Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner auf Festplatte?

Trojaner auf Festplatte?


Log-Analyse und Auswertung: Trojaner auf Festplatte?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 21.11.2010, 17:29   #1
ZeRo94
 
Trojaner auf Festplatte? - Icon27

Trojaner auf Festplatte?


Hey Community

ich hab mir heut mittag eine Datei runtergeladen.

Wollt sie öffnen, und es kam nichts denke an ein Keylogger

hab dann direkt SystemWiederherstellung gemacht
und seit dem läuft mein PC sehr langsam und explorer.exe stürzt alle 10 minuten ab

er bootet sehr langsam , am anmeldeschirm angekommen braucht er 30 sekunden um sich anzumelden.

Hier die Logfiles:

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5163

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21.11.2010 16:58:46
mbam-log-2010-11-21 (16-58-46).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 144615
Laufzeit: 14 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 28
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 10
Infizierte Dateien: 21

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\clickpotatoliteax.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c55ca95c-324b-451c-b2d2-6e895aa75fec} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30b15818-e110-4527-9c05-46ace5a3460d} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{618aad04-921f-44c2-be38-c0818af69861} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b5d2ed96-62f9-4c2c-956d-e425b1f67337} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d3a412e8-1e4b-47d2-9b12-f88291f5afbb} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ac6d819e-aa8f-4418-a3bb-d165c1b18bb5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ac6d819e-aa8f-4418-a3bb-d165c1b18bb5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.userprofiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.userprofiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\menubuttonie.buttonie (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{814baa91-dc22-4350-87d6-0c86e93f7f08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419eda30-6dff-432c-b534-e15d899abee4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7a3d6d17-9dd5-4c60-8076-d1784dabaf8c} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\menubuttonie.buttonie.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{11c27351-716b-4052-9361-e3b0a3f8221c} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\clickpotatolite@clickpotatolite.com (Adware.ClickPotato) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Users\Johnny\AppData\Roaming\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSAAX.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSABHO.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Users\Johnny\AppData\Local\Temp\nspAC37.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Users\Johnny\AppData\Local\Temp\nspAC37.tmp\Setup.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Users\Johnny\AppData\Local\Temp\nsqA352.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Users\Johnny\AppData\Local\Temp\nsqA352.tmp\Setup.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSA.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSAHook.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteUninstaller.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\firefox\extensions\chrome.manifest (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
Zitat:
OTL logfile created on: 21.11.2010 17:04:18 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Public\Desktop\MFtools
64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 82,00% Memory free
14,00 Gb Paging File | 13,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 426,21 Gb Total Space | 217,64 Gb Free Space | 51,07% Space Free | Partition Type: NTFS

Computer Name: JOHN | User Name: Johnny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010.11.21 16:38:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
PRC - [2010.11.13 17:56:43 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.10.19 13:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.07.29 12:20:36 | 000,283,968 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Net\DTShellHlp.exe
PRC - [2010.07.06 17:39:04 | 003,039,536 | ---- | M] (HideMyIP) -- C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe


