TR/Dropper.Gen von Avira AntiVir und Trojan.Agent.CK sowie Trojan.Orsam von Malwarebytes erkannt

boomi · 02.12.2010, 17:07

Hallo! Ich möchte mich möglichst kurz und an die 7 goldenen Regeln halten daher gleich zur Sache.

Zunächst habe ich durch Avira AnitVIR TR/Dropper.Gen gefunden und zwar in C:\Users\Boomi\AppData\Local\Temp\ubiB5D8.tmp.exe

Hier der Report:

Code:

ATTFilter

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Mittwoch, 1. Dezember 2010  23:15

Es wird nach 3106646 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - FREE Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 x64
Windowsversion : (plain)  [6.1.7600]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : BOOMI-PC

Versionsinformationen:
BUILD.DAT      : 10.0.0.596     31825 Bytes  16.11.2010 15:52:00
AVSCAN.EXE     : 10.0.3.1      434344 Bytes  04.11.2010 17:32:49
AVSCAN.DLL     : 10.0.3.0       56168 Bytes  30.03.2010 10:42:16
LUKE.DLL       : 10.0.2.3      104296 Bytes  07.03.2010 17:32:59
LUKERES.DLL    : 10.0.0.0       13672 Bytes  14.01.2010 10:59:47
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 08:05:36
VBASE001.VDF   : 7.10.1.0     1372672 Bytes  19.11.2009 18:27:49
VBASE002.VDF   : 7.10.3.1     3143680 Bytes  20.01.2010 16:37:42
VBASE003.VDF   : 7.10.3.75     996864 Bytes  26.01.2010 15:37:42
VBASE004.VDF   : 7.10.4.203   1579008 Bytes  05.03.2010 10:29:03
VBASE005.VDF   : 7.10.6.82    2494464 Bytes  15.04.2010 19:44:18
VBASE006.VDF   : 7.10.7.218   2294784 Bytes  02.06.2010 19:44:20
VBASE007.VDF   : 7.10.9.165   4840960 Bytes  23.07.2010 19:44:23
VBASE008.VDF   : 7.10.11.133  3454464 Bytes  13.09.2010 19:44:24
VBASE009.VDF   : 7.10.13.80   2265600 Bytes  02.11.2010 17:32:49
VBASE010.VDF   : 7.10.13.81      2048 Bytes  02.11.2010 17:32:49
VBASE011.VDF   : 7.10.13.82      2048 Bytes  02.11.2010 17:32:49
VBASE012.VDF   : 7.10.13.83      2048 Bytes  02.11.2010 17:32:49
VBASE013.VDF   : 7.10.13.116   147968 Bytes  04.11.2010 17:32:49
VBASE014.VDF   : 7.10.13.147   146944 Bytes  07.11.2010 17:29:12
VBASE015.VDF   : 7.10.13.180   123904 Bytes  09.11.2010 07:47:24
VBASE016.VDF   : 7.10.13.211   122368 Bytes  11.11.2010 07:47:25
VBASE017.VDF   : 7.10.13.243   147456 Bytes  15.11.2010 08:20:23
VBASE018.VDF   : 7.10.14.15    142848 Bytes  17.11.2010 08:20:23
VBASE019.VDF   : 7.10.14.41    134144 Bytes  19.11.2010 21:08:21
VBASE020.VDF   : 7.10.14.63    128000 Bytes  22.11.2010 21:08:21
VBASE021.VDF   : 7.10.14.87    143872 Bytes  24.11.2010 15:06:22
VBASE022.VDF   : 7.10.14.116   140800 Bytes  26.11.2010 15:09:20
VBASE023.VDF   : 7.10.14.117     2048 Bytes  26.11.2010 15:09:20
VBASE024.VDF   : 7.10.14.118     2048 Bytes  26.11.2010 15:09:20
VBASE025.VDF   : 7.10.14.119     2048 Bytes  26.11.2010 15:09:20
VBASE026.VDF   : 7.10.14.120     2048 Bytes  26.11.2010 15:09:20
VBASE027.VDF   : 7.10.14.121     2048 Bytes  26.11.2010 15:09:20
VBASE028.VDF   : 7.10.14.122     2048 Bytes  26.11.2010 15:09:20
VBASE029.VDF   : 7.10.14.123     2048 Bytes  26.11.2010 15:09:20
VBASE030.VDF   : 7.10.14.124     2048 Bytes  26.11.2010 15:09:20
VBASE031.VDF   : 7.10.14.143   138240 Bytes  30.11.2010 15:45:49
Engineversion  : 8.2.4.114 
AEVDF.DLL      : 8.1.2.1       106868 Bytes  19.10.2010 19:44:27
AESCRIPT.DLL   : 8.1.3.47     1294716 Bytes  23.11.2010 21:08:24
AESCN.DLL      : 8.1.7.2       127349 Bytes  23.11.2010 21:08:24
AESBX.DLL      : 8.1.3.2       254324 Bytes  23.11.2010 21:08:24
AERDL.DLL      : 8.1.9.2       635252 Bytes  19.10.2010 19:44:27
AEPACK.DLL     : 8.2.3.11      471416 Bytes  19.10.2010 19:44:27
AEOFFICE.DLL   : 8.1.1.10      201084 Bytes  23.11.2010 21:08:24
AEHEUR.DLL     : 8.1.2.46     3088759 Bytes  29.11.2010 15:09:23
AEHELP.DLL     : 8.1.15.0      246135 Bytes  29.11.2010 15:09:21
AEGEN.DLL      : 8.1.4.2       401781 Bytes  23.11.2010 21:08:22
AEEMU.DLL      : 8.1.3.0       393589 Bytes  23.11.2010 21:08:22
AECORE.DLL     : 8.1.18.1      196984 Bytes  23.11.2010 21:08:21
AEBB.DLL       : 8.1.1.0        53618 Bytes  19.10.2010 19:44:25
AVWINLL.DLL    : 10.0.0.0       19304 Bytes  14.01.2010 10:59:10
AVPREF.DLL     : 10.0.0.0       44904 Bytes  14.01.2010 10:59:07
AVREP.DLL      : 10.0.0.8       62209 Bytes  18.02.2010 15:47:40
AVREG.DLL      : 10.0.3.2       53096 Bytes  04.11.2010 17:32:49
AVSCPLR.DLL    : 10.0.3.1       83816 Bytes  04.11.2010 17:32:49
AVARKT.DLL     : 10.0.0.14     227176 Bytes  01.04.2010 11:22:11
AVEVTLOG.DLL   : 10.0.0.8      203112 Bytes  26.01.2010 08:53:25
SQLITE3.DLL    : 3.6.19.0      355688 Bytes  28.01.2010 11:57:53
AVSMTP.DLL     : 10.0.0.17      63848 Bytes  16.03.2010 14:38:54
NETNT.DLL      : 10.0.0.0       11624 Bytes  19.02.2010 13:40:55
RCIMAGE.DLL    : 10.0.0.26    2550120 Bytes  28.01.2010 12:10:08
RCTEXT.DLL     : 10.0.58.0      98152 Bytes  04.11.2010 17:32:49

