Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Antivirus.net

Antivirus.net


Log-Analyse und Auswertung: Antivirus.net

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 03.02.2011, 02:46   #1
Mr.Bean
 
Antivirus.net - Standard

Antivirus.net


Moin

Heute Nacht war ich via Google auf der Suche nach der Abkürzung "TTL". Via Google kam ich auf ein Torrent Board auf dem eine Erklärung zu "TTL" stand. Wie üblich sind diese Boards mit werbelayern gespickt. Kurz nachdem ich den werbelayer weg geklickt hatte, popte das antivirus.net Fenster auf und "suchte" auf meinem Sys nach Malware. (Browser ist Opera)

Da ich in all meinen Jahren nie einen solchen Fall erlebt hatte und Windows 7 sowie avast auf dem neusten Stand sind war klar das Vorsicht angesagt war.

Bevor ich irgendwie in dem Fenster was anklickte suchte ich via google nach dem Problem. Schnell landete ich hier und in der FAQ ist es auch schon drin. (Scheint ja ziemlich neu zu sein )

Bin nach dieser Anleitung -> http://www.trojaner-board.de/95206-a...entfernen.html vorgegangen.

Meine Frage, könnt ihr Profis noch was im Log von OTL was erkennen? Wenn ja, System neu aufsetzen? Danke schon jetzt


PS: Mein Benutzername wurde durch Xxx ersetzt. Des weiteren wurden die manuell eingetragenen Hosts unkenntlich gemacht.



Code:
ATTFilter
OTL logfile created on: 03.02.2011 02:22:53 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
9.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 67.00% Memory free
9.00 Gb Paging File | 6.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): c:\pagefile.sys 16 1000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50.02 Gb Total Space | 13.45 Gb Free Space | 26.89% Space Free | Partition Type: NTFS
Drive D: | 89.71 Gb Total Space | 55.84 Gb Free Space | 62.25% Space Free | Partition Type: NTFS
Drive G: | 292.97 Gb Total Space | 282.78 Gb Free Space | 96.52% Space Free | Partition Type: NTFS
Drive L: | 292.97 Gb Total Space | 1.96 Gb Free Space | 0.67% Space Free | Partition Type: NTFS
Drive M: | 150.25 Gb Total Space | 43.02 Gb Free Space | 28.63% Space Free | Partition Type: NTFS
Drive X: | 358.34 Gb Total Space | 1.94 Gb Free Space | 0.54% Space Free | Partition Type: NTFS
Drive Y: | 98.77 Gb Total Space | 29.03 Gb Free Space | 29.39% Space Free | Partition Type: NTFS
Drive Z: | 488.29 Gb Total Space | 30.98 Gb Free Space | 6.35% Space Free | Partition Type: NTFS
 
Computer Name: LOST-RED | User Name: Xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - D:\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe (Motorola)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - D:\VMware\vmware-authd.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - D:\Lavalys.Everest.Ultimate.Edition.v.5.02.1823beta.Portable.Multilingual.WinAll\everest.exe (Lavalys, Inc.)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)

 
 