========== Modules (SafeList) ==========

MOD - [2010.11.21 16:38:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
MOD - [2010.09.05 15:50:53 | 000,159,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.dll
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010.03.25 09:25:22 | 004,222,864 | ---- | M] (Microsoft Corporation) -- C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
MOD - [2010.03.25 02:45:24 | 008,945,576 | ---- | M] (Microsoft Corporation) -- C:\PROGRA~2\MICROS~1\Office14\1031\GrooveIntlResource.dll
MOD - [2010.01.30 01:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2009.06.10 22:14:56 | 000,652,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll
MOD - [2009.06.10 22:14:54 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010.09.30 15:58:08 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010.11.21 15:09:42 | 000,311,680 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2010.11.21 13:36:14 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.11.13 17:56:43 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.10.20 11:55:12 | 000,607,040 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.10.19 13:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.09.30 16:03:04 | 001,403,200 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.09.30 15:58:02 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.07.29 12:19:46 | 000,394,560 | ---- | M] (DT Soft Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\DAEMON Tools Net\DTNetSrv.exe -- (DTNetService)
SRV - [2010.07.09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.07.06 17:39:04 | 003,039,536 | ---- | M] (HideMyIP) [On_Demand | Running] -- C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe -- (HideMyIpSRV)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010.06.02 15:58:20 | 000,246,520 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.30 11:16:14 | 001,823,112 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009.06.11 14:59:58 | 000,239,104 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Programme\IDT\v114_ECS_D_6207.2V7_6099.8xp_G2.0V_RC_SDC\WDM\stacsv64.exe -- (STacSV)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010.11.21 15:09:42 | 000,330,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010.11.21 15:09:42 | 000,156,688 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2010.10.20 09:38:30 | 000,169,656 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2010.10.12 09:30:28 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1)
DRV:64bit: - [2010.09.28 21:39:00 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.07.01 13:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.02.03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.11 14:59:58 | 000,485,888 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.16 20:59:30 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.05.15 18:50:26 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2008.12.15 20:41:52 | 000,038,416 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)
DRV - [2010.09.11 14:35:40 | 000,234,048 | ---- | M] (Disc-Soft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\dtcdrom.sys -- (dtcdrom)
DRV - [2010.02.24 13:41:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 08 A7 B4 FF 4C CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.29 13:17:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.10.29 13:17:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\components [2010.10.19 20:12:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010.11.21 14:53:26 | 000,000,000 | ---D | M]