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: avguard_async_scan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4d2a494a\guard_slideup.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: hoch
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Mittwoch, 1. Dezember 2010  23:15

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTLite.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IELowutil.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ts3client_win32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ICQ.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\Boomi\AppData\Local\Temp\ubiB5D8.tmp.exe'
C:\Users\Boomi\AppData\Local\Temp\ubiB5D8.tmp.exe
    [FUND]      Ist das Trojanische Pferd TR/Dropper.Gen

Beginne mit der Desinfektion:
C:\Users\Boomi\AppData\Local\Temp\ubiB5D8.tmp.exe
    [FUND]      Ist das Trojanische Pferd TR/Dropper.Gen
    [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48006d25.qua' verschoben!


Ende des Suchlaufs: Mittwoch, 1. Dezember 2010  23:16
Benötigte Zeit: 00:00 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
     15 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
     14 Dateien ohne Befall
      1 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise


Die Suchergebnisse werden an den Guard übermittelt.

Malwarebytes lieferte dann folgendes Ergebnis und fand Trojan.Orsam und Trojan.Agent.CK

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5214

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

02.12.2010 15:18:05
mbam-log-2010-12-02 (15-18-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 140707
Laufzeit: 22 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\system volume information\_restore{f6427a28-c709-486a-aee9-85e2a953cd6a}\RP437\A0096264.exe (Trojan.Orsam) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f6427a28-c709-486a-aee9-85e2a953cd6a}\RP437\A0096996.exe (Trojan.Orsam) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f6427a28-c709-486a-aee9-85e2a953cd6a}\RP437\A0097018.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

OTL von Oldtimer lieferte folgendes Ergebnis:

Code:

ATTFilter

OTL logfile created on: 02.12.2010 16:57:30 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Boomi\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 390,63 Gb Total Space | 310,49 Gb Free Space | 79,49% Space Free | Partition Type: NTFS
Drive D: | 390,63 Gb Total Space | 195,49 Gb Free Space | 50,05% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 791,84 Gb Free Space | 42,50% Space Free | Partition Type: NTFS
Drive F: | 150,25 Gb Total Space | 138,15 Gb Free Space | 91,94% Space Free | Partition Type: NTFS
 
Computer Name: BOOMI-PC | User Name: Boomi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Boomi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Boomi\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 7D 78 29 F3 8B CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.tuwien.ac.at/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.5
FF - prefs.js..extensions.enabledItems: NPDyyno@dyyno.com:1.0.0.26
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
FF - HKLM\software\mozilla\Lanikai (64-bit) 3.1.1\extensions\\Components: C:\Program Files (x86)\Lanikai (64-bit)\components [2010.10.19 22:00:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Lanikai (64-bit) 3.1.1\extensions\\Plugins: C:\Program Files (x86)\Lanikai (64-bit)\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.28 16:32:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.11.18 07:57:23 | 000,000,000 | ---D | M]
 
