| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: hotkeyshook und anderes Ungemach?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.02.2011, 17:21
| #1 |
| |  hotkeyshook und anderes Ungemach? Hallo auch! Wegen dem Download eines Trainers für Dead Space 2 von Code5.de öffneten sich eine Unmenge von Fenstern, habe ich mich hier etwas umgesehen und bin auf Malwarebytes' Anti-Malware gestossen. Die verdächtige Datei habe ich nebst Antivir auch über hxxp://virusscan.jotti.org/en geprüft und auch gelöscht. MbAM hat auch die hier im Forum beschriebene hotkeyshook.dll gefunden. (c:\Windows\System32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully). Das Problem ist auch nicht mehr aufgetreten und zumindest der Schnellscan ist sauber. Wegen diesem Forum bin ich allerdings auch auf OTL gestossen und da ich doch immer mal wieder auf die eine oder andere seltsame Internet-Site mit verdächtigen Nachrichten gelange (z.B. Zum Abbrechen der Insallation klicken sie Cancel.) habe ich ein Logfile erstellt und möchte gerne wissen, ob da sonst noch Ungemach verborgen liegt. HijackThis (hxxp://www.hijackthis.de/de#anl) gibt mir übrigens an, dass mein Logfile nur sichere Einträge beinhaltet. Spybot ist aktuell und findet ebenfalls nichts. Für eine Beurteilung der Log-Files wäre ich dankbar. Ich hoffe, alle nötigen Informationen sind enthalten und das Vorgehen korrekt. Ist mein erster Beitrag hier. Freundliche Grüsse OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.02.2011 16:48:39 - Run 4 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\***\Desktop Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free 7.00 Gb Paging File | 4.00 Gb Available in Paging File | 65.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931.52 Gb Total Space | 437.70 Gb Free Space | 46.99% Space Free | Partition Type: NTFS Drive D: | 2.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Drive E: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10m_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Programme\PC Tools Security\pctsGui.exe (PC Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.) PRC - C:\Programme\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\PC Tools Security\pctsSvc.exe (PC Tools) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) PRC - C:\Programme\PC Tools Security\pctsAuxs.exe (PC Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programme\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.) PRC - C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\WMPSideShowGadget.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\sttray.exe (SigmaTel, Inc.) PRC - C:\Games\CleanCache 3.0\CleanCache.exe (ButtUglySoftware) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\PC Tools Security\smum32.dll (PC Tools) MOD - C:\Programme\PC Tools Security\PCTGMhk.dll (PC Tools) MOD - C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies) MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll (Microsoft Corporation) MOD - C:\Windows\System32\WindowsCodecs.dll (Microsoft Corporation) MOD - C:\Windows\System32\EhStorShell.dll (Microsoft Corporation) MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (NMIndexingService) -- File not found SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.) SRV - (sdCoreService) -- C:\Programme\PC Tools Security\pctsSvc.exe (PC Tools) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies) SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (sdAuxService) -- C:\Programme\PC Tools Security\pctsAuxs.exe (PC Tools) SRV - (DAUpdaterSvc) -- C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET) -- C:\Program Files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (getPlus(R) Helper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (msvsmon80) -- c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (pctEFA) -- C:\Windows\system32\drivers\pctEFA.sys (PC Tools) DRV - (pctDS) -- C:\Windows\system32\drivers\pctDS.sys (PC Tools) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (LHidEqd) -- C:\Windows\System32\drivers\LHidEqd.sys (Logitech, Inc.) DRV - (LEqdUsb) -- C:\Windows\System32\drivers\LEqdUsb.sys (Logitech, Inc.) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (s3117obex) -- C:\Windows\System32\drivers\s3117obex.sys (MCCI Corporation) DRV - (s3117mdfl) -- C:\Windows\System32\drivers\s3117mdfl.sys (MCCI Corporation) DRV - (s3117mdm) -- C:\Windows\System32\drivers\s3117mdm.sys (MCCI Corporation) DRV - (s3117unic) Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (WDM) -- C:\Windows\System32\drivers\s3117unic.sys (MCCI Corporation) DRV - (s3117mgmt) Sony Ericsson Device 3117 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s3117mgmt.sys (MCCI Corporation) DRV - (s3117nd5) Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (NDIS) -- C:\Windows\System32\drivers\s3117nd5.sys (MCCI Corporation) DRV - (s3117bus) Sony Ericsson Device 3117 driver (WDM) -- C:\Windows\System32\drivers\s3117bus.sys (MCCI Corporation) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (JmtFltr) -- C:\Windows\System32\drivers\JmtFltr.sys () DRV - (vhidmini) -- C:\Windows\System32\drivers\vhidmini.sys (Windows (R) Codename Longhorn DDK provider) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.) DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce)) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (VIAudio) -- C:\Windows\System32\drivers\ac97via.sys (VIA Technologies, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\System32\drivers\sfsync04.sys (Protection Technology (StarForce)) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (MRENDIS5) -- C:\Programme\Common Files\Motive\MRENDIS5.sys (Motive, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011.02.07 19:53:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011.02.18 11:26:26 | 000,000,000 | ---D | M] O1 HOSTS File: ([2011.02.18 13:04:06 | 000,431,503 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.163ns.com O1 - Hosts: 14854 more lines... O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools) O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [PCTools FGuard] C:\Programme\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [PlayNC Launcher] File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: swisscom.com ([ac] https in Trusted sites) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldde-ch.cab (MSN Photo Upload Tool) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\Pictures\MassEffect_Space002.jpg O24 - Desktop BackupWallPaper: C:\Users\***\Pictures\MassEffect_Space002.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.07.16 23:13:07 | 001,246,440 | R--- | M] (BioWare) - D:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2010.01.26 22:22:17 | 000,000,052 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2009.07.07 11:14:20 | 000,193,816 | R--- | M] (CAPCOM CO., LTD.) - E:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2009.06.29 03:01:24 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{d2ab14cc-c5bf-11dc-ae70-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d2ab14cc-c5bf-11dc-ae70-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2009.07.16 23:13:07 | 001,246,440 | R--- | M] (BioWare) O33 - MountPoints2\{d2ab14cd-c5bf-11dc-ae70-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d2ab14cd-c5bf-11dc-ae70-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2009.07.07 11:14:20 | 000,193,816 | R--- | M] (CAPCOM CO., LTD.