|
Plagegeister aller Art und deren Bekämpfung: svchost.bat? Was ist das?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
17.01.2011, 14:59 | #1 |
| svchost.bat? Was ist das? Hallo, habe heute mal mit Norton 360 den Auto Start Manager ausgeführt und da ist mir eine Datei aufgefallen die dort aufgelistet war. Ihr Name heißt "svchost.bat"! Habe gegooglet und bin auf nichts nützliches gestoßen. Als ich vor einer Woche den Start Manager ausgeführt habe, war diese Datei noch nicht da. Virus Total hat die Datei mehrfach als Trojaner erkannt. Ist es wirklich einer? (LINK: hxxp://tiny.cc/0b3mw) Meine Frage: Was ist "svchost.bat"? Gruß |
17.01.2011, 16:00 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | svchost.bat? Was ist das? Lad die svchost.bat bitte bei uns hoch => Trojaner-Board Upload Channel
__________________
__________________ |
17.01.2011, 16:06 | #3 |
| svchost.bat? Was ist das? Hab ich nicht mehr, CHIP hat mir geraten ich soll die Datei löschen.
__________________hxxp://forum.chip.de/viren-trojaner-wuermer/svchost-bat-1476037.html#post8963870 ist es eigentlich nötig meine Passwörter zu ändern? |
17.01.2011, 16:09 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | svchost.bat? Was ist das? Und warum dann ein Crossposting?
__________________ Logfiles bitte immer in CODE-Tags posten |
17.01.2011, 16:11 | #5 |
| svchost.bat? Was ist das? Wegen der Frage. Und weil ich dachte, dass sich TROJANERBoard in Sachen Trojanern ein wenig besser auskennt. Hätte ja auch was schlimmes sein können oder so.. |
17.01.2011, 16:20 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | svchost.bat? Was ist das? Du hättest aber am Anfang schon drauf hinweisen können! Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ --> svchost.bat? Was ist das? |
17.01.2011, 16:53 | #7 |
| svchost.bat? Was ist das? Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5537 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 17.01.2011 15:07:03 mbam-log-2011-01-17 (15-07-03).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|H:\|X:\|) Durchsuchte Objekte: 255319 Laufzeit: 40 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Daniel\Desktop\Backup!\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully. Extras: Code:
ATTFilter OTL Extras logfile created on: 17.01.2011 16:43:44 - Run 1 OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Daniel\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 49,90 Gb Total Space | 22,50 Gb Free Space | 45,09% Space Free | Partition Type: NTFS Drive D: | 99,05 Gb Total Space | 61,56 Gb Free Space | 62,15% Space Free | Partition Type: NTFS Drive E: | 931,40 Gb Total Space | 909,02 Gb Free Space | 97,60% Space Free | Partition Type: FAT32 Drive H: | 100,00 Mb Total Space | 70,20 Mb Free Space | 70,20% Space Free | Partition Type: NTFS Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- "E:\Backup\User@USER-PC\#D\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Programme\VLC Media Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [pd4Encrypt] -- "D:\Programme\Password Depot 4\PasswordDepot.exe" -encrypt "%1" (AceBIT GmbH) Directory [pd4Erase] -- "D:\Programme\Password Depot 4\PasswordDepot.exe" -erase "%1" (AceBIT GmbH) Directory [PlayWithVLC] -- "D:\Programme\VLC Media Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 1 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 1.1.2 (DX11) "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5546F4E9-B0F4-4F54-B949-2AB006C9284F}" = DJ_AIO_06_F2400_SW_Min "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari "{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}" = MagicTunePremium "{819CA3BC-2FF8-4811-B42F-421F7BFD3559}" = HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{8DB77BE4-629D-458D-BD68-9F36667C2177}" = TubeBox! "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A748A983-311C-4D65-B570-E7764492803E}" = Password Depot 4 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch "{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1 "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7 "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Afterburner" = MSI Afterburner 2.0.0 Beta 4 "Akamai" = Akamai NetSession Interface "Alarm für Cobra 11 - Das Syndikat_is1" = Alarm für Cobra 11 - Das Syndikat "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "CPUID CPU-Z_is1" = CPUID CPU-Z 1.56 "Fraps" = Fraps (remove only) "InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration "JDownloader" = JDownloader "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "N360" = Norton 360 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "RocketDock_is1" = RocketDock 1.3.5 "sp6" = Logitech SetPoint 6.20 "VLC media player" = VLC media player 1.1.5 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR "Zattoo4" = Zattoo4 4.0.5 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich. "Google Chrome" = Google Chrome "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 16.01.2011 12:38:21 | Computer Name = Daniel-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5694 Error - 16.01.2011 12:38:22 | Computer Name = Daniel-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 16.01.2011 12:38:22 | Computer Name = Daniel-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6693 Error - 16.01.2011 12:38:22 | Computer Name = Daniel-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6693 Error - 16.01.2011 12:38:23 | Computer Name = Daniel-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 16.01.2011 12:38:23 | Computer Name = Daniel-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7691 Error - 16.01.2011 12:38:23 | Computer Name = Daniel-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7691 Error - 16.01.2011 12:38:24 | Computer Name = Daniel-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 16.01.2011 12:38:24 | Computer Name = Daniel-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 8690 Error - 16.01.2011 12:38:24 | Computer Name = Daniel-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 8690 [ System Events ] Error - 13.01.2011 12:44:11 | Computer Name = Daniel-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?13.?01.?2011 um 17:43:31 unerwartet heruntergefahren. Error - 13.01.2011 12:44:21 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: MagicTune Error - 14.01.2011 10:20:22 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: MagicTune Error - 14.01.2011 19:34:46 | Computer Name = Daniel-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 15.01.2011 09:11:22 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: MagicTune Error - 15.01.2011 15:14:06 | Computer Name = Daniel-PC | Source = DCOM | ID = 10010 Description = Error - 16.01.2011 00:15:57 | Computer Name = Daniel-PC | Source = DCOM | ID = 10010 Description = Error - 16.01.2011 08:27:34 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: MagicTune Error - 16.01.2011 08:28:20 | Computer Name = Daniel-PC | Source = Microsoft-Windows-Application-Experience | ID = 205 Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht initialisieren. Error - 17.01.2011 08:50:55 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: MagicTune < End of report > Code:
ATTFilter OTL logfile created on: 17.01.2011 16:43:44 - Run 1 OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Daniel\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 49,90 Gb Total Space | 22,50 Gb Free Space | 45,09% Space Free | Partition Type: NTFS Drive D: | 99,05 Gb Total Space | 61,56 Gb Free Space | 62,15% Space Free | Partition Type: NTFS Drive E: | 931,40 Gb Total Space | 909,02 Gb Free Space | 97,60% Space Free | Partition Type: FAT32 Drive H: | 100,00 Mb Total Space | 70,20 Mb Free Space | 70,20% Space Free | Partition Type: NTFS Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Daniel\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - D:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - D:\Programme\Password Depot 4\PasswordDepot.exe (AceBIT GmbH) PRC - C:\Programme\Norton 360\Engine\4.3.0.5\ccsvchst.exe (Symantec Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - D:\Programme\RocketDock\RocketDock.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Daniel\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_dbc0250.dll () SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (N360) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe (Symantec Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110116.003\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110116.003\NAVENG.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110114.002\IDSvix86.sys (Symantec Corporation) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys (Symantec Corporation) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (cpuz134) -- C:\Windows\System32\drivers\cpuz134_x32.sys (Windows (R) Win 7 DDK provider) DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS (Symantec Corporation) DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS (Symantec Corporation) DRV - (ccHP) -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys (Symantec Corporation) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS (Symantec Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\System32\drivers\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (MagicTune) -- C:\Windows\system32\drivers\MTiCtwl.sys (Samsung Electronics, Inc. ) DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 B8 83 3D BE 98 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.4 FF - prefs.js..extensions.enabledItems: StrataBuddy@ReduxTeam:0.6.2 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.12 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6 FF - prefs.js..extensions.enabledItems: Strata40Lite@SpewBoy.au:0.6.2 FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010.12.12 13:54:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010.12.11 12:54:01 | 000,000,000 | ---D | M] [2010.12.11 00:03:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions [2011.01.16 18:34:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\5ovo6p8c.default\extensions [2010.12.27 11:26:41 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\5ovo6p8c.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010.12.11 00:07:13 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\5ovo6p8c.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.12.27 11:26:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\5ovo6p8c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.12.27 11:26:42 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\5ovo6p8c.default\extensions\foxyproxy@eric.h.jung [2010.12.26 16:07:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\5ovo6p8c.default\extensions\Strata40@SpewBoy.au [2010.12.26 16:07:18 | 000,000,000 | ---D | M] ("Strata40 Lite") -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\5ovo6p8c.default\extensions\Strata40Lite@SpewBoy.au [2010.12.26 16:05:16 | 000,000,000 | ---D | M] (StrataBuddy) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\5ovo6p8c.default\extensions\StrataBuddy@ReduxTeam [2010.12.26 16:07:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\5ovo6p8c.default\extensions\Strata40Lite@SpewBoy.au\chrome\mozapps\extensions [2010.12.11 12:54:01 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\COFFPLGN [2010.12.12 13:54:13 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN [2010.12.11 16:04:04 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [MagicTuneEngine] File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Update] File not found O4 - HKCU..