========== Modules (SafeList) ==========
 
MOD - C:\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE ()
SRV - (HotspotShieldService) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
SRV - (MotoConnect Service) -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe ()
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- D:\VMware\vmware-authd.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (ufad-ws60) -- D:\VMware\vmware-ufad.exe (VMware, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (DroidCam) -- C:\Windows\SysNative\drivers\droidcam.sys (Dev47Apps)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\drivers\HssDrv.sys (AnchorFree Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (motmodem) -- C:\Windows\SysNative\drivers\motmodem.sys (Motorola)
DRV:64bit: - (motccgp) -- C:\Windows\SysNative\drivers\motccgp.sys (Motorola)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (Motousbnet) -- C:\Windows\SysNative\drivers\Motousbnet.sys (Motorola)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (motusbdevice) -- C:\Windows\SysNative\drivers\motusbdevice.sys (Motorola Inc)
DRV:64bit: - (ezplay) -- C:\Windows\SysNative\drivers\ezplay.sys (VSO Software)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (Pcouffin64) -- C:\Windows\SysNative\drivers\pcouffin64a.sys (VSO Software)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\wg111v3.sys (NETGEAR Inc.                           )
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\Windows\SysNative\drivers\tdrpm251.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (motandroidusb) -- C:\Windows\SysNative\drivers\motoandroid.sys (Motorola)
DRV:64bit: - (LGPBTDD) -- C:\Windows\SysNative\drivers\LGPBTDD.sys (Logitech Inc.)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech)
DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech)
DRV:64bit: - (MotDev) -- C:\Windows\SysNative\drivers\motodrv.sys (Motorola Inc)
DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (motccgpfl) -- C:\Windows\SysNative\drivers\motccgpfl.sys (Motorola)
DRV:64bit: - (BTCFilterService) -- C:\Windows\SysNative\drivers\motfilt.sys (Motorola Inc)
DRV:64bit: - (KoneFltr) -- C:\Windows\SysNative\drivers\Kone.sys (ROCCAT Ltd)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV:64bit: - (USBPNPA) -- C:\Windows\SysNative\drivers\CM10864.sys (C-Media Electronics Inc)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (AmdTools64) -- C:\Windows\SysNative\drivers\AmdTools64.sys (AMD, Inc.)
DRV:64bit: - (MotoSwitchService) -- C:\Windows\SysNative\drivers\motswch.sys (Motorola)
DRV - (atitray) -- C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray64.sys ()
DRV - (vstor2-ws60) -- D:\VMware\vstor2-ws60.sys (VMware, Inc.)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (EverestDriver) -- D:\Lavalys.Everest.Ultimate.Edition.v.5.02.1823beta.Portable.Multilingual.WinAll\kerneld.amd64 ()
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()
DRV - (NPF) -- C:\Windows\SysWOW64\drivers\npf.sys (CACE Technologies)
DRV - (UltraMonUtility) -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys (Realtime Soft Ltd)
DRV - (ENTECH64) -- C:\Windows\SysWOW64\drivers\Entech64.sys (EnTech Taiwan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1711409505-1225601566-3015681340-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1711409505-1225601566-3015681340-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx
IE - HKU\S-1-5-21-1711409505-1225601566-3015681340-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKU\S-1-5-21-1711409505-1225601566-3015681340-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D9 3F 66 0A AF 5C CA 01  [binary data]
IE - HKU\S-1-5-21-1711409505-1225601566-3015681340-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1711409505-1225601566-3015681340-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
 
 
[2010.07.13 08:46:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Extensions
[2010.11.24 21:24:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\d41tcsop.default\extensions
[2010.11.17 03:21:49 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\d41tcsop.default\extensions\firefox@tvunetworks.com
 