[2010.09.05 14:13:34 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\mozilla\Extensions
[2010.11.21 15:44:43 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\mozilla\Firefox\Profiles\ywafir5v.default\extensions
[2010.11.01 10:14:07 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\Johnny\AppData\Roaming\mozilla\Firefox\Profiles\ywafir5v.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010.09.29 20:41:27 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Johnny\AppData\Roaming\mozilla\Firefox\Profiles\ywafir5v.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.09.29 20:05:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnny\AppData\Roaming\mozilla\Firefox\Profiles\ywafir5v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.10.20 11:58:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Johnny\AppData\Roaming\mozilla\Firefox\Profiles\ywafir5v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.21 14:54:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.11.07 17:56:57 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.20 22:00:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.21 14:54:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2010.08.20 22:00:09 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.19 08:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2010.09.03 13:02:02 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.09.14 22:32:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 22:32:39 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.08.21 01:21:21 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2010.09.14 22:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.14 22:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.14 22:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - Startup: C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\HMIPCore.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\HMIPCore.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\HMIPCore.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\HMIPCore.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysNative\HMIPCore.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\HMIPCore.dll (My Privacy Tools, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8e4772e5-b8ec-11df-8eff-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8e4772e5-b8ec-11df-8eff-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoplay.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: ClickPotatoLiteSA - hkey= - key= - C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSA.exe File not found
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: DAEMON Tools Net Agent - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Net\DTAgent.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: ESL Wire - hkey= - key= - C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH)
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RayV - hkey= - key= - C:\Program Files (x86)\RayV\RayV\RayV.exe (RayV)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010.11.21 16:42:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.11.21 16:41:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010.11.21 16:40:10 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\Malwarebytes
[2010.11.21 16:39:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.11.21 16:39:39 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.11.21 16:39:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.11.21 16:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.21 16:38:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2010.11.21 16:27:27 | 000,000,000 | ---D | C] -- C:\Users\Johnny\Desktop\backups
[2010.11.21 16:18:29 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Johnny\Desktop\HiJackThis204.exe
[2010.11.21 14:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.11.21 14:52:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2010.11.21 14:52:37 | 000,330,768 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010.11.21 14:50:59 | 000,000,000 | ---D | C] -- C:\Users\Johnny\Desktop\Kaspersky.Internet.Security.2010.v9.0.0.459.GERMAN.incl.WORKAROUND-NKD
[2010.11.21 14:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010.11.18 15:07:49 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Local\PunkBuster
[2010.11.18 15:07:41 | 000,000,000 | ---D | C] -- C:\Users\Johnny\Documents\BFBC2
[2010.11.18 15:07:27 | 000,000,000 | RH-D | C] -- C:\Users\Johnny\AppData\Roaming\SecuROM
[2010.11.17 18:37:04 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Local\Lucasarts
[2010.11.17 18:36:01 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[2010.11.17 18:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LucasArts
[2010.11.16 16:35:10 | 000,720,896 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2010.11.16 16:35:01 | 000,000,000 | ---D | C] -- C:\sweeney
[2010.11.16 14:06:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Digidesign
[2010.11.16 14:06:30 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\Antares
[2010.11.16 14:06:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steinberg
[2010.11.16 14:06:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Antares Audio Technologies
[2010.11.14 15:15:11 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Local\Activision
[2010.11.14 15:08:24 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Local\Daniel_Espendiller
[2010.11.14 14:57:15 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Local\LogMeIn Hamachi
[2010.11.14 14:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2010.11.14 14:51:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2010.11.14 01:40:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2010.11.14 01:40:28 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\BitTorrent
[2010.11.13 11:09:13 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Local\Electronic Arts
[2010.11.13 11:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010.11.13 11:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2010.11.13 11:05:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010.11.13 11:05:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010.11.07 20:40:11 | 000,000,000 | ---D | C] -- C:\Users\Johnny\Documents\Downloads
[2010.11.07 20:31:51 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Local\Conduit
[2010.11.07 18:06:19 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\skypePM
[2010.11.07 17:55:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.11.07 17:55:55 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\Skype
[2010.11.07 17:48:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010.11.07 01:39:03 | 000,000,000 | ---D | C] -- C:\Users\Johnny\Documents\GUILD WARS
[2010.11.07 01:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010.11.07 01:38:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GUILD WARS
[2010.11.06 20:21:25 | 000,000,000 | --SD | C] -- C:\Program Files (x86)\HLSW
[2010.11.06 20:21:25 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\HLSW
[2010.11.06 16:06:14 | 000,282,928 | ---- | C] (My Privacy Tools, Inc.) -- C:\Windows\SysWow64\HMIPCore.dll
[2010.11.06 16:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hide My IP
[2010.11.01 01:17:19 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Local\Adobe
[2010.11.01 01:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.11.01 01:17:18 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\Adobe
[2010.10.31 22:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Silkroad
[2010.10.31 19:56:23 | 000,000,000 | ---D | C] -- C:\Users\Johnny\Documents\VirtualDJ
[2010.10.31 19:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2010.10.29 16:41:21 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\Screaming Bee
[2010.10.29 16:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee
[2010.10.29 16:41:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Screaming Bee
[2010.10.26 17:35:07 | 000,000,000 | ---D | C] -- C:\QuickAuctions
[2010.10.26 15:45:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010.10.26 15:45:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010.10.26 14:49:44 | 000,000,000 | ---D | C] -- C:\Users\Johnny\Documents\FIFA 11
[2010.10.26 14:47:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Sports
[2010.10.24 12:57:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CSE Demoplayer
[2010.10.24 11:47:50 | 000,000,000 | ---D | C] -- C:\Users\Johnny\Documents\Harry Potter
[2010.10.24 11:44:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2010.10.24 10:21:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2010.10.23 10:16:20 | 000,000,000 | ---D | C] -- C:\Users\Johnny\Documents\logs
[2010.10.22 22:18:11 | 000,000,000 | ---D | C] -- C:\Users\Johnny\AppData\Roaming\RayV
[2010.10.22 22:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RayV