\Run: [RocketDock] D:\Programme\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Users\Daniel\AppData\Local\Temp/Win_Update_newdsfsd/Windows_Updatedsfsd.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\Users\Daniel\AppData\Local\Temp\Windupdt_microsoft\winupdate_microsoft.exe) - File not found O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.12.30 22:35:26 | 000,000,088 | ---- | M] () - E:\Autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2010.11.25 21:38:10 | 000,000,000 | ---D | M] - E:\AutoBackup2 -- [ FAT32 ] O33 - MountPoints2\{0909c1c1-1401-11e0-9605-4487fc575c0c}\Shell - "" = AutoRun O33 - MountPoints2\{0909c1c1-1401-11e0-9605-4487fc575c0c}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE O33 - MountPoints2\{fb77fc0b-04ae-11e0-8f7d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{fb77fc0b-04ae-11e0-8f7d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\X\Shell - "" = AutoRun O33 - MountPoints2\X\Shell\AutoRun\command - "" = X:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.17 14:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.01.17 14:30:11 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2011.01.17 14:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.01.17 14:23:37 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes [2011.01.17 14:23:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.01.17 14:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.17 14:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.17 14:23:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.01.17 14:23:27 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.01.16 15:37:59 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{55E8946D-80B1-455D-A733-61F8E691B044} [2011.01.15 21:14:29 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{805CFEEA-09F3-4F5F-8851-021600B3ABAC} [2011.01.15 21:14:14 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Windows Live Writer [2011.01.15 21:14:14 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Windows Live Writer [2011.01.15 20:43:36 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Leadertech [2011.01.15 20:43:09 | 000,016,400 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys [2011.01.15 20:42:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd [2011.01.15 20:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2011.01.15 20:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd [2011.01.15 20:42:06 | 000,000,000 | ---D | C] -- C:\Programme\Logitech [2011.01.15 20:41:00 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\LogiShrd [2011.01.15 20:40:36 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Logitech [2011.01.15 20:40:36 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Logishrd [2011.01.15 16:35:59 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\minecraft [2011.01.14 22:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games [2011.01.14 22:11:29 | 000,000,000 | ---D | C] -- C:\Programme\Electronic Arts [2011.01.14 22:11:18 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electronic Arts [2011.01.14 22:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts [2011.01.13 20:48:13 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps [2011.01.13 20:00:14 | 000,000,000 | ---D | C] -- C:\Fraps [2011.01.12 15:25:18 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.01.12 15:25:16 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll [2011.01.12 15:25:16 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.01.12 15:25:16 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.01.12 15:25:16 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [2011.01.12 15:25:16 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.01.12 15:25:16 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.01.12 15:25:16 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.01.12 15:25:16 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.01.12 15:25:16 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2011.01.12 15:25:16 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.01.12 15:25:15 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.01.12 15:25:15 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.01.09 20:37:09 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Diagnostics [2011.01.06 20:01:57 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Zattoo [2011.01.06 20:01:52 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo4 [2011.01.06 20:01:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zattoo4 [2011.01.06 20:01:51 | 000,000,000 | ---D | C] -- C:\Programme\Zattoo4 [2011.01.02 18:33:11 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011.01.02 14:32:41 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{199DA840-424E-4890-A832-AF03690DFE17} [2011.01.01 12:47:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{B034AFCB-95F0-4EAA-93BB-3EF57B24EDCE} [2011.01.01 12:18:43 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{AA4E31FD-C175-40B8-B73B-35FB40EC470D} [2010.12.31 