[2010.10.19 23:00:51 | 000,000,000 | ---D | M] -- C:\Users\Boomi\AppData\Roaming\mozilla\Extensions
[2010.10.19 22:00:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boomi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.01 18:05:53 | 000,000,000 | ---D | M] -- C:\Users\Boomi\AppData\Roaming\mozilla\Firefox\Profiles\uqawogln.default\extensions
[2010.10.19 23:06:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Boomi\AppData\Roaming\mozilla\Firefox\Profiles\uqawogln.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.27 11:52:08 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Boomi\AppData\Roaming\mozilla\Firefox\Profiles\uqawogln.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.10.19 23:06:32 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Boomi\AppData\Roaming\mozilla\Firefox\Profiles\uqawogln.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010.11.04 09:02:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Boomi\AppData\Roaming\mozilla\Firefox\Profiles\uqawogln.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.19 23:06:31 | 000,000,000 | ---D | M] -- C:\Users\Boomi\AppData\Roaming\mozilla\Firefox\Profiles\uqawogln.default\extensions\NPDyyno@dyyno.com
[2010.10.19 22:56:08 | 000,000,000 | ---D | M] -- C:\Users\Boomi\AppData\Roaming\mozilla\Firefox\Profiles\zld36wpd.default\extensions
[2010.10.19 22:56:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Boomi\AppData\Roaming\mozilla\Firefox\Profiles\zld36wpd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.19 22:56:08 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Boomi\AppData\Roaming\mozilla\Firefox\Profiles\zld36wpd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.10.19 22:56:08 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Boomi\AppData\Roaming\mozilla\Firefox\Profiles\zld36wpd.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010.10.19 22:56:08 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Boomi\AppData\Roaming\mozilla\Firefox\Profiles\zld36wpd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.19 22:56:08 | 000,000,000 | ---D | M] -- C:\Users\Boomi\AppData\Roaming\mozilla\Firefox\Profiles\zld36wpd.default\extensions\NPDyyno@dyyno.com
[2010.10.19 23:00:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.09.14 22:32:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 22:32:39 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.14 22:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.14 22:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.14 22:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Valve\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 195.34.133.22
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.01.13 03:20:25 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{06518ba3-f041-11df-8664-00221599a3f3}\Shell - "" = AutoRun
O33 - MountPoints2\{06518ba3-f041-11df-8664-00221599a3f3}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.02 15:50:35 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Boomi\Desktop\OTL.exe
[2010.12.02 13:57:02 | 000,000,000 | ---D | C] -- C:\Users\Boomi\AppData\Roaming\Malwarebytes
[2010.12.02 13:56:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.02 13:56:55 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.02 13:56:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.12.02 13:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.02 00:03:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.12.01 23:48:19 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010.12.01 23:48:17 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010.12.01 23:46:57 | 000,000,000 | ---D | C] -- C:\Users\Boomi\AppData\Local\Sunbelt Software
[2010.12.01 23:42:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010.12.01 23:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.12.01 23:42:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010.12.01 23:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2010.11.27 22:20:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2010.11.26 16:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.11.26 16:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.11.26 16:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010.11.15 14:44:45 | 000,000,000 | ---D | C] -- C:\Users\Boomi\AppData\Local\FalloutNV
[2010.11.15 14:38:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2010.11.15 07:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010.11.15 07:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010.11.15 02:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Valve
[2010.11.14 16:53:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010.11.14 16:52:40 | 000,000,000 | ---D | C] -- C:\Users\Boomi\AppData\Roaming\DAEMON Tools Lite
[2010.11.14 16:52:36 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010.11.14 14:58:15 | 000,000,000 | ---D | C] -- C:\Users\Boomi\Documents\My Games
[2010.11.14 10:07:09 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2010.11.14 10:07:09 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2010.11.14 10:07:09 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2010.11.14 10:07:09 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2010.11.14 10:07:09 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2010.11.14 10:07:09 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2010.11.14 10:07:09 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2010.11.14 10:07:09 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2010.11.14 10:07:08 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2010.11.14 10:07:08 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2010.11.14 10:07:08 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2010.11.14 10:07:08 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2010.11.14 10:07:08 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2010.11.14 10:07:08 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2010.11.14 10:07:08 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2010.11.14 10:07:08 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2010.11.14 10:07:07 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010.11.14 10:07:07 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010.11.14 10:07:07 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2010.11.14 10:07:07 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010.11.14 10:07:07 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010.11.14 10:07:07 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2010.11.14 10:07:07 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010.11.14 10:07:07 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2010.11.14 10:07:07 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010.11.14 10:07:07 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010.11.14 10:07:07 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010.11.14 10:07:07 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010.11.14 10:07:06 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2010.11.14 10:07:06 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2010.11.14 10:07:06 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2010.11.14 10:07:06 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2010.11.14 10:07:06 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010.11.14 10:07:06 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010.11.14 10:07:06 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010.11.14 10:07:06 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010.11.14 