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.18 16:04:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ahead [2011.02.18 15:41:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.02.18 15:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.02.18 15:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler [2011.02.18 15:22:17 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler [2011.02.18 15:19:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Threat Expert [2011.02.18 15:14:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2011.02.18 14:38:25 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\HijackThis-Logs [2011.02.18 14:37:34 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\OTL-Logs [2011.02.18 14:36:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MBAM-Logs [2011.02.18 12:57:16 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.02.18 12:15:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\QuickScan [2011.02.18 11:26:23 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2011.02.18 11:26:23 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll [2011.02.18 11:26:23 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll [2011.02.18 11:24:56 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys [2011.02.18 11:24:56 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys [2011.02.18 11:24:55 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys [2011.02.18 11:24:55 | 000,103,232 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys [2011.02.18 11:24:41 | 000,239,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2011.02.18 11:24:39 | 000,160,448 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2011.02.18 11:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security [2011.02.18 11:21:24 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2011.02.18 11:18:58 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools [2011.02.18 11:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.02.18 11:18:43 | 000,000,000 | ---D | C] -- C:\Programme\PC Tools Security [2011.02.18 11:18:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PC Tools [2011.02.18 11:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011.02.18 09:45:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.02.18 09:44:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.02.18 09:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.02.18 09:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.02.18 09:44:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.02.18 09:44:50 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.02.09 12:37:40 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.02.09 12:37:38 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.02.09 12:37:37 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.02.09 12:37:33 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.02.09 12:37:33 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.02.09 12:37:33 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.02.09 12:37:33 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [2011.02.09 12:37:33 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.02.09 12:37:33 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.02.09 12:37:33 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.02.09 12:37:32 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.02.09 12:37:32 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.02.09 12:37:32 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.02.09 12:37:32 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.02.09 12:37:32 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.02.09 12:37:32 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.02.09 12:37:32 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.02.09 12:37:32 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.02.09 12:37:32 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.02.09 12:37:31 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.02.09 12:37:31 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.02.09 12:37:31 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.02.09 12:37:31 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.02.09 12:37:31 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.02.09 12:37:31 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.02.09 12:37:30 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.02.09 12:37:30 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.02.09 12:37:30 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.02.09 12:37:24 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.02.09 12:37:24 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.02.09 12:37:24 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.02.09 12:37:24 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.02.09 12:37:24 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.02.09 12:37:24 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.02.09 12:37:24 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.02.09 12:37:24 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.02.09 12:37:24 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.02.09 12:37:24 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.02.09 12:37:24 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.02.09 12:37:24 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.02.09 12:37:24 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.02.09 12:37:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.02.09 12:37:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.02.09 12:37:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.02.09 12:37:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.02.09 12:37:19 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.02.09 12:37:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.02.02 20:05:48 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\EA Games [2011.02.02 20:02:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\EA Games [2011.02.02 20:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2011.02.02 19:20:08 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2011.02.02 19:20:08 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll [2011.02.02 19:20:08 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll [2011.02.02 19:20:08 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll [2011.02.02 19:20:07 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll [2011.02.02 19:20:07 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll [2011.02.02 19:20:07 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll [2011.02.02 19:20:07 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll [2011.02.02 19:20:07 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll [2011.01.26 21:18:58 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2011.01.26 21:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.02.18 16:50:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9D2C9BB4-6A54-4BC9-95FA-E34EFE1291D7}.job [2011.02.18 16:17:26 | 000,757,186 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2011.02.18 16:17:26 | 000,751,282 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2011.02.18 16:17:26 | 000,718,902 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.18 16:17:26 | 000,679,436 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.18 16:17:26 | 000,163,054 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2011.02.18 16:17:26 | 000,162,768 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.18 16:17:26 | 000,160,600 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2011.02.18 16:17:26 | 000,137,224 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.18 16:10:49 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.18 16:10:49 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.18 16:10:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.18 15:35:26 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.02.18 15:22:18 | 000,001,707 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk [2011.02.18 13:04:06 | 000,431,503 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.02.18 12:57:23 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.02.18 12:38:27 | 000,372,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.02.18 12:26:29 | 000,038,899 | ---- | M] () -- C:\ProgramData\bdinstall.bin [2011.02.18 11:26:37 | 003,248,584 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [2011.02.18 11:22:07 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2011.02.18 09:44:55 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.13 19:35:41 | 000,000,768 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2011.02.13 19:17:31 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini [2011.02.10 15:59:37 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011.02.02 20:25:35 | 000,431,241 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110218-130406.backup [2011.01.24 16:49:03 | 000,000,134 | ---- | M] () -- C:\Users\***\Desktop\Windows-Firewall - Verknüpfung.lnk [2011.01.24 16:43:31 | 000,430,152 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110202-202535.backup [2011.01.20 17:08:16 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.01.20 17:08:06 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.01.20 17:08:06 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.01.20 17:08:06 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.01.20 17:08:06 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.01.20 17:07:58 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.01.20 17:06:38 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.01.20 17:06:35 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.01.20 17:04:54 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.01.20 17:04:54 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.01.20 15:28:38 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.01.20 15:27:50 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.01.20 15:26:30 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.01.20 15:25:25 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.01.20 15:24:32 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.01.20 15:24:26 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.01.20 15:15:10 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.01.20 15:14:39 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.01.20 15:14:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.01.20 15:14:03 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.01.20 15:12:46 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.01.20 15:11:34 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.01.20 14:47:51 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.01.20 14:44:05 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.01.20 14:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.02.18 15:35:26 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.02.18 15:22:18 | 000,001,707 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk [2011.02.18 12:14:04 | 000,038,899 | ---- | C] () -- C:\ProgramData\bdinstall.bin [2011.02.18 11:26:23 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2011.02.18 11:26:23 | 000,002,125 | ---- | C] () -- C:\Windows\UDB.zip [2011.02.18 11:26:23 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml [2011.02.18 11:26:23 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml [2011.02.18 11:26:23 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip [2011.02.18 11:25:15 | 003,248,584 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB [2011.02.18 11:22:07 | 000,001,777 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2011.02.18 09:44:55 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.13 16:31:59 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2011.01.24 16:49:03 | 000,000,134 | ---- | C] () -- C:\Users\***\Desktop\Windows-Firewall - Verknüpfung.lnk [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.06.14 14:16:04 | 000,034,308 | ---- | C] () -- C:\Windows\System32\bassmod.dll [2010.05.23 17:45:55 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2010.05.23 17:45:55 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2010.04.13 12:00:26 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2009.09.18 13:46:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.07.29 17:31:04 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2009.07.24 02:57:06 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2009.07.01 11:53:35 | 000,048,896 | ---- | C] () -- C:\Windows\System32\drivers\JmtFltr.sys [2009.04.05 12:13:17 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2009.04.05 12:13:17 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2009.04.05 12:13:17 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2009.04.05 09:04:46 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2009.03.06 12:26:07 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2008.10.25 13:41:24 | 000,022,328 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys [2008.09.11 17:24:26 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en [2008.07.31 16:33:08 | 000,000,208 | ---- | C] () -- C:\Windows\ACROREAD.INI [2008.07.12 14:08:57 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.06.20 12:30:32 | 000,000,095 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2008.03.02 10:00:12 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2008.03.02 10:00:12 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.02.23 17:55:19 | 000,007,168 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.01.18 13:51:25 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2006.11.02 13:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2010.04.23 15:10:49 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2008.02.27 12:09:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock [2010.12.03 17:44:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint [2008.12.14 14:41:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Codemasters [2010.07.29 17:21:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2010.08.02 13:55:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command and Conquer 4 [2009.03.06 17:28:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DNA [2010.01.27 15:46:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dragon Age Toolset [2010.03.08 03:11:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2009.05.27 13:52:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg [2008.10.24 11:33:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICAClient [2010.10.31 13:55:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2009.12.19 12:23:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MobMapUpdater [2009.03.29 09:06:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDisc [2011.02.18 12:15:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2009.08.16 08:55:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\temp [2008.06.20 13:08:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Turbine [2010.06.14 14:07:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2011.02.18 16:09:06 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.02.18 16:50:00 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9D2C9BB4-6A54-4BC9-95FA-E34EFE1291D7}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 [2011.02.18 16:55:53 | 007,602,176 | -HS- | M] () -- C:\Users\***\ntuser.dat [2011.02.18 16:55:53 | 000,262,144 | -H-- | M] () -- C:\Users\***\ntuser.dat.LOG1 [2011.02.18 16:55:30 | 000,000,000 | R--D | M] -- C:\Users\***\Desktop [2011.02.18 16:55:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9D2C9BB4-6A54-4BC9-95FA-E34EFE1291D7}.job [2011.02.18 16:45:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Local\Temp [2011.02.18 16:39:16 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP [2011.02.18 16:17:26 | 003,528,454 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2011.02.18 16:17:26 | 000,757,186 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2011.02.18 16:17:26 | 000,751,282 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2011.02.18 16:17:26 | 000,718,902 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.18 16:17:26 | 000,679,436 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.18 16:17:26 | 000,163,054 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2011.02.18 16:17:26 | 000,162,768 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.18 16:17:26 | 000,160,600 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2011.02.18 16:17:26 | 000,137,224 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.18 16:11:17 | 000,000,000 | ---D | M] -- C:\Programme\PC Tools Security [2011.02.18 16:11:06 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA [2011.02.18 16:10:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2011.02.18 16:10:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.18 16:09:19 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{24b6a890-16e3-11de-acd4-e60373bdcc57}.TMContainer00000000000000000002.regtrans-ms [2011.02.18 16:09:19 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{24b6a890-16e3-11de-acd4-e60373bdcc57}.TM.blf [2011.02.18 16:08:48 | 001,974,671 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2011.02.18 16:07:34 | 000,000,000 | ---D | M] -- C:\Programme\Common Files\Ahead [2011.02.18 16:04:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ahead [2011.02.18 15:35:26 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.02.18 15:35:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.02.18 15:35:25 | 000,000,000 | ---D | M] -- C:\Programme\CCleaner [2011.02.18 15:22:19 | 000,000,000 | ---D | M] -- C:\Programme\Defraggler [2011.02.18 15:22:18 | 000,001,707 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk [2011.02.18 15:22:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler [2011.02.18 15:19:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Local\Threat Expert [2011.02.18 15:19:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Spybot - Search & Destroy [2011.02.18 15:14:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira [2011.02.18 12:57:23 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.02.18 12:40:27 | 000,100,824 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2011.02.18 12:26:29 | 000,038,899 | ---- | M] () -- C:\ProgramData\bdinstall.bin [2011.02.18 12:26:29 | 000,000,000 | ---D | M] -- C:\Programme\Common Files [2011.02.18 12:15:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2011.02.18 11:26:40 | 000,000,000 | ---D | M] -- C:\Programme\Common Files\PC Tools [2011.02.18 11:22:07 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2011.02.18 11:22:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security [2011.02.18 11:21:40 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Tools [2011.02.18 11:18:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Tools [2011.02.18 09:45:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.02.18 09:44:56 | 000,000,000 | ---D | M] -- C:\Programme\Malwarebytes' Anti-Malware [2011.02.18 09:44:55 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.18 09:44:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.02.18 09:44:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes [2011.02.18 09:41:46 | 000,000,000 | R--D | M] -- C:\Users\***\Favorites [2011.02.13 19:35:41 | 000,000,768 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2011.02.13 19:17:31 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini [2011.02.10 15:59:37 | 000,002,425 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2011.02.10 15:59:37 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011.02.10 15:53:46 | 000,000,000 | ---D | M] -- C:\Programme\Windows Mail [2011.02.10 15:53:45 | 000,000,000 | ---D | M] -- C:\Programme\Internet Explorer [2011.02.09 22:12:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help [2011.02.02 20:05:48 | 000,000,000 | R--D | M] -- C:\Users\***\Documents [2011.02.02 20:02:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Local\EA Games [2011.02.02 20:02:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Solidshield [2011.02.01 19:56:22 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [2011.01.26 21:18:58 | 000,000,000 | ---D | M] -- C:\Programme\7-Zip [2011.01.26 21:18:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2011.01.24 16:49:03 | 000,000,134 | ---- | M] () -- C:\Users\***\Desktop\Windows-Firewall - Verknüpfung.lnk [2011.01.20 17:06:35 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.01.20 15:28:38 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.01.20 15:27:50 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.01.20 