Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Win32:Patched- TM [Trj] in c:\windows\explorer.exe

Win32:Patched- TM [Trj] in c:\windows\explorer.exe


Plagegeister aller Art und deren Bekämpfung: Win32:Patched- TM [Trj] in c:\windows\explorer.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 02.01.2011, 17:11   #1
sven001
 
Win32:Patched- TM [Trj] in c:\windows\explorer.exe - Standard

Win32:Patched- TM [Trj] in c:\windows\explorer.exe


Hi @ all.

Mir wird beim der avast! scan diese Meldung ausgegeben:

Win32:Patched- TM [Trj], das ganze in meiner explorer.exe.

Ich benutze Windows 7 Home 32bit, hab spybot und bis vor 2 tagen antivir genutzt.

Antivir hat mir das gleiche angezeigt, nach einigem googln kam ich dann auf Anti-Malware. Dieses Programm hat mir aber 0 Fehler angezeigt.

Danach hab ich mir avast! installiert, um zu testen ob antivir nicht richtig funktioniert. Avast! hat dann den gleichen Fehler angezeigt.

Ich hab dann die verschiedene Möglichkeiten ausprobiert, in Container verschieben usw, was ja nicht funktioniert im laufenden Prozess. Dann hab ich den Explorer abgeschalten und gelöscht.
Danach habe ich versucht mithilfe meiner Boot CD und der Systemwiederherstellung den Explorer wieder herzustellen, was auch ging aber ich habe nur wieder den Trojaner, die gleiche Anzeige in avast!. Anti-Malware zeigt mir weiterhin 0 Fehler. Ich habe leider keine ältere Systemherstellung, der letzte Eintrag ist von vor 3 Tagen (Windows-Update).

Nun komm ich nicht mehr weiter, hab so an sich aber auch keine spürbaren Probleme, kein Abstürzen, PC läuft normal schnell...

Anbei meine Scans:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
 
Datenbank Version: 5443
 
Windows 6.1.7600
Internet Explorer 9.0.7930.16406
 
02.01.2011 15:49:30
mbam-log-2011-01-02 (15-49-30).txt
 
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 136123
Laufzeit: 3 Minute(n), 0 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Und die OTL Scans:

Code:
ATTFilter
OTL Extras logfile created on: 02.01.2011 17:04:37 - Run 2
OTL by OldTimer - Version 3.2.20.1     Folder = C:\Users\Public\Desktop\MFtools
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 348,19 Gb Total Space | 179,14 Gb Free Space | 51,45% Space Free | Partition Type: NTFS
 
Computer Name: ***PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTML] -- C:\Program Files\SRWare Iron\iron.exe (SRWare)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A532864-065D-4369-A548-DFF207C2C713}" = QIP 2010 3397 Jeak-Edition
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.3
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28996689-E20A-E63B-2BDA-B662AB807C87}" = ATI Catalyst Install Manager
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FFEC1CA-DD48-43C4-8BA1-01A82B2C8837}" = QIP 2010 4444 Jeak-Edition
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71702641-2849-45A4-8E62-4B85974B24A0}_is1" = BumpTop
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 7.0.520.1
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"Blender" = Blender (remove only)
"Connectify" = Connectify
"DivX Setup.divx.com" = DivX-Setup
"ERUNT_is1" = ERUNT 1.1j
"GoldenEye: Source" = GoldenEye: Source - HalfLife 2 Mod
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"HotspotShield" = Hotspot Shield 1.52
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"IsoBuster_is1" = IsoBuster 2.8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.9.0
"K-Meleon" = K-Meleon 1.5.4 de-DE (nur entfernen)
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Mozilla Firefox 4.0b6 (x86 de)" = Mozilla Firefox 4.0b6 (x86 de)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MP3-Cutter" = MP3-Cutter
"Mumble" = Mumble and Murmur
"MyFreeCodec" = MyFreeCodec
"NVIDIA Drivers" = NVIDIA Drivers
"Pidgin" = Pidgin
"PunkBusterSvc" = PunkBuster Services
"rayatitray" = Ray Adams ATI Tray Tools
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"StarCraft II" = StarCraft II
"Steam App 218" = Source SDK Base 2007
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"Update Service" = Update Service
"uTorrent" = µTorrent
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"XMedia Recode" = XMedia Recode 2.2.4.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"22abf9dde03b3b37" = Seesmic for Windows
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
und