23:18:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{D2AD38A3-C36A-41A6-A70E-03F136377506} [2010.12.31 11:18:08 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{2FE9414D-7136-4A6E-9066-E1FC354C73CE} [2010.12.31 00:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2010.12.30 13:12:40 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{20AE1908-0B43-449A-8231-399911053B25} [2010.12.30 12:23:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010.12.30 12:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Synetic [2010.12.30 12:18:47 | 000,000,000 | ---D | C] -- C:\Programme\ProtectDisc Driver Installer [2010.12.30 12:18:43 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\ProtectDISC [2010.12.30 12:17:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive [2010.12.30 12:17:15 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Games for Windows - LIVE [2010.12.30 01:22:54 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite [2010.12.30 01:22:39 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite [2010.12.30 01:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2010.12.30 01:12:15 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{A9CFF0C5-2185-4AD0-85A3-E542B156EC01} [2010.12.30 01:12:14 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{023D09EA-4EEB-4F89-9B5F-145A0235D115} [2010.12.29 15:18:37 | 000,023,096 | ---- | C] (Samsung Electronics, Inc. ) -- C:\Windows\System32\drivers\MTiCtwl.sys [2010.12.29 14:42:46 | 000,020,328 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\cpuz134_x32.sys [2010.12.29 14:42:46 | 000,000,000 | ---D | C] -- C:\Programme\CPUID [2010.12.29 14:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID [2010.12.29 13:48:26 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.12.29 13:08:08 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{83E78A7F-678C-419C-86F6-F271115401A4} [2010.12.29 00:24:53 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0 [2010.12.28 22:06:21 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{4EF3B195-5BEA-4421-8C86-819D57AFDA2B} [2010.12.28 18:26:50 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\NVIDIA [2010.12.28 18:26:48 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\2K Games [2010.12.28 18:25:53 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2010.12.28 18:25:53 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll [2010.12.28 18:25:53 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll [2010.12.28 18:25:53 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll [2010.12.28 18:25:53 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll [2010.12.28 18:25:53 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll [2010.12.28 18:25:52 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll [2010.12.28 18:25:52 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll [2010.12.28 18:25:52 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll [2010.12.28 18:25:52 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll [2010.12.28 18:25:52 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll [2010.12.28 18:25:51 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll [2010.12.28 18:25:51 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll [2010.12.28 18:25:51 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll [2010.12.28 18:25:50 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll [2010.12.28 18:25:50 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll [2010.12.28 18:25:50 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2010.12.28 18:25:50 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll [2010.12.28 18:25:50 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll [2010.12.28 18:25:49 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll [2010.12.28 18:25:49 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll [2010.12.28 18:25:49 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll [2010.12.28 18:25:49 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2010.12.28 18:25:49 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll [2010.12.28 18:25:48 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2010.12.28 18:25:48 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll [2010.12.28 18:25:48 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll [2010.12.28 18:25:47 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll [2010.12.28 18:25:47 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll [2010.12.28 18:25:47 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll [2010.12.28 18:25:47 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll [2010.12.28 18:25:46 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll [2010.12.28 18:25:46 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll [2010.12.28 18:25:46 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll [2010.12.28 18:25:45 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll [2010.12.28 18:25:45 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll [2010.12.28 18:25:45 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll [2010.12.28 18:25:44 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll [2010.12.28 18:25:44 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll [2010.12.28 18:25:44 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll [2010.12.28 18:25:44 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll [2010.12.28 18:25:44 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll [2010.12.28 18:25:44 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll [2010.12.28 