O1 HOSTS File: ([2010.11.05 03:30:37 | 000,000,952 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 0.0.0.0 xxx.com
O1 - Hosts: 127.0.0.1 xxx.com
O1 - Hosts: 127.0.0.1 xxx.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKU\S-1-5-21-1711409505-1225601566-3015681340-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-1711409505-1225601566-3015681340-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ATICustomerCare]  File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk ()
O4 - HKLM..\Run: [Kone] C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT)
O4 - HKLM..\Run: [Logitech G35] C:\Programme\Logitech\G35\G35.exe (Logitech(c))
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] D:\Malwarebytes\start.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SimpleScreenshot] C:\PROGRA~2\SSS\SIMPLESCREENSHOT.EXE (Mirko Böer)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1711409505-1225601566-3015681340-1001..\Run: [AtiTrayTools] C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams)
O4 - HKU\S-1-5-21-1711409505-1225601566-3015681340-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1711409505-1225601566-3015681340-1001..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1711409505-1225601566-3015681340-1001..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4:64bit: - HKLM..\RunOnce: [C:\Windows\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\atiilhag.inf_amd64_neutral_951c1812f542740a]  File not found
O4:64bit: - HKLM..\RunOnce: [C:\Windows\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\atiriol6.inf_amd64_neutral_bde34ad5722cca75]  File not found
O4:64bit: - HKLM..\RunOnce: [C:\Windows\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\c7_83743.inf_amd64_neutral_6d3a59cfb67ef877]  File not found
O4:64bit: - HKLM..\RunOnce: [C:\Windows\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\c7_91527.inf_amd64_neutral_28b5c191aefb7093]  File not found
O4:64bit: - HKLM..\RunOnce: [C:\Windows\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\c7_92175.inf_amd64_neutral_f226cf4156e4c84d]  File not found
O4:64bit: - HKLM..\RunOnce: [C:\Windows\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\c7_92499.inf_amd64_neutral_cb9a41ccd6679d90]  File not found
O4:64bit: - HKLM..\RunOnce: [C:\Windows\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\c7_92914.inf_amd64_neutral_027c1f8bfdf143fb]  File not found
O4:64bit: - HKLM..\RunOnce: [C:\Windows\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\c7_97799.inf_amd64_neutral_694284cc5b1a1a81]  File not found
O4:64bit: - HKLM..\RunOnce: [C:\Windows\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\c7_98646.inf_amd64_neutral_e1d8b7d29c864164]  File not found
O4:64bit: - HKLM..\RunOnce: [C:\Windows\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\c7_98769.inf_amd64_neutral_38e09dd7db1f1e3a]  File not found
O4:64bit: - HKLM..\RunOnce: [C:\Windows\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\c7100948.inf_amd64_neutral_09bd8463bf5cd66f]  File not found
O4:64bit: - HKLM..\RunOnce: [C:\Windows\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\c7104558.inf_amd64_neutral_554171688b125583]  File not found
O4:64bit: - HKLM..\RunOnce: [C:\Windows\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\c7107888.inf_amd64_neutral_c0055259e7887347]  File not found
O4:64bit: - HKLM..\RunOnce: [C:\Windows\WINSXS\amd64_atiilhag.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ff5a607728bcaa26]  File not found
O4:64bit: - HKLM..\RunOnce: [C:\Windows\WINSXS\amd64_atiilhag.inf_31bf3856ad364e35_6.1.7600.16385_none_019357585ef99a63]  File not found
O4:64bit: - HKLM..\RunOnce: [C:\Windows\WINSXS\amd64_atiriol6.inf_31bf3856ad364e35_6.1.7600.16385_none_a909ad21d26d5bd0]  File not found
O4:64bit: - HKLM..\RunOnce: [C:\Windows\winsxs\Manifests\amd64_atiilhag.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_ff5a607728bcaa26.manifest] C:\Windows\SysNative\cmd.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [C:\Windows\winsxs\Manifests\amd64_atiilhag.inf_31bf3856ad364e35_6.1.7600.16385_none_019357585ef99a63.manifest] C:\Windows\SysNative\cmd.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [C:\Windows\winsxs\Manifests\amd64_atiilhag.inf-languagepack_31bf3856ad364e35_6.1.7600.16385_de-de_f8d25a2640ae7677.manifest] C:\Windows\SysNative\cmd.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [C:\Windows\winsxs\Manifests\amd64_atiriol6.inf_31bf3856ad364e35_6.1.7600.16385_none_a909ad21d26d5bd0.manifest] C:\Windows\SysNative\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin]  File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin]  File not found
O4 - Startup: C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\everest_start.exe - Verknüpfung.lnk = D:\Lavalys.Everest.Ultimate.Edition.v.5.02.1823beta.Portable.Multilingual.WinAll\everest_start.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1711409505-1225601566-3015681340-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\VMware\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\VMware\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\VMware\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\VMware\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{667a045f-dd44-11de-a641-00241d7fd976}\Shell - "" = AutoRun