========== Files - Modified Within 30 Days ==========

[2010.11.21 17:00:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.21 16:59:55 | 1542,905,855 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.21 16:41:53 | 000,001,104 | ---- | M] () -- C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010.11.21 16:41:44 | 000,000,924 | ---- | M] () -- C:\Users\Johnny\Desktop\NTREGOPT.lnk
[2010.11.21 16:41:44 | 000,000,905 | ---- | M] () -- C:\Users\Johnny\Desktop\ERUNT.lnk
[2010.11.21 16:39:45 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.21 16:35:45 | 000,471,560 | ---- | M] () -- C:\Users\Johnny\Desktop\Load.exe
[2010.11.21 16:18:38 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Johnny\Desktop\HiJackThis204.exe
[2010.11.21 15:09:42 | 000,330,768 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010.11.21 15:09:42 | 000,156,688 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kl1.sys
[2010.11.21 15:09:40 | 000,153,353 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010.11.21 15:09:40 | 000,106,761 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010.11.21 14:57:59 | 000,604,140 | -HS- | M] () -- C:\Windows\SysNative\drivers\ISwift3.dat
[2010.11.21 14:25:26 | 000,007,620 | ---- | M] () -- C:\Users\Johnny\AppData\Local\Resmon.ResmonCfg
[2010.11.21 13:22:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010.11.20 20:32:07 | 000,014,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.20 20:32:07 | 000,014,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.18 16:54:06 | 000,000,627 | ---- | M] () -- C:\Users\Johnny\Desktop\World of Warcraft.lnk
[2010.11.18 15:26:16 | 000,234,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.11.18 15:26:16 | 000,234,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.11.18 14:02:07 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.11.18 14:02:07 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.11.18 14:02:07 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.11.18 14:02:07 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.11.18 14:02:07 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.11.17 18:36:01 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[2010.11.16 16:34:42 | 000,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2010.11.13 17:56:43 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.11.13 17:56:43 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.11.07 17:55:58 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.11.07 13:30:19 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010.11.06 20:21:29 | 000,000,951 | ---- | M] () -- C:\Users\Johnny\Desktop\HLSW.lnk
[2010.11.02 15:39:51 | 000,001,039 | ---- | M] () -- C:\Users\Johnny\Desktop\Virtual DJ Pro.lnk
[2010.11.02 14:49:29 | 000,417,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.10.31 22:29:41 | 000,001,885 | ---- | M] () -- C:\Users\Johnny\Desktop\Silkroad.lnk
[2010.10.24 11:45:49 | 000,000,525 | ---- | M] () -- C:\Windows\eReg.dat

========== Files Created - No Company Name ==========

[2010.11.21 16:41:53 | 000,001,104 | ---- | C] () -- C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010.11.21 16:41:44 | 000,000,924 | ---- | C] () -- C:\Users\Johnny\Desktop\NTREGOPT.lnk
[2010.11.21 16:41:44 | 000,000,905 | ---- | C] () -- C:\Users\Johnny\Desktop\ERUNT.lnk
[2010.11.21 16:39:45 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.21 16:35:34 | 000,471,560 | ---- | C] () -- C:\Users\Johnny\Desktop\Load.exe
[2010.11.21 14:57:59 | 000,604,140 | -HS- | C] () -- C:\Windows\SysNative\drivers\ISwift3.dat
[2010.11.21 14:54:02 | 000,153,353 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2010.11.21 14:54:02 | 000,106,761 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2010.11.21 14:25:26 | 000,007,620 | ---- | C] () -- C:\Users\Johnny\AppData\Local\Resmon.ResmonCfg
[2010.11.18 15:07:54 | 000,234,280 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.11.13 17:56:52 | 000,234,280 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.11.13 17:56:43 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.11.13 17:56:43 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.11.07 17:55:58 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.11.07 16:05:28 | 000,003,838 | ---- | C] () -- C:\ProgramData\driverinfo.txt
[2010.11.07 13:30:19 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010.11.06 20:21:29 | 000,000,951 | ---- | C] () -- C:\Users\Johnny\Desktop\HLSW.lnk
[2010.11.02 15:39:51 | 000,001,039 | ---- | C] () -- C:\Users\Johnny\Desktop\Virtual DJ Pro.lnk
[2010.10.31 22:29:41 | 000,001,885 | ---- | C] () -- C:\Users\Johnny\Desktop\Silkroad.lnk
[2010.10.24 11:45:49 | 000,000,525 | ---- | C] () -- C:\Windows\eReg.dat
[2010.10.24 10:21:01 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.10.24 10:21:01 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.10.24 10:21:01 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2010.10.17 20:35:45 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.09.11 21:44:18 | 000,000,132 | ---- | C] () -- C:\Users\Johnny\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2010.09.11 21:42:55 | 000,000,132 | ---- | C] () -- C:\Users\Johnny\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010.09.11 21:41:30 | 000,000,132 | ---- | C] () -- C:\Users\Johnny\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll

========== LOP Check ==========

[2010.10.05 20:29:20 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\Acreon
[2010.11.16 14:06:30 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\Antares
[2010.09.29 21:25:38 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\Auslogics
[2010.11.16 18:55:21 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\BitTorrent
[2010.09.29 13:26:17 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\DAEMON Tools Lite
[2010.09.11 14:36:21 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\DAEMON Tools Net
[2010.10.31 21:59:37 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\DVDVideoSoft
[2010.09.29 20:05:42 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.21 13:17:23 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\HLSW
[2010.11.21 16:59:01 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\ICQ
[2010.11.17 17:47:03 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\RayV
[2010.10.29 16:43:07 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\Screaming Bee
[2010.10.29 18:11:42 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\TeamViewer
[2010.11.21 13:17:24 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\TS3Client
[2010.10.20 11:54:59 | 000,000,000 | ---D | M] -- C:\Users\Johnny\AppData\Roaming\TuneUp Software
[2010.11.04 13:38:44 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009.07.14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010.09.05 14:52:27 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010.10.05 19:57:00 | 000,000,004 | ---- | M] () -- C:\cache.dat
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007.11.07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007.11.07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007.11.07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2009.08.02 09:59:51 | 000,171,136 | RHS- | M] () -- C:\grldr
[2010.02.07 14:26:56 | 000,181,408 | ---- | M] () -- C:\grldr.bak
[2010.11.21 16:59:55 | 1542,905,855 | -HS- | M] () -- C:\hiberfil.sys
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007.11.07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007.11.07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007.11.07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007.11.07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007.11.07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007.11.07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007.11.07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007.11.07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010.11.21 16:59:56 | 3488,866,303 | -HS- | M] () -- C:\pagefile.sys
[2007.11.07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007.11.07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007.11.07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2009.07.14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009.06.10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:20 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\expsrv.dll
[2009.07.14 02:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\msvbvm60.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2010.09.12 17:17:39 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=861C4346F9281DC0380DE72C8D55D6BE -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2009.07.14 02:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll


< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old.000\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old.001\Windows\SysWOW64\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old.001\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows.old.000\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows.old.000\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows.old.000\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows.old.000\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows.old.000\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows.old.001\Windows\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows.old.001\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows.old.000\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: WININIT.EXE >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows.old.000\Windows\System32\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows.old.001\Windows\System32\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows.old.001\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows.old.000\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows.old.000\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows.old.001\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows.old.001\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old.001\Windows\System32\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old.001\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows.old.000\Windows\System32\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
Zitat:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:20:23, on 21.11.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ICQ7.2\ICQ.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Johnny\Desktop\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD1.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD1.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVD1.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Free YouTube Download - C:\Users\Johnny\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Johnny\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSABHO.dll
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HideMyIpSRV - HideMyIP - C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\v114_ecs_d_6207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9103 bytes
Zitat:
OTL Extras logfile created on: 21.11.2010 17:04:18 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Public\Desktop\MFtools
64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 82,00% Memory free
14,00 Gb Paging File | 13,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 426,21 Gb Total Space | 217,64 Gb Free Space | 51,07% Space Free | Partition Type: NTFS