18:25:44 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll [2010.12.28 18:25:43 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll [2010.12.28 18:25:43 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll [2010.12.28 18:25:43 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll [2010.12.28 18:25:43 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll [2010.12.28 18:25:43 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll [2010.12.28 18:25:42 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll [2010.12.28 18:25:42 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll [2010.12.28 18:25:42 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll [2010.12.28 18:25:42 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll [2010.12.28 18:25:42 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll [2010.12.28 18:25:41 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll [2010.12.28 18:25:41 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll [2010.12.28 18:25:41 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll [2010.12.28 18:25:40 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll [2010.12.28 18:25:40 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll [2010.12.28 18:25:40 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll [2010.12.28 18:25:40 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll [2010.12.28 18:25:40 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll [2010.12.28 18:25:39 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll [2010.12.28 18:25:39 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll [2010.12.28 18:25:39 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll [2010.12.28 18:25:38 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll [2010.12.28 18:25:38 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll [2010.12.28 18:25:38 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll [2010.12.28 18:25:38 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll [2010.12.28 18:25:37 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll [2010.12.28 18:25:37 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll [2010.12.28 18:25:37 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll [2010.12.28 18:25:36 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll [2010.12.28 18:25:36 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll [2010.12.28 18:25:36 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll [2010.12.28 18:25:35 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll [2010.12.28 18:25:35 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll [2010.12.28 18:25:35 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll [2010.12.28 18:25:34 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll [2010.12.28 18:25:34 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll [2010.12.28 18:25:27 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll [2010.12.28 18:25:27 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll [2010.12.28 18:25:27 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll [2010.12.28 18:25:27 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll [2010.12.28 18:25:26 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll [2010.12.28 18:25:26 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll [2010.12.28 18:25:26 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll [2010.12.28 18:25:26 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll [2010.12.28 18:25:25 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll [2010.12.28 17:35:32 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Steam [2010.12.28 17:35:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2010.12.28 14:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI Kombustor (DX11) [2010.12.28 14:47:25 | 000,000,000 | ---D | C] -- C:\Programme\MSI Kombustor (DX11) [2010.12.28 14:41:11 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner [2010.12.28 14:03:03 | 000,000,000 | ---D | C] -- C:\NVIDIA [2010.12.28 14:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2010.12.28 14:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2010.12.28 13:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2010.12.28 13:43:41 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation [2010.12.28 10:05:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{3C200DEE-2DB4-447B-B4F7-E814DB398D81} [2010.12.28 00:55:37 | 000,229,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMM.sys [2010.12.28 00:10:34 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Meine empfangenen Dateien [2010.12.27 22:56:33 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\glp [2010.12.27 18:15:36 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\MCEdit-schematics [2010.12.27 18:15:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MCEdit [2010.12.27 18:15:29 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\MCEdit [2010.12.27 17:43:14 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\HP [2010.12.27 17:43:06 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Hewlett-Packard [2010.12.27 17:42:54 | 000,123,904 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpf3l70v.dll [2010.12.27 17:42:16 | 000,000,000 | ---D | C] -- C:\Programme\HP [2010.12.27 17:42:15 | 000,000,000 | -H-D | C] -- C:\Config.Msi [2010.12.27 17:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2010.12.27 17:41:42 | 000,712,704 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hposwia_d02c.dll [2010.12.27 17:41:42 | 000,589,824 