O33 - MountPoints2\{667a045f-dd44-11de-a641-00241d7fd976}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.03 01:53:16 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\OTH.scr
[2011.02.03 01:42:13 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Malwarebytes
[2011.02.03 01:42:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.02.03 01:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.03 01:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.02.03 01:42:05 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.02.03 01:34:54 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2011.02.02 00:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SHOUTcast
[2011.02.01 19:27:47 | 000,025,216 | ---- | C] (Dev47Apps) -- C:\Windows\SysNative\drivers\droidcam.sys
[2011.01.28 23:38:29 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Local\EA Games
[2011.01.28 23:27:29 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2011.01.28 23:27:29 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2011.01.28 23:27:29 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2011.01.28 23:27:29 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2011.01.28 23:27:29 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2011.01.28 23:27:29 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2011.01.28 23:27:28 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2011.01.28 23:27:28 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2011.01.28 23:27:28 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2011.01.28 23:27:28 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2011.01.28 23:27:28 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2011.01.28 23:27:28 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2011.01.28 23:27:28 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2011.01.28 23:27:28 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2011.01.28 23:27:27 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2011.01.28 23:27:27 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2011.01.28 23:25:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2011.01.28 19:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modern Warfare
[2011.01.27 03:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NIAsoft
[2011.01.27 03:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NIAsoft
[2011.01.27 03:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011.01.27 03:24:30 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Local\Intel
[2011.01.27 03:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2011.01.23 15:04:43 | 000,000,000 | ---D | C] -- C:\THM
[2011.01.22 19:03:58 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Rovio
[2011.01.22 18:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2011.01.22 17:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apache
[2011.01.22 17:27:35 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Local\Apache
[2011.01.22 16:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.01.22 16:54:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011.01.22 16:54:10 | 000,000,000 | ---D | C] -- C:\Programme\ATI
[2011.01.22 16:53:44 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies
[2011.01.22 16:53:22 | 000,000,000 | ---D | C] -- C:\ATI
[2011.01.22 16:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Sweeper
[2011.01.22 16:41:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phyxion.net
[2011.01.22 16:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.01.19 17:46:32 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Attack Surface Analyzer
[2011.01.19 17:46:22 | 000,000,000 | ---D | C] -- C:\Programme\Attack Surface Analyzer
[2011.01.17 19:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2011.01.17 16:35:43 | 000,237,168 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011.01.15 16:09:34 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\.minecraft
[2011.01.15 16:09:16 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\.minecraft server
[2011.01.13 04:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kroll Ontrack
[2011.01.13 04:56:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kroll Ontrack
[2011.01.13 04:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2011.01.13 04:42:18 | 000,000,000 | ---D | C] -- C:\Programme\Recuva
[2011.01.13 04:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Scavenger 3.2
[2011.01.13 04:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Scavenger 3.2
[2011.01.11 23:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux
[2011.01.11 23:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avidemux 2.5
[2011.01.11 22:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2011.01.09 23:16:06 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Local\BitShare.com
[2011.01.09 23:15:54 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitShare.com
[2011.01.09 23:15:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitShare.com
[2011.01.08 14:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub
[2011.01.08 14:46:06 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Local\SubtitleCreator
[2011.01.05 19:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\FlashFXP
[2009.12.09 15:45:30 | 000,118,400 | ---- | C] (VSO Software) -- C:\Users\Xxx\AppData\Roaming\ezplay.sys
[2009.12.09 15:45:24 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Xxx\AppData\Roaming\pcouffin.sys