10:07:06 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2010.11.14 10:07:06 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010.11.14 10:07:05 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2010.11.14 10:07:05 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2010.11.14 10:07:05 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2010.11.14 10:07:05 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2010.11.14 10:07:05 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2010.11.14 10:07:05 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2010.11.14 10:07:05 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2010.11.14 10:07:05 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2010.11.14 10:07:05 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2010.11.14 10:07:05 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2010.11.14 10:07:05 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010.11.14 10:07:05 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010.11.14 10:07:05 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2010.11.14 10:07:05 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2010.11.14 10:07:04 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2010.11.14 10:07:04 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010.11.14 10:07:04 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010.11.14 10:07:04 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010.11.14 10:07:04 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2010.11.14 10:07:04 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2010.11.14 10:07:04 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2010.11.14 10:07:04 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010.11.14 10:07:04 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010.11.14 10:07:04 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2010.11.14 10:07:03 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010.11.14 10:07:03 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010.11.14 10:07:03 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010.11.14 10:07:03 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010.11.14 10:07:03 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010.11.14 10:07:03 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2010.11.14 10:07:03 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010.11.14 10:07:03 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010.11.14 10:07:03 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010.11.14 10:07:03 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2010.11.14 10:07:03 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2010.11.14 10:07:03 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2010.11.14 10:07:03 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010.11.14 10:07:03 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010.11.14 10:07:03 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010.11.14 10:07:03 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2010.11.14 10:07:02 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010.11.14 10:07:02 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2010.11.14 10:07:02 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2010.11.14 10:07:02 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2010.11.14 10:07:02 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2010.11.14 10:07:02 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2010.11.14 10:07:02 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2010.11.14 10:07:02 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2010.11.14 10:07:02 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2010.11.14 10:07:02 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2010.11.14 10:07:02 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2010.11.14 10:07:02 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2010.11.14 10:07:01 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2010.11.14 10:07:01 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2010.11.14 10:07:01 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010.11.14 10:07:01 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2010.11.14 10:07:01 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2010.11.14 10:07:01 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2010.11.14 10:07:01 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2010.11.14 10:07:01 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2010.11.14 10:07:01 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2010.11.14 10:07:01 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2010.11.14 10:07:01 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2010.11.14 10:07:01 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2010.11.14 10:07:00 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2010.11.14 10:07:00 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010.11.14 10:07:00 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2010.11.14 10:07:00 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2010.11.14 10:07:00 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2010.11.14 10:07:00 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2010.11.14 10:07:00 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2010.11.14 10:07:00 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2010.11.14 10:06:59 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2010.11.14 10:06:59 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2010.11.14 10:06:59 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010.11.14 10:06:59 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2010.11.14 10:06:59 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2010.11.14 10:06:59 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2010.11.14 10:06:59 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2010.11.14 10:06:59 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2010.11.14 10:06:58 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2010.11.14 10:06:58 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2010.11.14 10:06:58 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010.11.14 10:06:58 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010.11.14 10:06:58 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010.11.14 10:06:58 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2010.11.14 10:06:58 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2010.11.14 10:06:58 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2010.11.14 10:06:58 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2010.11.14 10:06:58 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010.11.14 10:06:58 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2010.11.14 10:06:58 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2010.11.14 10:06:57 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2010.11.14 10:06:57 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010.11.14 10:06:57 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010.11.14 10:06:57 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2010.11.14 10:06:57 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2010.11.14 10:06:57 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2010.11.14 10:06:57 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2010.11.14 10:06:57 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2010.11.14 10:06:57 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2010.11.14 10:06:57 