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpost_d02c.dll [2010.12.27 17:41:42 | 000,452,408 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll [2010.12.27 17:41:42 | 000,372,736 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppldcoi.dll [2010.12.27 17:41:42 | 000,315,392 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hposc_d02a.dll [2010.12.27 17:29:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\ElevatedDiagnostics [2010.12.27 17:05:28 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{B75D4B22-08C3-4F00-97B6-F37AD93F0742} [2010.12.27 17:05:15 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Tracing [2010.12.27 16:32:55 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010.12.27 16:25:29 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live [2010.12.27 16:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2010.12.27 16:22:13 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight [2010.12.27 16:19:15 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2010.12.27 16:19:15 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2010.12.27 16:19:15 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2010.12.27 16:17:45 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Windows Live [2010.12.27 16:17:44 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Windows Live [2010.12.27 11:29:24 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET [2010.12.27 00:20:29 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010.12.27 00:20:29 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010.12.27 00:20:29 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010.12.27 00:16:29 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2010.12.27 00:16:05 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys [2010.12.26 22:56:02 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\.minecraft [2010.12.26 17:34:42 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll [2010.12.26 17:34:42 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.12.26 17:34:41 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010.12.26 17:34:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.12.26 17:34:40 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2010.12.26 17:34:40 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010.12.26 17:34:40 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010.12.26 17:34:40 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2010.12.26 17:34:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.12.26 17:34:32 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.12.26 17:34:32 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.12.26 17:34:32 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.12.26 17:34:32 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.12.26 17:34:32 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.12.26 17:34:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.12.26 17:34:32 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.12.26 17:34:32 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.12.26 17:34:32 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.12.26 17:34:32 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.12.26 17:34:31 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.12.26 17:34:30 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010.12.26 17:34:30 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010.12.26 17:34:30 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010.12.26 17:34:30 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe [2010.12.26 17:34:29 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2010.12.26 17:34:29 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys [2010.12.26 17:34:28 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.12.26 17:34:23 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll [2010.12.26 17:34:23 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe [2010.12.26 17:34:23 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe [2010.12.26 17:34:19 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.12.26 17:34:17 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.12.26 17:34:17 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.12.26 17:34:09 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2010.12.26 17:34:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2010.12.26 17:34:07 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.12.26 17:34:06 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll [2010.12.26 17:34:06 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010.12.26 17:34:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.12.26 17:34:05 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.12.26 17:34:05 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.12.26 17:34:01 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.12.26 17:34:00 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.12.26 17:34:00 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2010.12.26 17:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard [2010.12.26 17:30:38 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.12.26 16:16:51 | 000,000,000 | ---D | C] -- C:\Programme\Safari [2010.12.26 16:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2010.12.26 16:15:19 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.12.26 16:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime ========== Files - Modified Within 30 Days ========== [2011.01.17 15:07:53 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\tetpv.sys [2011.01.17 14:30:18 | 000,001,242 | ---- | M] () -- C:\Users\Daniel\Desktop\Spybot - Search & Destroy.lnk [2011.01.17 14:23:31 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.17 13:58:12 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.17 13:58:12 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.17 13:50:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.17 13:50:35 | 2616,745,984 | -HS- | M] () -- C:\hiberfil.sys [2011.01.15 20:43:09 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys [2011.01.14 22:33:57 | 000,001,289 | ---- | M] () -- C:\Users\Daniel\Desktop\Temp.lnk [2011.01.14 22:33:18 | 000,002,163 | ---- | M] () -- C:\Users\Daniel\Desktop\Temporary Internet Files.lnk [2011.01.13 20:48:14 | 000,000,584 | ---- | M] () -- C:\Users\Daniel\Desktop\Fraps.lnk [2011.01.11 22:22:41 | 000,017,408 | ---- | M] () -- C:\Users\Daniel\AppData\Local\WebpageIcons.db [2011.01.11 20:22:37 | 000,000,526 | ---- | M] () -- C:\Windows\eReg.dat [2011.01.06 21:00:25 | 000,004,608 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.06 20:01:52 | 000,001,840 | ---- | M] () -- C:\Users\Daniel\Desktop\Zattoo.lnk [2011.01.04 17:56:19 | 000,001,320 | ---- | M] () -- C:\Users\Daniel\Documents\mcedit.ini [2011.01.01 12:51:17 | 000,655,604 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.01.01 12:51:17 | 000,616,484 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.01.01 12:51:17 | 000,130,516 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.01.01 12:51:17 | 000,106,864 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.12.30 12:20:29 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\000017B4.LCS [2010.12.30 01:23:20 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2010.12.30 01:23:19 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys [2010.12.29 14:42:46 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2010.12.29 13:48:21 | 356,719,174 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.12.28 17:40:38 | 000,000,649 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2010.12.28 16:32:26 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2010.12.28 14:41:12 | 000,000,708 | ---- | M] () -- C:\Users\Daniel\Desktop\MSI Afterburner.lnk [2010.12.28 00:55:37 | 000,229,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMM.sys [2010.12.27 18:15:31 | 000,002,073 | ---- | M] () -- C:\Users\Daniel\Desktop\MCEdit.lnk [2010.12.27 17:48:14 | 000,146,688 | ---- | M] () -- C:\Windows\hpoins44.dat [2010.12.27 11:24:45 | 003,640,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.12.26 22:55:53 | 000,232,501 | ---- | M] () -- C:\Users\Daniel\Desktop\Minecraft.exe [2010.12.26 16:16:54 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2010.12.26 16:15:35 | 000,001,543 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.12.26 16:11:40 | 000,001,837 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2011.01.17 15:07:53 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\tetpv.sys [2011.01.17 14:30:18 | 000,001,242 | ---- | C] () -- C:\Users\Daniel\Desktop\Spybot - Search & Destroy.lnk [2011.01.17 14:23:31 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.14 22:31:21 | 000,002,163 | ---- | C] () -- C:\Users\Daniel\Desktop\Temporary Internet Files.lnk [2011.01.13 20:48:13 | 000,000,584 | ---- | C] () -- C:\Users\Daniel\Desktop\Fraps.lnk [2011.01.11 20:22:37 | 000,000,526 | ---- | C] () -- C:\Windows\eReg.dat [2011.01.06 21:00:24 | 000,004,608 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.06 20:01:57 | 000,017,408 | ---- | C] () -- C:\Users\Daniel\AppData\Local\WebpageIcons.db [2011.01.06 20:01:52 | 000,001,840 | ---- | C] () -- C:\Users\Daniel\Desktop\Zattoo.lnk [2010.12.30 12:18:46 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\000017B4.LCS [2010.12.30 01:23:19 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.12.30 01:23:19 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2010.12.29 14:42:46 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2010.12.29 13:48:21 | 356,719,174 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.12.28 17:35:31 | 000,000,649 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2010.12.28 16:32:25 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2010.12.28 14:41:11 | 000,000,708 | ---- | C] () -- C:\Users\Daniel\Desktop\MSI Afterburner.lnk [2010.12.27 18:15:37 | 000,001,320 | ---- | C] () -- C:\Users\Daniel\Documents\mcedit.ini [2010.12.27 18:15:31 | 000,002,073 | ---- | C] () -- C:\Users\Daniel\Desktop\MCEdit.lnk [2010.12.27 17:41:46 | 000,000,357 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010.12.27 17:41:45 | 000,146,688 | ---- | C] () -- C:\Windows\hpoins44.dat [2010.12.27 17:41:45 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat [2010.12.26 22:55:52 | 000,232,501 | ---- | C] () -- C:\Users\Daniel\Desktop\Minecraft.exe [2010.12.26 16:16:53 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2010.12.26 16:15:35 | 000,001,543 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.12.26 16:11:40 | 000,001,837 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll < End of report > |
17.01.2011, 19:10 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | svchost.bat? Was ist das? Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
__________________ Logfiles bitte immer in CODE-Tags posten |
17.01.2011, 19:15 | #9 |
| svchost.bat? Was ist das? Nein, gibt es nicht. |