[2009.06.04 00:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.03 01:55:50 | 001,506,624 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.02.03 01:55:50 | 000,656,612 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.02.03 01:55:50 | 000,618,494 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.02.03 01:55:50 | 000,131,010 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.02.03 01:55:50 | 000,107,400 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.02.03 01:54:45 | 000,000,094 | ---- | M] () -- C:\Windows\SysWow64\everest_cpl.ini
[2011.02.03 01:53:16 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\OTH.scr
[2011.02.03 01:52:18 | 000,010,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.03 01:52:18 | 000,010,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.03 01:47:06 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.03 01:47:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.03 01:46:13 | 000,062,788 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000009-00000000-00000001-00001102-00000005-00211102}.rfx
[2011.02.03 01:46:13 | 000,062,788 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000009-00000000-00000001-00001102-00000005-00211102}.rfx
[2011.02.03 01:46:13 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000009-00000000-00000001-00001102-00000005-00211102}.rfx
[2011.02.03 01:42:00 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.03 01:34:28 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011.02.03 01:26:00 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.02.03 01:26:00 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.02.01 21:53:31 | 000,004,599 | ---- | M] () -- C:\Users\Xxx\Documents\Info.nfo
[2011.02.01 20:58:48 | 000,000,031 | ---- | M] () -- C:\ProgramData\droidcam-settings
[2011.02.01 19:27:47 | 000,025,216 | ---- | M] (Dev47Apps) -- C:\Windows\SysNative\drivers\droidcam.sys
[2011.01.31 20:25:38 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.01.30 16:07:33 | 000,001,239 | ---- | M] () -- C:\Users\Xxx\Desktop\SERVER.lnk
[2011.01.29 05:06:04 | 000,005,120 | ---- | M] () -- C:\Windows\SysWow64\BReWErS.dll
[2011.01.28 19:19:17 | 000,000,300 | ---- | M] () -- C:\Windows\game.ini
[2011.01.26 03:59:06 | 000,199,877 | ---- | M] () -- C:\Users\Xxx\Documents\CT - Die Abmahnindustrie.pdf
[2011.01.25 20:14:18 | 000,252,077 | ---- | M] () -- C:\Users\Xxx\Documents\ts3_clientui-win64-12815-2011-01-25 20_14_18.078260.dmp
[2011.01.25 01:51:29 | 000,257,589 | ---- | M] () -- C:\Users\Xxx\Documents\ts3_clientui-win64-12815-2011-01-25 01_51_28.682587.dmp
[2011.01.22 16:56:45 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011.01.22 16:15:19 | 000,256,013 | ---- | M] () -- C:\Users\Xxx\Documents\ts3_clientui-win64-12815-2011-01-22 16_15_19.801725.dmp
[2011.01.20 21:09:08 | 000,470,029 | ---- | M] () -- C:\Users\Xxx\Documents\AA - AirsoftArea.ch - Thema anzeigen - V_ Mentor Verkauft AEG wo Hin ist XD.mht
[2011.01.20 18:50:34 | 000,251,933 | ---- | M] () -- C:\Users\Xxx\Documents\ts3_clientui-win64-12815-2011-01-20 18_50_33.603849.dmp
[2011.01.18 13:40:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011.01.13 09:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.01.13 09:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011.01.13 09:47:23 | 000,237,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011.01.13 09:41:44 | 000,273,488 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011.01.13 09:40:20 | 000,051,792 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011.01.13 09:37:34 | 000,029,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011.01.13 09:37:23 | 000,062,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011.01.13 09:37:12 | 000,020,560 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011.01.13 04:56:38 | 000,001,137 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf
[2011.01.13 04:30:56 | 000,000,229 | ---- | M] () -- C:\Users\Xxx\Documents\License.reg
[2011.01.10 14:08:05 | 000,012,562 | ---- | M] () -- C:\Users\Xxx\Documents\mygully.rtf
[2011.01.10 03:31:46 | 000,005,827 | ---- | M] () -- C:\Users\Xxx\Documents\mygully2.rtf
[2011.01.10 03:01:46 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2011.01.09 23:16:49 | 000,000,600 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\winscp.rnd
[2011.01.09 03:18:27 | 000,000,921 | ---- | M] () -- C:\Windows\QSFVExit.bat
[2011.01.04 20:04:33 | 000,001,041 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\vso_ts_preview.xml
[2011.01.04 06:17:29 | 000,007,634 | ---- | M] () -- C:\Users\Xxx\AppData\Local\Resmon.ResmonCfg
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.01 21:53:30 | 000,004,599 | ---- | C] () -- C:\Users\Xxx\Documents\Info.nfo
[2011.02.01 19:27:51 | 000,001,073 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DroidCam.lnk
[2011.01.30 17:22:37 | 000,000,000 | ---- | C] () -- C:\Users\Xxx\Sti_Trace.log
[2011.01.29 06:23:42 | 000,001,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011.01.28 19:19:17 | 000,000,300 | ---- | C] () -- C:\Windows\game.ini
[2011.01.26 03:59:06 | 000,199,877 | ---- | C] () -- C:\Users\Xxx\Documents\CT - Die Abmahnindustrie.pdf
[2011.01.25 20:14:18 | 000,252,077 | ---- | C] () -- C:\Users\Xxx\Documents\ts3_clientui-win64-12815-2011-01-25 20_14_18.078260.dmp
[2011.01.25 01:51:28 | 000,257,589 | ---- | C] () -- C:\Users\Xxx\Documents\ts3_clientui-win64-12815-2011-01-25 01_51_28.682587.dmp