Code:
ATTFilter
OTL logfile created on: 02.01.2011 17:04:36 - Run 2
OTL by OldTimer - Version 3.2.20.1     Folder = C:\Users\Public\Desktop\MFtools
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 348,19 Gb Total Space | 179,14 Gb Free Space | 51,45% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Public\Desktop\MFtools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\jeak.de\QIP 2010 4196 Jeak-Edition\qip.exe (QIP)
PRC - C:\Program Files\SRWare Iron\iron.exe (SRWare)
PRC - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Connectify\ConnectifyService.exe (Nomadio, Inc.)
PRC - C:\Program Files\Connectify\Connectifyd.exe (Nomadio, Inc.)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Public\Desktop\MFtools\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (HotspotShieldService) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (HssDrv) -- C:\Windows\System32\drivers\HssDrv.sys (AnchorFree Inc.)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (LVUVC) Logitech Webcam 200(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (atitray) -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys ()
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) -- C:\Windows\System32\drivers\s217unic.sys (MCCI)
DRV - (s217obex) -- C:\Windows\System32\drivers\s217obex.sys (MCCI Corporation)
DRV - (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) -- C:\Windows\System32\drivers\s217nd5.sys (MCCI Corporation)
DRV - (s217mdm) -- C:\Windows\System32\drivers\s217mdm.sys (MCCI Corporation)
DRV - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\Windows\System32\drivers\s217bus.sys (MCCI Corporation)
DRV - (s217mdfl) -- C:\Windows\System32\drivers\s217mdfl.sys (MCCI Corporation)
DRV - (hcwPP2) -- C:\Windows\System32\drivers\hcwPP2.sys (Hauppauge Computer Works, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://blog.fefe.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 6F 0A DD A5 57 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {BAEBEF65-9289-47c5-8524-C345CC5D860D}:1.4.2
FF - prefs.js..extensions.enabledItems: {618D522B-652C-4e19-9194-048700B12ED6}:1.4
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010.12.21 00:34:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010.12.21 00:34:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\K-Meleon\Extensions\\Plugins: C:\Program Files\K-Meleon\Plugins [2010.11.19 02:19:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\K-Meleon\Extensions\\Components: C:\Program Files\K-Meleon\Components [2010.04.10 10:43:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.10 20:43:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.19 02:19:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 6\components [2010.09.26 17:21:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins [2010.12.21 00:34:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.14 14:46:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.11.19 02:19:04 | 000,000,000 | ---D | M]
 