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2010.11.14 10:06:57 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2010.11.14 10:06:57 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010.11.14 10:06:56 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010.11.14 10:06:56 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2010.11.14 10:06:56 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010.11.14 10:06:56 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2010.11.14 10:06:56 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2010.11.14 10:06:56 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2010.11.14 10:06:56 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2010.11.14 10:06:56 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2010.11.14 10:06:56 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2010.11.14 10:06:56 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2010.11.14 10:06:56 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2010.11.14 10:06:56 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2010.11.14 10:06:56 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2010.11.14 10:06:56 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2010.11.14 10:06:55 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2010.11.14 10:06:55 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2010.11.14 10:06:55 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010.11.14 10:06:55 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010.11.14 10:06:55 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2010.11.14 10:06:55 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2010.11.14 10:06:55 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2010.11.14 10:06:55 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010.11.14 10:06:54 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2010.11.14 10:06:54 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010.11.14 10:06:53 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2010.11.14 10:06:53 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2010.11.14 10:06:53 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010.11.14 10:06:53 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2010.11.14 10:06:53 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2010.11.14 10:06:53 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010.11.14 10:06:53 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2010.11.14 10:06:53 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010.11.14 10:06:52 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2010.11.14 10:06:52 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2010.11.14 10:06:52 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2010.11.14 10:06:52 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2010.11.14 10:06:52 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010.11.14 10:06:52 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2010.11.14 10:06:52 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010.11.14 10:06:52 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2010.11.14 10:05:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010.11.14 09:59:21 | 000,000,000 | ---D | C] -- C:\Users\Boomi\AppData\Local\CrashRpt
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.02 15:50:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Boomi\Desktop\OTL.exe
[2010.12.02 15:27:29 | 000,080,384 | ---- | M] () -- C:\Users\Boomi\Desktop\MBRCheck.exe
[2010.12.02 15:26:30 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.12.02 15:26:30 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.12.02 15:26:30 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.12.02 15:26:30 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.12.02 15:26:30 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.12.02 15:24:39 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.02 15:24:39 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.02 15:19:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.02 15:19:27 | 3220,451,328 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.02 13:56:59 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.02 00:03:49 | 000,002,975 | ---- | M] () -- C:\Users\Boomi\Desktop\HiJackThis.lnk
[2010.12.01 23:48:17 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010.12.01 23:42:04 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.11.30 21:54:02 | 000,001,856 | ---- | M] () -- C:\Users\Boomi\Desktop\Operating Systems Internals and Design Principles (5th Edition) - www.enetlibrary.hostoi.com - Verknüpfung.lnk
[2010.11.30 21:48:24 | 000,001,285 | ---- | M] () -- C:\Users\Boomi\Desktop\Folien 2010 - Verknüpfung.lnk
[2010.11.30 03:09:10 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.11.30 03:07:53 | 019,985,265 | ---- | M] () -- C:\Users\Boomi\Documents\vlc-1.1.5-win32.exe
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.11.27 22:23:20 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010.11.26 16:16:52 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.11.23 22:08:24 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.11.18 07:57:23 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.11.15 14:40:10 | 000,002,272 | ---- | M] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
[2010.11.15 08:04:33 | 000,001,558 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010.11.15 02:40:27 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\Counter-Strike Source.lnk
[2010.11.15 02:29:07 | 000,000,794 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010.11.14 16:53:44 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.11.14 16:53:44 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010.11.14 10:52:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2010.12.02 15:27:28 | 000,080,384 | ---- | C] () -- C:\Users\Boomi\Desktop\MBRCheck.exe
[2010.12.02 13:56:59 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.02 00:06:28 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010.12.02 00:03:49 | 000,002,975 | ---- | C] () -- C:\Users\Boomi\Desktop\HiJackThis.lnk
[2010.12.01 23:42:04 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.11.30 21:54:02 | 000,001,856 | ---- | C] () -- C:\Users\Boomi\Desktop\Operating Systems Internals and Design Principles (5th Edition) - www.enetlibrary.hostoi.com - Verknüpfung.lnk
[2010.11.30 21:48:24 | 000,001,285 | ---- | C] () -- C:\Users\Boomi\Desktop\Folien 2010 - Verknüpfung.lnk
[2010.11.30 03:09:10 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.11.30 03:07:06 | 019,985,265 | ---- | C] () -- C:\Users\Boomi\Documents\vlc-1.1.5-win32.exe
[2010.11.27 22:20:56 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010.11.26 16:16:52 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.11.18 07:57:23 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.11.15 14:40:10 | 000,002,272 | ---- | C] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
[2010.11.15 02:40:27 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\Counter-Strike Source.lnk
[2010.11.15 02:29:07 | 000,000,794 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010.11.14 16:53:44 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.11.14 16:53:44 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010.11.14 10:52:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.10.24 01:50:48 | 000,001,558 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010.10.19 12:52:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
========== LOP Check ==========
 