[2011.01.22 16:56:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.01.22 16:15:19 | 000,256,013 | ---- | C] () -- C:\Users\Xxx\Documents\ts3_clientui-win64-12815-2011-01-22 16_15_19.801725.dmp
[2011.01.20 21:06:07 | 000,470,029 | ---- | C] () -- C:\Users\Xxx\Documents\AA - AirsoftArea.ch - Thema anzeigen - V_ Mentor Verkauft AEG wo Hin ist XD.mht
[2011.01.20 18:50:33 | 000,251,933 | ---- | C] () -- C:\Users\Xxx\Documents\ts3_clientui-win64-12815-2011-01-20 18_50_33.603849.dmp
[2011.01.19 17:46:22 | 000,002,256 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Attack Surface Analyzer.lnk
[2011.01.17 19:59:46 | 000,001,347 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2011.01.13 04:56:38 | 000,000,535 | ---- | C] () -- C:\Windows\SysWow64\MAPISVC.BAK
[2011.01.13 04:30:56 | 000,000,229 | ---- | C] () -- C:\Users\Xxx\Documents\License.reg
[2011.01.10 03:24:44 | 000,005,827 | ---- | C] () -- C:\Users\Xxx\Documents\mygully2.rtf
[2011.01.10 01:58:28 | 000,012,562 | ---- | C] () -- C:\Users\Xxx\Documents\mygully.rtf
[2011.01.09 03:18:27 | 000,000,921 | ---- | C] () -- C:\Windows\QSFVExit.bat
[2011.01.06 02:18:58 | 000,000,600 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\winscp.rnd
[2011.01.01 17:13:30 | 000,001,041 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\vso_ts_preview.xml
[2010.12.14 19:19:09 | 000,000,132 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.11.08 01:19:55 | 000,000,031 | ---- | C] () -- C:\ProgramData\droidcam-settings
[2010.11.01 23:18:42 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010.10.17 14:27:03 | 000,000,053 | ---- | C] () -- C:\Windows\SysWow64\aida_cpl.ini
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.07.01 11:52:17 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.07.01 11:24:56 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.06.20 00:46:44 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.06.08 23:52:29 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI
[2010.04.24 03:51:53 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2010.03.12 04:11:08 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2010.02.10 20:05:18 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\BReWErS.dll
[2010.02.03 00:56:09 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.02.02 17:42:12 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.02.02 17:42:11 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.02.02 17:42:11 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.02.02 17:42:10 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.01.13 02:10:22 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.01.05 00:44:42 | 000,000,136 | ---- | C] () -- C:\Windows\SysWow64\cpuz.ini
[2009.12.09 15:45:32 | 000,000,034 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\ezplay.log
[2009.12.09 15:45:30 | 000,007,833 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\ezplay.cat
[2009.12.09 15:45:30 | 000,001,126 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\ezplay.inf
[2009.12.09 15:45:30 | 000,000,125 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\ezplay.ini
[2009.12.09 15:45:30 | 000,000,033 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\pcouffin.log
[2009.12.09 15:45:24 | 000,099,384 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\inst.exe
[2009.12.09 15:45:24 | 000,007,859 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\pcouffin.cat
[2009.12.09 15:45:24 | 000,001,167 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\pcouffin.inf
[2009.12.08 01:25:31 | 000,000,197 | ---- | C] () -- C:\Windows\sripper.ini
[2009.12.08 01:25:31 | 000,000,053 | ---- | C] () -- C:\Windows\StreamRipper32.INI
[2009.11.24 19:06:37 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009.11.23 14:42:52 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.11.21 18:42:47 | 000,215,144 | ---- | C] () -- C:\Windows\patchw32.dll
[2009.11.15 01:14:10 | 000,139,264 | ---- | C] () -- C:\Windows\Vmix108.dll
[2009.11.15 01:14:10 | 000,001,014 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2009.11.15 01:14:08 | 000,002,029 | ---- | C] () -- C:\Windows\Cm108.ini.cfg
[2009.11.15 01:14:08 | 000,000,096 | ---- | C] () -- C:\Windows\Cm108.ini.imi
[2009.11.15 01:14:07 | 000,001,096 | ---- | C] () -- C:\Windows\cm108.ini
[2009.11.07 19:03:40 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.11.07 19:03:40 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.11.07 19:03:25 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2009.11.04 14:10:06 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll
[2009.11.02 02:37:15 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009.10.26 18:52:53 | 000,000,094 | ---- | C] () -- C:\Windows\SysWow64\everest_cpl.ini
[2009.10.26 18:42:56 | 000,007,634 | ---- | C] () -- C:\Users\Xxx\AppData\Local\Resmon.ResmonCfg
[2009.10.26 18:00:46 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2009.10.26 12:04:45 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.04 01:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009.06.04 01:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009.06.04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009.05.27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2007.03.04 10:34:14 | 000,000,169 | ---- | C] () -- C:\Windows\SysWow64\vba2719.dll
 