[2010.10.05 00:18:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.04.02 10:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.27 03:10:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tttayqxy.default\extensions
[2010.11.28 09:06:43 | 000,000,000 | ---D | M] (Sothink SWF Catcher) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tttayqxy.default\extensions\{618D522B-652C-4e19-9194-048700B12ED6}
[2010.11.28 09:03:32 | 000,000,000 | ---D | M] (Sothink Flash Downloader) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tttayqxy.default\extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D}
[2010.11.28 08:53:10 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tttayqxy.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2010.05.23 02:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.12.21 00:34:50 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010.12.21 00:34:50 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010.10.24 23:21:40 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.24 23:21:40 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.24 23:21:40 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.24 23:21:40 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.24 23:21:40 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.01.02 16:03:16 | 000,427,737 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    www.123fporn.info
O1 - Hosts: 14727 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.42.43.62 82.212.62.62
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3df6e85d-9896-11df-a458-0019db48e710}\Shell - "" = AutoRun
O33 - MountPoints2\{3df6e85d-9896-11df-a458-0019db48e710}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{5d797118-b776-11df-b877-0019db48e710}\Shell - "" = AutoRun
O33 - MountPoints2\{5d797118-b776-11df-b877-0019db48e710}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[3810.04.01 16:37:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[3810.04.01 16:37:35 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[3810.04.01 16:37:35 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[3810.04.01 16:37:35 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[3810.04.01 16:37:35 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[3810.04.01 16:37:35 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[3810.04.01 16:37:34 | 003,048,096 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[3810.04.01 16:37:34 | 002,649,120 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[3810.04.01 16:37:34 | 001,938,704 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[3810.04.01 16:37:34 | 001,749,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[3810.04.01 16:37:34 | 001,131,280 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[3810.04.01 16:37:34 | 000,961,296 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[3810.04.01 16:37:34 | 000,900,368 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[3810.04.01 16:37:34 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[3810.04.01 16:37:34 | 000,448,272 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[3810.04.01 16:37:34 | 000,427,792 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[3810.04.01 16:37:34 | 000,405,776 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[3810.04.01 16:37:34 | 000,371,232 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[3810.04.01 16:37:34 | 000,357,576 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[3810.04.01 16:37:34 | 000,311,568 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[3810.04.01 16:37:34 | 000,307,616 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[3810.04.01 16:37:34 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[3810.04.01 16:37:34 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[3810.04.01 16:37:34 | 000,290,064 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[3810.04.01 16:37:34 | 000,235,280 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[3810.04.01 16:37:34 | 000,223,504 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[3810.04.01 16:37:34 | 000,168,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[3810.04.01 16:37:34 | 000,145,760 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[3810.04.01 16:37:34 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[3810.04.01 16:37:34 | 000,103,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[3810.04.01 16:37:34 | 000,103,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[3810.04.01 16:37:34 | 000,102,160 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[3810.04.01 16:37:34 | 000,096,160 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[3810.04.01 16:37:34 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[3810.04.01 16:37:34 | 000,062,664 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[3810.04.01 16:37:34 | 000,057,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[3810.04.01 16:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[3810.04.01 16:37:33 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[3810.04.01 16:37:32 | 001,247,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[3810.04.01 16:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[3810.04.01 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[3810.04.01 16:27:06 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[3810.04.01 16:27:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ICQ
[3810.04.01 16:27:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\AOL
[3810.04.01 16:22:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer
[3810.04.01 16:22:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer
[3810.04.01 16:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[3810.04.01 16:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[3810.04.01 16:20:11 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[3810.04.01 16:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[3810.04.01 16:14:21 | 000,000,000 | ---D | C] -- C:\ATI
[3810.04.01 16:13:32 | 000,705,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\cohelper.dll
[3810.04.01 16:13:31 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[3810.04.01 16:13:21 | 000,485,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE
[3810.04.01 16:13:17 | 000,000,000 | ---D | C] -- C:\NVIDIA
[3810.04.01 16:09:14 | 000,000,000 | ---D | C] -- C:\Windows.old
[3810.04.01 16:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[3810.04.01 16:02:14 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[3810.04.01 16:01:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe
[3810.04.01 15:54:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia
[3810.04.01 15:54:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe
[3810.04.01 15:54:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[3810.04.01 15:48:08 | 000,000,000 | R--D | C] -- C:\Programme
[3810.04.01 15:47:10 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[3810.04.01 15:47:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen
[3810.04.01 15:32:00 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[3810.04.01 15:32:00 | 000,000,000 | R--D | C] -- C:\Users\***\Searches
[3810.04.01 15:32:00 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[3810.04.01 15:31:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities
[3810.04.01 15:31:51 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts
[3810.04.01 15:31:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore
[3810.04.01 15:31:46 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft
[3810.04.01 15:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\Videos
[3810.04.01 15:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games
[3810.04.01 15:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures
[3810.04.01 15:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\Music
[3810.04.01 15:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[3810.04.01 15:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\Links
[3810.04.01 15:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites
[3810.04.01 15:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads
[3810.04.01 15:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[3810.04.01 15:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop
[3810.04.01 15:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen
[3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf
[3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files
[3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü
[3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo
[3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent
[3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung
[3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen
[3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos
[3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik
[3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien
[3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder
[3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung
[3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies
[3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten
[3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten
[3810.04.01 15:31:46 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData
[3810.04.01 15:31:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp
[3810.04.01 15:31:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft
[3810.04.01 15:31:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs
[3810.04.01 15:31:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[3810.04.01 15:31:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[3810.04.01 15:31:36 | 000,000,000 | -HSD | C] -- C:\Recovery
[3810.04.01 15:31:36 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[3810.04.01 15:31:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[3810.04.01 15:31:36 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[3810.04.01 15:31:36 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[3810.04.01 15:31:36 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[3810.04.01 15:31:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[3810.04.01 15:31:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[3810.04.01 15:17:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[3810.04.01 15:14:32 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[3810.04.01 15:07:46 | 000,000,000 | -HSD | C] -- C:\Boot
[2011.01.02 15:45:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.01.02 15:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\ERUNT
[2011.01.02 15:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011.01.02 15:40:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.01.02 15:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware
[2011.01.02 15:40:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.02 15:37:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2011.01.02 15:02:59 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.01.02 15:02:59 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.01.02 15:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\avast! Free Antivirus
[2011.01.02 15:02:58 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.01.02 15:02:55 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.01.02 15:02:52 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.01.02 15:02:40 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.01.02 15:02:40 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010.12.31 04:41:24 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner
[2010.12.31 00:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.12.31 00:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010.12.30 16:35:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.12.30 16:35:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.30 16:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.12.24 12:53:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4EF1C940-9150-467B-9027-ED397418F06D}
[2010.12.21 00:34:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Local
[2010.12.20 22:18:37 | 000,000,000 | ---D | C] -- C:\Users\***\tmp
[2010.12.20 11:46:07 | 000,000,000 | ---D | C] -- C:\Users\***\temp
[2010.12.19 17:16:54 | 000,000,000 | ---D | C] -- C:\Users\***\win
[2010.12.19 17:14:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Kazul
[2010.12.19 17:14:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Egyzax
[2010.12.16 04:33:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.16 04:33:41 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2010.12.16 04:33:41 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.16 04:33:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.16 04:33:39 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.16 04:33:39 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.16 04:33:39 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.16 04:33:39 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2010.12.16 04:33:38 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.16 04:33:37 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.14 20:57:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2010.12.14 20:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2010.12.14 20:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Steam
[2010.12.14 20:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010.12.14 20:12:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\GoldenEye Source v4.1
[2010.12.08 18:10:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D8D4B39E-B1DB-41B2-AF62-C96FFDD28D74}
[2010.12.08 18:10:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B54C3638-F853-407A-B46B-A67C94D84EDC}
[2010.12.08 14:12:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2010.12.05 19:50:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B90D3740-A3C5-4D94-806A-0EF2EF3E9CBB}
[2010.12.05 19:49:30 | 000,000,000 | ---D | C] -- C:\Windows\de
[2010.12.05 19:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010.12.05 19:46:02 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010.12.05 19:46:02 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010.12.05 19:46:02 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010.12.05 19:45:41 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2010.12.05 19:45:08 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010.12.05 19:45:08 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010.12.05 19:43:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows Live
[2010.12.05 19:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\YouTube Downloader
[2010.12.05 19:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2010.04.29 19:16:00 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe1785.dll
 
