowser
Über "Start -> Einstellungen -> Systemsteuerung -> Software
entferne alle älteren Versionen von Java Runtime Environment (JRE of J2SE)
Auch auf C:\Programme\Java entfernen!
Nachdem alles entfernt wurde --->Rechner neu starten
Installiere jetzt vom Desktop aus die neue Version!

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Microsoft\WindowsUpdate.exe ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O33 - MountPoints2\{4ad44354-6680-11df-9abd-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{4ad44354-6680-11df-9abd-005056c00008}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found
O33 - MountPoints2\{f9137a35-de08-11df-a5fa-cfbf5e52da9c}\Shell - "" = AutoRun
O33 - MountPoints2\{f9137a35-de08-11df-a5fa-cfbf5e52da9c}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:41ADDB8A
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:05EE1EEF
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..network.proxy.http: "82.113.61.150"


:Commands
[emptytemp]
[purity]
[EMPTYFLASH]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Cureit:
http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort

Themen zu Virus bildet sich immer wieder neu! Was tun?
adobe, alert, antivir, antivir guard, avg, avira, bho, browser, cdburnerxp, components, cyberghost, desktop, explorer, firefox, hijackthis, hkus\s-1-5-18, internet, internet explorer, logfile, mozilla, notebook, notification, performance, plug-in, programme, realtek, saver, security, senden, software, syswow64, tracker, virus, was tun, win64, windows


« Taskleiste/Symbole verschwinden, Fehler bei Initialisierung/dll | Trojan.ZbotR.Gen in Registrierungswerten »


Ähnliche Themen: Virus bildet sich immer wieder neu! Was tun?


  1. WIN 8: KERNEL_DATA_INPAGE_ERROR...PC hängte sich immer wieder auf/Windows Desktop baute sich nicht auf
    Alles rund um Windows - 15.09.2015 (17)
  2. websearches öffnet sich immer wieder!
    Plagegeister aller Art und deren Bekämpfung - 14.06.2014 (10)
  3. PC hängt sich immer wieder auf
    Alles rund um Windows - 13.06.2014 (8)
  4. Bitcoin-Virus, wincpu.exe, stellt sich bei Neustart immer wieder neu her
    Log-Analyse und Auswertung - 29.05.2014 (5)
  5. Bitcoin Virus, wincpu.exe stellt sich immer wieder her : Benutzer/appdata/local/temp/64
    Plagegeister aller Art und deren Bekämpfung - 07.05.2014 (11)
  6. Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf)
    Plagegeister aller Art und deren Bekämpfung - 07.04.2013 (29)
  7. Combofix händt sich immer wieder auf
    Plagegeister aller Art und deren Bekämpfung - 31.03.2013 (2)
  8. PC hängt sich immer wieder auf
    Alles rund um Windows - 17.03.2013 (0)
  9. Musik Player harkt immer, die Seiten bauen sich langsam auf, immer wieder scheint der PC insgesamt zu harken
    Plagegeister aller Art und deren Bekämpfung - 05.02.2013 (3)
  10. PC hängt sich immer wieder auf?
    Plagegeister aller Art und deren Bekämpfung - 22.05.2011 (17)
  11. Es erstellt sich immer ein Ordner und er kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 14.04.2011 (1)
  12. Virus:Win32/Alureon.H lässt sich nicht löschen, bzw. ist immer wieder da
    Plagegeister aller Art und deren Bekämpfung - 02.08.2010 (12)
  13. Virus der sich immer wieder installiert!
    Antiviren-, Firewall- und andere Schutzprogramme - 28.05.2010 (10)
  14. schlimmer virus, explorer öffnet sich immer wieder...
    Log-Analyse und Auswertung - 31.03.2010 (8)
  15. Trojaner der sich immer wieder neu erstellt
    Plagegeister aller Art und deren Bekämpfung - 28.05.2009 (2)
  16. Media Player öffnet sich selbstständig immer und immer wieder
    Log-Analyse und Auswertung - 30.10.2008 (0)
  17. Virus stellt sich immer wieder her und verdopplet sich!!!
    Mülltonne - 12.09.2008 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Virus bildet sich immer wieder neu! Was tun? - Also ich hab mir irgendwie nen Virus eingefangen.... Keine Ahnung wie! Aber auf jedenfall bildet sich der Virus immer wieder neu -.- Ich finde zwar die Regedit Einträge, aber wenn - Virus bildet sich immer wieder neu! Was tun?...
Archiv
Du betrachtest: Virus bildet sich immer wieder neu! Was tun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131