Computer Name: JOHN | User Name: Johnny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"ESL Wire_is1" = ESL Wire 1.8.2
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20556CF2-5506-4965-A0C2-A70B66FB01B1}_is1" = Hello Kitty Online POD Installer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{29C042AB-059B-414C-840E-94775E3F24A8}" = Personality Voices
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3F50AF3B-8997-4916-0095-99D63DDB785A}" = Harry Potter TM
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E074808-1B86-4230-A9EB-0904942EC4AE}" = LEGO Star Wars II
"{516D04BB-4A01-4FC2-B595-442A5E3BEF27}" = CSE Demoplayer
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86E0CAC0-6DF8-416D-A195-31FEAD651191}" = MorphVOX Pro
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.07.14
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC158DF7-6B36-4C6F-BC91-109014297994}" = FIFA 11 Demo
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Alt.Binz" = Alt.Binz 0.25.0
"Antares Autotune Evo VST RTAS_is1" = Antares Autotune Evo VST RTAS v6.0.9
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"DAEMON Tools Net" = DAEMON Tools Net
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EADM" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 4.9
"Guild Wars" = GUILD WARS
"HLSW_is1" = HLSW v1.3.3.7b
"HMIP50_is1" = Hide My IP 5.2
"ICQToolbar" = ICQ Toolbar
"InstallShield_{4E074808-1B86-4230-A9EB-0904942EC4AE}" = LEGO Star Wars II
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"Lego_Soccer_Mania__" = Lego Soccer Mania
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Firefox 4.0b6 (x86 de)" = Mozilla Firefox 4.0b6 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PunkBusterSvc" = PunkBuster Services
"RayV" = DTVblizzcon
"Silkroad" = Silkroad
"Steam App 70310" = VVVVVV Demo
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"TeamViewer 5" = TeamViewer 5
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"Urban Terror_is1" = Urban Terror 4.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"Winamp" = Winamp
"WinPcapInst" = WinPcap 4.1.2
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Winamp Detect" = Winamp Erkennungs-Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21.11.2010 08:21:42 | Computer Name = John | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.

Error - 21.11.2010 08:24:07 | Computer Name = John | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.

Error - 21.11.2010 08:50:24 | Computer Name = John | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4cb4a756 Name des fehlerhaften Moduls: client.dll, Version: 0.0.0.0, Zeitstempel:
0x4ce5da77 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0024da92 ID des fehlerhaften Prozesses:
0x3e8 Startzeit der fehlerhaften Anwendung: 0x01cb897963a2d130 Pfad der fehlerhaften
Anwendung: c:\program files (x86)\steam\steamapps\hardstylezerohero94\counter-strike
source\hl2.exe Pfad des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\hardstylezerohero94\counter-strike
source\cstrike\bin\client.dll Berichtskennung: e7d4e5f0-f56d-11df-b52c-00ff01000001

Error - 21.11.2010 08:56:19 | Computer Name = John | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4cb4a756 Name des fehlerhaften Moduls: client.dll, Version: 0.0.0.0, Zeitstempel:
0x4ce5da77 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0024da94 ID des fehlerhaften Prozesses:
0x7c4 Startzeit der fehlerhaften Anwendung: 0x01cb897aaee53740 Pfad der fehlerhaften
Anwendung: c:\program files (x86)\steam\steamapps\hardstylezerohero94\counter-strike
source\hl2.exe Pfad des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\hardstylezerohero94\counter-strike
source\cstrike\bin\client.dll Berichtskennung: bb4eede0-f56e-11df-b52c-00ff01000001

Error - 21.11.2010 09:06:12 | Computer Name = John | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4cb4a756 Name des fehlerhaften Moduls: client.dll, Version: 0.0.0.0, Zeitstempel:
0x4ce5da77 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0024da92 ID des fehlerhaften Prozesses:
0xdf4 Startzeit der fehlerhaften Anwendung: 0x01cb897c9f372b30 Pfad der fehlerhaften
Anwendung: c:\program files (x86)\steam\steamapps\hardstylezerohero94\counter-strike
source\hl2.exe Pfad des fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\hardstylezerohero94\counter-strike
source\cstrike\bin\client.dll Berichtskennung: 1cbdc000-f570-11df-b52c-00ff01000001

Error - 21.11.2010 10:31:45 | Computer Name = John | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.

Error - 21.11.2010 11:06:22 | Computer Name = John | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.