========== Files - Modified Within 30 Days ==========
 
[3810.04.01 16:13:19 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[3810.04.01 16:13:19 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved
[3810.04.01 15:17:53 | 000,056,735 | ---- | M] () -- C:\Windows\System32\license.rtf
[3810.04.01 15:17:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[3810.04.01 15:16:35 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[3810.04.01 14:56:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[3810.04.01 14:56:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[3810.04.01 14:52:03 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK
[2011.01.02 16:29:43 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.02 16:29:43 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.02 16:26:48 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.02 16:26:48 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.02 16:26:48 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.02 16:26:48 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.01.02 16:22:35 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.02 16:22:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.02 16:22:15 | 2415,456,256 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.02 16:16:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-848041316-3006911568-935130591-1001UA.job
[2011.01.02 16:14:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.02 16:03:16 | 000,427,737 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.01.02 15:26:40 | 000,843,814 | ---- | M] () -- C:\Users\***\Desktop\Unbenannt.png
[2011.01.02 15:02:59 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.01.02 15:02:52 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.01.01 22:41:45 | 000,045,614 | ---- | M] () -- C:\Users\***\Desktop\164504_153427604707783_100001216342050_306293_3459804_n.jpg
[2010.12.31 02:07:13 | 000,466,925 | ---- | M] () -- C:\Users\***\Desktop\d1.jpg
[2010.12.30 06:34:50 | 000,461,537 | ---- | M] () -- C:\Users\***\Desktop\bh.jpg
[2010.12.29 15:21:16 | 000,005,363 | ---- | M] () -- C:\Users\***\Desktop\get_pdf.pdf
[2010.12.29 14:16:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-848041316-3006911568-935130591-1001Core.job
[2010.12.21 22:44:52 | 000,000,100 | ---- | M] () -- C:\Windows\wininit.ini
[2010.12.21 22:14:41 | 000,427,737 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110102-160316.backup
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.16 19:03:18 | 000,290,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.14 20:46:48 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.12.14 20:41:55 | 000,139,128 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.12.10 02:55:54 | 000,171,014 | ---- | M] () -- C:\game.ico
[2010.12.05 19:48:29 | 000,000,020 | ---- | M] () -- C:\Windows\èúÆ
 
========== Files Created - No Company Name ==========
 
[3810.04.01 16:46:27 | 000,000,355 | RHS- | C] () -- C:\Boot.ini.saved
[3810.04.01 16:13:32 | 000,006,136 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[3810.04.01 16:13:19 | 000,000,211 | -H-- | C] () -- C:\Boot.BAK
[3810.04.01 15:17:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[3810.04.01 15:16:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[3810.04.01 15:14:13 | 2415,456,256 | -HS- | C] () -- C:\hiberfil.sys
[3810.04.01 15:07:50 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[3810.04.01 15:07:46 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[3810.04.01 14:56:05 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[3810.04.01 14:56:05 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[3810.04.01 13:39:12 | 000,009,227 | ---- | C] () -- C:\Users\***\Desktop\BÜCHERVERKAUF.odt
[2011.01.02 15:26:40 | 000,843,814 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt.png
[2011.01.02 15:02:59 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.01.01 22:41:50 | 000,045,614 | ---- | C] () -- C:\Users\***\Desktop\164504_153427604707783_100001216342050_306293_3459804_n.jpg
[2010.12.31 02:07:13 | 000,466,925 | ---- | C] () -- C:\Users\***\Desktop\d1.jpg
[2010.12.30 06:34:50 | 000,461,537 | ---- | C] () -- C:\Users\***\Desktop\bh.jpg
[2010.12.29 15:21:16 | 000,005,363 | ---- | C] () -- C:\Users\***\Desktop\get_pdf.pdf
[2010.12.21 22:44:52 | 000,000,100 | ---- | C] () -- C:\Windows\wininit.ini
[2010.12.10 02:55:54 | 000,171,014 | ---- | C] () -- C:\game.ico
[2010.12.08 14:11:44 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-848041316-3006911568-935130591-1001UA.job
[2010.12.08 14:11:43 | 000,001,062 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-848041316-3006911568-935130591-1001Core.job
[2010.12.05 19:48:28 | 000,000,020 | ---- | C] () -- C:\Windows\èúÆ
[2010.11.15 01:52:22 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.07.26 14:18:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2010.07.26 14:18:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2010.07.26 14:18:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2010.07.26 14:18:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.07.22 23:12:53 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.07.22 23:12:53 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.07.06 16:43:36 | 000,003,838 | ---- | C] () -- C:\ProgramData\driverinfo.txt
[2010.05.14 22:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010.05.14 22:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010.05.14 22:47:00 | 000,090,071 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010.05.07 17:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010.05.07 17:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010.05.06 23:02:09 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.05.06 23:02:09 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.05.06 23:02:07 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.05.06 23:02:07 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.05.06 23:02:05 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.04.18 22:26:39 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwXDS.dll
[2010.04.02 10:55:02 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.04.02 10:55:02 | 000,138,056 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2010.04.01 17:04:04 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.11.17 11:08:34 | 000,197,424 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.14 00:24:44 | 000,003,584 | ---- | C] () -- C:\Windows\System32\kb.dll
[2008.06.23 12:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.05.23 16:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
 