17.01.2011, 19:26 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | svchost.bat? Was ist das? Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O4 - HKLM..\Run: [MagicTuneEngine] File not found O4 - HKLM..\Run: [Update] File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.12.30 22:35:26 | 000,000,088 | ---- | M] () - E:\Autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2010.11.25 21:38:10 | 000,000,000 | ---D | M] - E:\AutoBackup2 -- [ FAT32 ] O33 - MountPoints2\{0909c1c1-1401-11e0-9605-4487fc575c0c}\Shell - "" = AutoRun O33 - MountPoints2\{0909c1c1-1401-11e0-9605-4487fc575c0c}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE O33 - MountPoints2\{fb77fc0b-04ae-11e0-8f7d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{fb77fc0b-04ae-11e0-8f7d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\X\Shell - "" = AutoRun O33 - MountPoints2\X\Shell\AutoRun\command - "" = X:\setup.exe [2011.01.16 15:37:59 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{55E8946D-80B1-455D-A733-61F8E691B044} [2011.01.15 21:14:29 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{805CFEEA-09F3-4F5F-8851-021600B3ABAC} [2011.01.02 14:32:41 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{199DA840-424E-4890-A832-AF03690DFE17} [2011.01.01 12:47:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{B034AFCB-95F0-4EAA-93BB-3EF57B24EDCE} [2011.01.01 12:18:43 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{AA4E31FD-C175-40B8-B73B-35FB40EC470D} [2010.12.31 23:18:35 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{D2AD38A3-C36A-41A6-A70E-03F136377506} [2010.12.31 11:18:08 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{2FE9414D-7136-4A6E-9066-E1FC354C73CE} [2010.12.30 01:12:15 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{A9CFF0C5-2185-4AD0-85A3-E542B156EC01} [2010.12.30 01:12:14 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\{023D09EA-4EEB-4F89-9B5F-145A0235D115} [2011.01.17 15:07:53 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\tetpv.sys :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
17.01.2011, 23:38 | #11 |
| svchost.bat? Was ist das? Okay - gebe dir morgen das Logfile. Danke und lieben Gruß |
18.01.2011, 14:52 | #12 |
| svchost.bat? Was ist das? Hier: Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MagicTuneEngine deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Update deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. E:\Autorun.inf moved successfully. File not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0909c1c1-1401-11e0-9605-4487fc575c0c}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0909c1c1-1401-11e0-9605-4487fc575c0c}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0909c1c1-1401-11e0-9605-4487fc575c0c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0909c1c1-1401-11e0-9605-4487fc575c0c}\ not found. File F:\AUTORUN.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb77fc0b-04ae-11e0-8f7d-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb77fc0b-04ae-11e0-8f7d-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb77fc0b-04ae-11e0-8f7d-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb77fc0b-04ae-11e0-8f7d-806e6f6e6963}\ not found. File F:\setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\ not found. File X:\setup.exe not found. C:\Users\Daniel\AppData\Local\{55E8946D-80B1-455D-A733-61F8E691B044} folder moved successfully. C:\Users\Daniel\AppData\Local\{805CFEEA-09F3-4F5F-8851-021600B3ABAC} folder moved successfully. C:\Users\Daniel\AppData\Local\{199DA840-424E-4890-A832-AF03690DFE17} folder moved successfully. C:\Users\Daniel\AppData\Local\{B034AFCB-95F0-4EAA-93BB-3EF57B24EDCE} folder moved successfully. C:\Users\Daniel\AppData\Local\{AA4E31FD-C175-40B8-B73B-35FB40EC470D} folder moved successfully. C:\Users\Daniel\AppData\Local\{D2AD38A3-C36A-41A6-A70E-03F136377506} folder moved successfully. C:\Users\Daniel\AppData\Local\{2FE9414D-7136-4A6E-9066-E1FC354C73CE} folder moved successfully. C:\Users\Daniel\AppData\Local\{A9CFF0C5-2185-4AD0-85A3-E542B156EC01} folder moved successfully. C:\Users\Daniel\AppData\Local\{023D09EA-4EEB-4F89-9B5F-145A0235D115} folder moved successfully. File C:\Windows\System32\drivers\tetpv.sys not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Daniel ->Temp folder emptied: 6205 bytes ->Temporary Internet Files folder emptied: 295783 bytes ->Java cache emptied: 131108 bytes ->FireFox cache emptied: 47471001 bytes ->Google Chrome cache emptied: 256824179 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 7660 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1572032 bytes RecycleBin emptied: 5308247392 bytes Total Files Cleaned = 5.355,00 mb OTL by OldTimer - Version 3.2.20.2 log created on 01182011_144757 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
18.01.2011, 14:56 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | svchost.bat? Was ist das? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
18.01.2011, 15:16 | #14 |
| svchost.bat? Was ist das? Bin beim CCleaner auf ein Problem gestossen: Und zwar kommen bei der Registry Reinigung 2 Fehler immer wieder: myimg.de/?img=trojanerboard2f7aa.png (Rot markiert im Bild) Also ich klick auf Fehler beheben: Sie sind weg. Dann nach der Anleitung auf "Fehler suchen" und sie erscheinen wieder.. |
18.01.2011, 15:19 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | svchost.bat? Was ist das? Ignorier das und mach mit CF weiter.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu svchost.bat? Was ist das? |
ausgeführt, datei, frage, heute, link, manager, mehrfach, nichts, norton, norton 360, nützliches, start, svchost.bat, total, troja, trojaner, wirklich, woche |