Error - 21.11.2010 11:47:32 | Computer Name = John | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avp.exe, Version: 9.0.0.470, Zeitstempel:
0x4c62d8a5 Name des fehlerhaften Moduls: kjim.kdl, Version: 5.1.6.1, Zeitstempel:
0x4ce69e47 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000100ba ID des fehlerhaften Prozesses:
0x65c Startzeit der fehlerhaften Anwendung: 0x01cb898da701a500 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
Pfad
des fehlerhaften Moduls: C:\ProgramData\Kaspersky Lab\AVP9\Bases\kjim.kdl Berichtskennung:
a68902c0-f586-11df-89a5-00ff01000001

Error - 21.11.2010 12:00:11 | Computer Name = John | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.

Error - 21.11.2010 12:03:42 | Computer Name = John | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.17.3 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ff8 Startzeit:
01cb899569496060 Endzeit: 5 Anwendungspfad: C:\Users\Public\Desktop\MFtools\OTL.exe

Berichts-ID:


[ System Events ]
Error - 21.11.2010 10:18:09 | Computer Name = John | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.

Error - 21.11.2010 10:19:02 | Computer Name = John | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.

Error - 21.11.2010 10:19:55 | Computer Name = John | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.

Error - 21.11.2010 10:20:48 | Computer Name = John | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.

Error - 21.11.2010 10:29:28 | Computer Name = John | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.

Error - 21.11.2010 10:31:24 | Computer Name = John | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?11.?2010 um 15:29:49 unerwartet heruntergefahren.

Error - 21.11.2010 11:03:12 | Computer Name = John | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.

Error - 21.11.2010 11:04:05 | Computer Name = John | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.

Error - 21.11.2010 11:06:12 | Computer Name = John | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?11.?2010 um 16:05:10 unerwartet heruntergefahren.

Error - 21.11.2010 11:56:07 | Computer Name = John | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Kaspersky Internet Security" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
durchgeführt: Neustart des Diensts.


< End of report >

LG

Alt 21.11.2010, 17:33   #2
markusg
/// Malware-holic
 
Trojaner auf Festplatte? - Standard

Trojaner auf Festplatte?


hast du den link zur datei noch?
wenn ja, als private nachicht an mich senden.
wenn du die datei noch hast, in unserem upload channel hochladen
dateiupload:
http://www.trojaner-board.de/54791-a...ner-board.html
__________________

__________________
Alt 21.11.2010, 18:12   #3
markusg
/// Malware-holic
 
Trojaner auf Festplatte? - Standard

Trojaner auf Festplatte?


pc neustart, malwarebytes updaten, komplett scan, funde löschen, log posten.
__________________
__________________
Alt 21.11.2010, 18:27   #4
ZeRo94
 
Trojaner auf Festplatte? - Standard

Trojaner auf Festplatte?


so nun der neue Log

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5163

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21.11.2010 18:26:28
mbam-log-2010-11-21 (18-26-28).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 144351
Laufzeit: 4 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 21.11.2010, 19:15   #5
markusg
/// Malware-holic
 
Trojaner auf Festplatte? - Standard

Trojaner auf Festplatte?


ich schrieb vollständig, also komplett scan :-)

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.11.2010, 22:01   #6
ZeRo94
 
Trojaner auf Festplatte? - Standard

Trojaner auf Festplatte?


dauert ^^

bereits 2 stunden am laufen und 2 dateien gefunden

hoffe es hilft

Alt 21.11.2010, 22:42   #7
ZeRo94
 
Trojaner auf Festplatte? - Standard

Trojaner auf Festplatte?


nach 3 stunden vorerst abgebrochen

4 Funde

jeweils 3 scriptreport.dll daten

werde morgen neustaretn und durchlaufenlassen

Alt 22.11.2010, 11:19   #8
markusg
/// Malware-holic
 
Trojaner auf Festplatte? - Standard

Trojaner auf Festplatte?


und das log? ich benötige die funde alle sammt :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.11.2010, 15:19   #9
ZeRo94
 
Trojaner auf Festplatte? - Standard

Trojaner auf Festplatte?