========== LOP Check ==========
 
[2011.01.15 16:14:26 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\.minecraft
[2011.01.15 16:21:47 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\.minecraft server
[2010.12.09 01:23:56 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\.minecraft server.bak
[2010.12.23 13:58:23 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\.minecraft.bak
[2010.07.20 02:29:59 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Acronis
[2010.12.15 01:43:18 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Audacity
[2010.09.13 01:21:07 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\avidemux
[2010.12.26 18:21:13 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\BFBC2CC
[2010.02.10 13:40:21 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Bioshock2
[2010.02.04 14:36:50 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Canneverbe Limited
[2009.11.24 19:06:45 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Canneverbe_Limited
[2010.09.21 15:36:42 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Canon
[2009.10.26 20:01:33 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\DAEMON Tools Lite
[2010.10.13 22:33:02 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\EditPlus 3
[2009.12.30 18:02:43 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\FlyWheelGames
[2009.11.04 12:55:27 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Folding@home-x86
[2011.01.15 19:07:02 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Free Download Manager
[2010.02.04 16:44:22 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\FrostWire
[2010.02.16 04:20:08 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Galcon Fusion
[2010.11.01 23:34:10 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\GrabPro
[2010.02.19 02:03:42 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\IrfanView
[2010.01.11 01:11:12 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\iWin
[2010.06.03 09:31:55 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Leadertech
[2010.06.13 13:32:28 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Mael
[2011.01.03 16:27:02 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\MAXON
[2009.10.26 16:20:59 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\NetMeter
[2010.12.15 02:05:58 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Notepad++
[2010.03.03 15:34:29 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Opera
[2010.11.07 13:06:06 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Orbit
[2010.01.01 14:14:26 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Picturenaut
[2010.11.01 23:24:47 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\ProgSense
[2010.10.13 22:35:46 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\QXL Ricardo
[2009.10.27 12:32:02 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\ROCCAT
[2011.01.22 19:03:58 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Rovio
[2009.10.27 13:10:02 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\SimpleScreenshot
[2010.11.26 14:34:50 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\TeamViewer
[2010.12.15 02:05:33 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Teleca
[2010.12.08 03:22:51 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\TrueCrypt
[2011.01.18 01:11:44 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\TS3Client
[2009.11.01 03:01:40 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\TuneUp Software
[2011.02.03 02:25:51 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\uTorrent
[2011.01.04 20:04:33 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Vso
[2009.11.09 20:17:00 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\XRay Engine
[2010.01.01 15:20:49 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Zylom
[2011.01.11 01:19:56 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
Geändert von Mr.Bean (03.02.2011 um 03:28 Uhr)

Alt 03.02.2011, 19:51   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antivirus.net - Standard

Antivirus.net


Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________
Alt 03.02.2011, 20:38   #3
Mr.Bean
 
Antivirus.net - Standard

Antivirus.net


Hi cosinus


Hier noch die Log's

1. mbam-log-2011-02-03 (01-45-42) - Quickscan kurz nach der Infizierung (Only "C:\")
2. mbam-log-2011-02-03 (02-15-20) - Long scan nach der Säuberung
3. mbam-log-2011-02-03 (20-23-39) - Long scan heute Abend

Wie ich selbst in diesen Logs sehen kann, findet malewarebytes keine Dateien mehr. Ausser LOIC. Aber ich glaube wir wissen das LOIC nicht gefährlich ist.
__________________
Alt 03.02.2011, 20:46   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antivirus.net - Standard

Antivirus.net


Zitat:
d:\TEMP\LOIC.exe (PUP.HackTool.LOIC) -> No action taken.
Wieso entfernst du das nicht?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.02.2011, 20:51   #5
Mr.Bean
 
Antivirus.net - Standard

Antivirus.net


Weil ich das ab und zu brauche um die Astaro Firewall des Kollegen zu testen. LOIC ist OpenSource und nicht gefährlich.

hxxp://sourceforge.net/projects/loic/


Alt 03.02.2011, 20:53   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antivirus.net - Standard

Antivirus.net


Ok, LOIC kannte ich noch nicht.