========== LOP Check ==========
 
[2010.04.06 15:14:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.bsnes
[2010.04.29 20:06:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.purple
[2010.05.21 02:57:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blender Foundation
[2010.06.28 05:04:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bump Technologies, Inc
[2010.05.19 01:15:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2010.07.15 16:01:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2010.12.21 22:03:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Egyzax
[2010.11.28 08:33:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrabPro
[2010.12.29 19:17:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.04.10 10:43:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\K-Meleon
[2010.12.21 12:24:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kazul
[2010.04.01 17:00:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.12.21 00:34:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Local
[2010.08.04 19:48:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mumble
[2011.01.02 17:06:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NetSpeedMonitor
[2010.04.07 13:15:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.09.27 00:03:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2010.11.28 09:14:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit
[2010.11.28 08:29:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProgSense
[2010.06.01 15:12:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QIP
[2010.09.08 22:25:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2010.07.15 18:32:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.04.02 10:23:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.10.22 23:59:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2010.11.30 14:05:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2010.07.26 13:58:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone
[2010.08.16 02:42:11 | 000,000,362 | ---- | M] () -- C:\Windows\Tasks\Install_NSS.job
[2010.12.26 22:45:51 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
Vielen Dank im Voraus,
MfG
Sven

Die vollen Scans von Anti-Malware und avast! kommen zum gleichen Ergebnis.

Wenn ich explorer.exe abschalte und ohne Neustart starten möchte, springt übrigens das avast! Fenster auf und lässt das Programm nicht zu.

Starte ich win7 normal, kommt keine solche Meldung.

so, nun ist nochmal irgendwas passiert mit der explorer.exe, mein Netzwerk sollte in ein öffentliches umgewandelt werden (?), danach hatte ich rechts unten das icon für "netzwerk deaktiviert", allerdings noch normalen Zugang ins Internet.

Darauf hin habe ich nochmal eine Systemwiederherstellung gemacht, die aufgrund einer Fehlermeldung (leider zu schnell weggeklickt) nicht funktionierte und den Eintrag aus der Liste der Optionen gelöscht hat.

Danach habe ich einen neueren Eintrag gewählt (vom 31.12., zu dem Zeitpunkt hatte ich aber schon definitiv die Anzeige im antivir sowie avast).

Da ich nun aufgrund der Systemwiederherstellung keines der beiden Programme mehr installiert hatte, habe ich mich diesmal für Microsoft Essentials entschieden.

Dies hat bei seinem Scan keinen Virus oder Trojaner gefunden. Danach habe ich noch einen quickscan mit Windows Live OneCare Safety durchgeführt, der auch ohne Meldung war. Anti-Malware ebenso nichts.

Jetzt nicht das ich mich großartig freuen würde, ich tu mich grad schwer nochmals antivir / avast zum Gegenprüfen zu installieren.