Zitat:
Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 5163

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

22.11.2010 10:44:42
mbam-log-2010-11-22 (10-44-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 504404
Laufzeit: 3 Stunde(n), 18 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
anscheinend keine bedrohung mehr da hab nun die vollständige durchsuchung drei mla laufen lassen und virenscan drei mal nichts mehr gefunden

Alt 22.11.2010, 15:21   #10
markusg
/// Malware-holic
 
Trojaner auf Festplatte? - Standard

Trojaner auf Festplatte?


upgrade kaspersky auf die 2011 verion, ist kostenlos, dann nen komplett scan machen log posten.
vorher, vor dem scan, updaten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Trojaner auf Festplatte?
64-bit, adblock, adware.clickpotato, adware.hotbar, adware.seekmo, adware.softomate, avp.exe, c:\windows\system32\rundll32.exe, conduit, converter, desktop, document, error, fehler, festplatte, firefox, flash player, helper, hijack, hijackthis, ieframe.dll, iexplore.exe, jusched.exe, kaspersky, langsam, location, media center, microsoft office word, mozilla, mp3, object, oldtimer, otl logfile, plug-in, programdata, registry, rundll, saver, searchplugins, security, sehr langsam, sekunden, senden, setup.dll, shell32.dll, shortcut, skype.exe, software, sptd.sys, start menu, studio, super, syswow64, tastatur, teamspeak, trojaner, webcheck


« Sonderbare Verbindungsaufbauversuche obwohl PC malware-frei | Google Ergebnisse werden umgeleitet »


Ähnliche Themen: Trojaner auf Festplatte?


  1. Wie überprüft man die externe (Sicherungs)Festplatte auf Trojaner / Viren, wenn zuvor der PC einen Trojaner hatte?
    Plagegeister aller Art und deren Bekämpfung - 28.02.2015 (9)
  2. SOS! Trojaner in der Festplatte
    Plagegeister aller Art und deren Bekämpfung - 29.03.2012 (1)
  3. Bundespolizei Trojaner und externe Festplatte
    Plagegeister aller Art und deren Bekämpfung - 05.12.2011 (7)
  4. Trojaner/ Viren auf Festplatte?
    Log-Analyse und Auswertung - 01.11.2011 (3)
  5. Trojaner auf der Festplatte?
    Log-Analyse und Auswertung - 30.10.2011 (12)
  6. Trojaner, Festplatte beschädigt
    Plagegeister aller Art und deren Bekämpfung - 03.06.2011 (57)
  7. trojaner ''festplatte beschädigt - durch problem mit IDE/ SATA festplatte''
    Plagegeister aller Art und deren Bekämpfung - 18.05.2011 (3)
  8. Virus autorun.inf auf Festplatte, externer Festplatte und USB
    Plagegeister aller Art und deren Bekämpfung - 15.02.2011 (20)
  9. Trojaner noch auf der Festplatte?
    Log-Analyse und Auswertung - 25.03.2010 (1)
  10. Trojaner auf der Festplatte
    Plagegeister aller Art und deren Bekämpfung - 12.01.2010 (1)
  11. Trojaner auf der Festplatte?
    Plagegeister aller Art und deren Bekämpfung - 28.07.2009 (6)
  12. Trojaner auf der externen Festplatte
    Plagegeister aller Art und deren Bekämpfung - 24.06.2009 (1)
  13. Trojaner auf festplatte
    Plagegeister aller Art und deren Bekämpfung - 27.11.2008 (1)
  14. Trojaner auf Festplatte ?
    Mülltonne - 24.08.2008 (0)
  15. Trojaner auf externer Festplatte
    Mülltonne - 03.07.2008 (0)
  16. Trojaner plättet Festplatte ?
    Plagegeister aller Art und deren Bekämpfung - 12.12.2004 (3)
  17. [B]Festplatte über Trojaner Festplatte gekapert? Gibt´s denn sowas?[/B]
    Plagegeister aller Art und deren Bekämpfung - 27.09.2004 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner auf Festplatte? - Hey Community ich hab mir heut mittag eine Datei runtergeladen. Wollt sie öffnen, und es kam nichts denke an ein Keylogger hab dann direkt SystemWiederherstellung gemacht und seit dem läuft - Trojaner auf Festplatte?...
Archiv
Du betrachtest: Trojaner auf Festplatte? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131