Zitat:
O1 - Hosts: 0.0.0.0 xxx.com
O1 - Hosts: 127.0.0.1 xxx.com
O1 - Hosts: 127.0.0.1 xxx.com
Was haste da zensiert?
__________________
--> Antivirus.net

Alt 03.02.2011, 20:58   #7
Mr.Bean
 
Antivirus.net - Standard

Antivirus.net


Weil da drei Hosts eingetragen sind die niemand wissen muss

Wieso wurden die manuell eingetragen? Weil es mit diesen Servern immer wieder DNS Probleme gab

Alt 03.02.2011, 21:15   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antivirus.net - Standard

Antivirus.net


Welche DNS-Server sind denn das?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.02.2011, 22:13   #9
Mr.Bean
 
Antivirus.net - Standard

Antivirus.net


Why? das hat nichts mit dem Thema zu tun? Da standen Host die niemanden etwas angehen... Die Hosts wurden auch nicht von antivirus.net eingetragen sondern von mir von Hand....

Ein bisschen Privatsphäre sollte gestattet sein....

Alt 04.02.2011, 10:56   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antivirus.net - Standard

Antivirus.net


Es reicht mir, wenn du die DNS-Server beschrieben kannst. Sind das öffentlich erreichbare Server?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.02.2011, 11:02   #11
Mr.Bean
 
Antivirus.net - Standard

Antivirus.net


Ja, jeder kann sie erreichen nur ob er dann Zugriff hat ist die andere

Du fragst sicher weil ich bei zweien die localhost IP im log editiert habe?

Alt 04.02.2011, 14:22   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antivirus.net - Standard

Antivirus.net


Ja sowas interessiert mich, das ist auch sicherheitsrelevant.
Wenn du meinst, das sind DNS-Server, zB von Providern, dann reicht mir das- dann versteh ich aber nicht, was das mit Privatsphäre zun hat und du diese zensieren musst
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Antivirus.net
0x00000001, adobe, alternate, antivirus.net, avast, avast!, bho, browser, cdburnerxp, error, explorer, firefox, folding, format, frage, free download, google, helper, hotspot, hotspot shield, langs, launch, location, logfile, mozilla, netgear, neu aufsetzen, oldtimer, opera, opera.exe, otl.exe, plug-in, programdata, programme, realtek, registry, scan, server, software, sptd.sys, staropen, start menu, surface, system, system neu, system neu aufsetzen, syswow64, usb, webcheck, windows


« CPU Auslastung mehr als 50% | InternetExplorer öffnet dauernd Werbung »


Ähnliche Themen: Antivirus.net


  1. antivirus pro
    Log-Analyse und Auswertung - 19.12.2013 (6)
  2. Virus als Antivirus "Attentive Antivirus"
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (12)
  3. AVG Free Antivirus vs. Avira AntiVir Personal - FREE Antivirus
    Antiviren-, Firewall- und andere Schutzprogramme - 17.05.2012 (23)
  4. Fake Antivirus
    Plagegeister aller Art und deren Bekämpfung - 22.03.2011 (2)
  5. Antivirus .NET entfernen
    Anleitungen, FAQs & Links - 28.01.2011 (2)
  6. Antivirus 360
    Log-Analyse und Auswertung - 08.03.2009 (14)
  7. Antivirus Deaktiviert
    Log-Analyse und Auswertung - 06.02.2009 (1)
  8. antivirus 2009
    Mülltonne - 15.01.2009 (0)
  9. AntiVirus XP 08
    Plagegeister aller Art und deren Bekämpfung - 20.09.2008 (18)
  10. antivirus xp 2008 und smart antivirus 2009
    Plagegeister aller Art und deren Bekämpfung - 14.09.2008 (11)
  11. MS Antivirus
    Log-Analyse und Auswertung - 12.09.2008 (4)
  12. antivirus 2008
    Log-Analyse und Auswertung - 11.08.2008 (2)
  13. Antivirus XP 2008
    Plagegeister aller Art und deren Bekämpfung - 11.08.2008 (6)
  14. Antivirus 2008 XP (nicht "Antivirus XP 2008"!)
    Plagegeister aller Art und deren Bekämpfung - 10.08.2008 (1)
  15. Antivirus XP 2008
    Mülltonne - 04.08.2008 (0)
  16. Logfile von MW Antivirus?
    Log-Analyse und Auswertung - 28.03.2005 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Antivirus.net - Moin Heute Nacht war ich via Google auf der Suche nach der Abkürzung "TTL". Via Google kam ich auf ein Torrent Board auf dem eine Erklärung zu "TTL" stand. Wie - Antivirus.net...
Archiv
Du betrachtest: Antivirus.net auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19