Vllt hat doch noch jemand eine Idee zu dem ganzen.

Gruß

 

Themen zu Win32:Patched- TM [Trj] in c:\windows\explorer.exe
78.42.43.62, abstürzen, antivir, avast!, bho, conduit, corp./icp, desktop, downloader, dropbox, entfernen, error, feedback, firefox, flash player, fontcache, goldeneye, google, google chrome, google earth, home, home premium, hotspot shield, install.exe, langs, location, logfile, media center, microsoft essentials, mozilla, mozilla thunderbird, nvmf6232.sys, nvstor.sys, object, oldtimer, otl.exe, pc läuft, programdata, programm, realtek, registry, safer networking, saver, scan, searchplugins, security, server, shell32.dll, software, staropen, start menu, studio, super, system restore, systemwiederherstellung gemacht, taskhost.exe, teamspeak, trojaner, visual studio, vlc media player, vodafone, webcheck, windows, windows 7 home, youtube downloader


« system tools virus und hosts-datei frage | MSN / myspace Visrus... Laptop startet micht mehr richtig »


Ähnliche Themen: Win32:Patched- TM [Trj] in c:\windows\explorer.exe


  1. Trojan.Win32.Patched!E2
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (13)
  2. Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (5)
  3. explorer problem mit tr/patched kl 242
    Plagegeister aller Art und deren Bekämpfung - 17.12.2010 (3)
  4. TR/Patched.GR.10 in Explorer.exe
    Plagegeister aller Art und deren Bekämpfung - 09.12.2010 (26)
  5. Böser Trojaner TR/Patched.GR.10 in explorer.exe - Teufelskreis?
    Plagegeister aller Art und deren Bekämpfung - 06.12.2010 (14)
  6. TR/Patched.GR.10 in explorer.exe & TR/Patched.KL.238 in winlogon.exe
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  7. Win32.Loader.O (DB) in C:\WINDOWS\SYSTEM32\WINLOGON.EXE und C:\WINDOWS\Explorer.EXE
    Plagegeister aller Art und deren Bekämpfung - 26.08.2010 (3)
  8. Win32/PATCHED.DO in C:\WINDOWS\system32\drivers\ftdisk.sys
    Plagegeister aller Art und deren Bekämpfung - 30.05.2010 (1)
  9. Trojan.Win32.Patched.aa!A2 in explorer.exe
    Plagegeister aller Art und deren Bekämpfung - 12.04.2010 (6)
  10. WIN32:patched-KA gefunden
    Plagegeister aller Art und deren Bekämpfung - 28.04.2009 (4)
  11. Trojaner.Win32.Patched
    Log-Analyse und Auswertung - 10.04.2009 (1)
  12. Trojan.Win32.Patched.m!!!!
    Plagegeister aller Art und deren Bekämpfung - 09.04.2009 (7)
  13. Trojan.Win32.Patched.dn
    Plagegeister aller Art und deren Bekämpfung - 04.11.2008 (1)
  14. trojan.win32.patched.dn
    Plagegeister aller Art und deren Bekämpfung - 04.11.2008 (1)
  15. Trojan.Win32.patched.dn
    Mülltonne - 04.11.2008 (1)
  16. Trojan.Win32.Patched.dn in User32.dll
    Mülltonne - 04.11.2008 (2)
  17. Win32:Patched-FF [Trj]
    Plagegeister aller Art und deren Bekämpfung - 18.04.2008 (22)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win32:Patched- TM [Trj] in c:\windows\explorer.exe - Hi @ all. Mir wird beim der avast! scan diese Meldung ausgegeben: Win32:Patched- TM [Trj] , das ganze in meiner explorer.exe. Ich benutze Windows 7 Home 32bit, hab spybot und - Win32:Patched- TM [Trj] in c:\windows\explorer.exe...
Archiv
Du betrachtest: Win32:Patched- TM [Trj] in c:\windows\explorer.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131