[2010.10.20 13:22:33 | 000,000,000 | ---D | M] -- C:\Users\Boomi\AppData\Roaming\Ashampoo
[2010.12.02 00:10:47 | 000,000,000 | ---D | M] -- C:\Users\Boomi\AppData\Roaming\Azureus
[2010.11.15 02:34:40 | 000,000,000 | ---D | M] -- C:\Users\Boomi\AppData\Roaming\DAEMON Tools Lite
[2010.12.02 15:20:01 | 000,000,000 | ---D | M] -- C:\Users\Boomi\AppData\Roaming\ICQ
[2010.10.24 18:28:17 | 000,000,000 | ---D | M] -- C:\Users\Boomi\AppData\Roaming\RayV
[2010.10.19 22:00:13 | 000,000,000 | ---D | M] -- C:\Users\Boomi\AppData\Roaming\Thunderbird
[2010.10.19 22:53:35 | 000,000,000 | ---D | M] -- C:\Users\Boomi\AppData\Roaming\TS3Client
[2009.07.14 06:08:49 | 000,021,294 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

und

Code:

ATTFilter

OTL Extras logfile created on: 02.12.2010 16:57:30 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Boomi\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 390,63 Gb Total Space | 310,49 Gb Free Space | 79,49% Space Free | Partition Type: NTFS
Drive D: | 390,63 Gb Total Space | 195,49 Gb Free Space | 50,05% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 791,84 Gb Free Space | 42,50% Space Free | Partition Type: NTFS
Drive F: | 150,25 Gb Total Space | 138,15 Gb Free Space | 91,94% Space Free | Partition Type: NTFS
 
Computer Name: BOOMI-PC | User Name: Boomi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}" = ATI Stream SDK v2 Developer
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8FCBB6DA-069C-8D08-DD99-F0881B9EECC3}" = AMD Drag and Drop Transcoding
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes
"{CACBDC26-D504-49ED-3FEC-0CDDB3700240}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Sandboxie" = Sandboxie 3.50 (64-bit)
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"8461-7759-5462-8226" = Vuze
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Fallout New Vegas_is1" = Fallout New Vegas
"Lanikai (64-bit) (3.1.1)" = Lanikai (64-bit) (3.1.1)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"StarCraft II" = StarCraft II
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.1.5
"World of Warcraft" = World of Warcraft
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 19.11.2010 08:07:26 | Computer Name = Boomi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4cb4a756  Name des fehlerhaften Moduls: GameOverlayRenderer.dll, Version: 0.97.30.46,
 Zeitstempel: 0x4ce1b8a2  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00012923  ID des fehlerhaften
 Prozesses: 0x924  Startzeit der fehlerhaften Anwendung: 0x01cb87df8462dffd  Pfad der
 fehlerhaften Anwendung: c:\program files (x86)\valve\steam\steamapps\boomman\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Valve\Steam\GameOverlayRenderer.dll
Berichtskennung:
 926be1c2-f3d5-11df-94f3-00221599a3f3
 
Error - 27.11.2010 17:27:31 | Computer Name = Boomi-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1832258235-QkxaMDAwMkdEMU4uYUMxb0M4QzZeRDk4QSJCQUMx._bzdn._tcp.local.)
 active for over two minutes. This places considerable burden on the network.
 
Error - 27.11.2010 20:00:21 | Computer Name = Boomi-PC | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 27.11.2010 20:00:21 | Computer Name = Boomi-PC | Source = Bonjour Service | ID = 100
Description = 464: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 27.11.2010 20:00:21 | Computer Name = Boomi-PC | Source = Bonjour Service | ID = 100
Description = 520: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 30.11.2010 16:26:46 | Computer Name = Boomi-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1519192478-QkxaMDAwMkdEMU4uYUMxb0M4QzZeRDk4QSJCQUMx._bzdn._tcp.local.)
 active for over two minutes. This places considerable burden on the network.
 
Error - 30.11.2010 16:58:54 | Computer Name = Boomi-PC | Source = Bonjour Service | ID = 100
Description = 484: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 30.11.2010 16:58:54 | Computer Name = Boomi-PC | Source = Bonjour Service | ID = 100
Description = 488: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 30.11.2010 16:58:54 | Computer Name = Boomi-PC | Source = Bonjour Service | ID = 100
Description = 520: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 01.12.2010 18:46:52 | Computer Name = Boomi-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
 
< End of report >

So obwohl Malwarebytes jetzt etwas entfernt hat weiß ich nicht ob wirklich alles weg ist und hoffe auf eure Hilfe.

Danke

cosinus · 03.12.2010, 22:10

Hallo und

Dein OTL-Log ist unauffällig. Der Fund

Zitat:

C:\Users\Boomi\AppData\Local\Temp\ubiB5D8.tmp.exe

scheint offensichtlich was mit "Ubisoft" zu tun zu haben, und du hast ja auch was von diesem Publisher installiert, deswegen denke ich hier eher an einem Fehlalarm. Oder hast du massive, malwaretypische Probleme?

TR/Dropper.Gen von Avira AntiVir und Trojan.Agent.CK sowie Trojan.Orsam von Malwarebytes erkannt

Plagegeister aller Art und deren Bekämpfung: TR/Dropper.Gen von Avira AntiVir und Trojan.Agent.CK sowie Trojan.Orsam von Malwarebytes erkannt

TR/Dropper.Gen von Avira AntiVir und Trojan.Agent.CK sowie Trojan.Orsam von Malwarebytes erkannt

TR/Dropper.Gen von Avira AntiVir und Trojan.Agent.CK sowie Trojan.Orsam von Malwarebytes erkannt

Ähnliche Themen: TR/Dropper.Gen von Avira AntiVir und Trojan.Agent.CK sowie Trojan.Orsam von Malwarebytes erkannt