15:26:30 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.01.20 15:25:25 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.01.20 15:24:32 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.01.20 15:24:26 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2010.11.14 14:10:54 | 000,017,408 | ---- | M] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2010.02.02 12:29:25 | 000,007,168 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.06 12:26:07 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2008.10.25 13:41:24 | 000,022,328 | ---- | M] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys [2008.09.11 18:14:56 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini [2008.06.20 12:30:32 | 000,000,095 | ---- | M] () -- C:\Users\***\AppData\Local\fusioncache.dat [2008.01.18 13:51:25 | 000,000,305 | ---- | M] () -- C:\ProgramData\addr_file.html [7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.02.18 16:55:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9D2C9BB4-6A54-4BC9-95FA-E34EFE1291D7}.job [2011.02.18 16:17:26 | 000,757,186 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2011.02.18 16:17:26 | 000,751,282 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2011.02.18 16:17:26 | 000,718,902 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.18 16:17:26 | 000,679,436 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.18 16:17:26 | 000,163,054 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2011.02.18 16:17:26 | 000,162,768 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.18 16:17:26 | 000,160,600 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2011.02.18 16:17:26 | 000,137,224 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.18 16:10:49 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.18 16:10:49 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.18 16:10:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.18 15:35:26 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.02.18 15:22:18 | 000,001,707 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk [2011.02.18 13:04:06 | 000,431,503 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.02.18 12:57:23 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.02.18 12:38:27 | 000,372,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.02.18 12:26:29 | 000,038,899 | ---- | M] () -- C:\ProgramData\bdinstall.bin [2011.02.18 11:26:37 | 003,248,584 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [2011.02.18 11:22:07 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2011.02.18 09:44:55 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.13 19:35:41 | 000,000,768 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2011.02.13 19:17:31 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini [2011.02.10 15:59:37 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011.02.02 20:25:35 | 000,431,241 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110218-130406.backup [2011.01.24 16:49:03 | 000,000,134 | ---- | M] () -- C:\Users\***\Desktop\Windows-Firewall - Verknüpfung.lnk [2011.01.24 16:43:31 | 000,430,152 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110202-202535.backup [2011.01.20 17:08:16 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.01.20 17:08:06 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.01.20 17:08:06 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.01.20 17:08:06 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.01.20 17:08:06 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.01.20 17:07:58 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.01.20 17:06:38 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.01.20 17:06:35 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.01.20 17:04:54 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.01.20 17:04:54 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.01.20 15:28:38 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.01.20 15:27:50 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.01.20 15:26:30 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.01.20 15:25:25 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.01.20 15:24:32 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.01.20 15:24:26 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.01.20 15:15:10 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.01.20 15:14:39 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.01.20 15:14:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.01.20 15:14:03 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.01.20 15:12:46 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.01.20 15:11:34 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.01.20 14:47:51 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.01.20 14:44:05 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.01.20 14:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== LOP Check ========== [2010.04.23 15:10:49 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2008.02.27 12:09:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock [2010.12.03 17:44:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint [2008.12.14 14:41:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Codemasters [2010.07.29 17:21:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2010.08.02 13:55:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command and Conquer 4 [2009.03.06 17:28:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DNA [2010.01.27 15:46:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dragon Age Toolset [2010.03.08 03:11:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2009.05.27 13:52:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg [2008.10.24 11:33:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICAClient [2010.10.31 13:55:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2009.12.19 12:23:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MobMapUpdater [2009.03.29 09:06:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDisc [2011.02.18 12:15:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2009.08.16 08:55:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\temp [2008.06.20 13:08:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Turbine [2010.06.14 14:07:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2011.02.18 16:09:06 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.02.18 16:55:00 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9D2C9BB4-6A54-4BC9-95FA-E34EFE1291D7}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 < End of report > SRV - (NMIndexingService) -- File not found SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.) SRV - (sdCoreService) -- C:\Programme\PC Tools Security\pctsSvc.exe (PC Tools) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies) SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (sdAuxService) -- C:\Programme\PC Tools Security\pctsAuxs.exe (PC Tools) SRV - (DAUpdaterSvc) -- C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (MSSQL$BWDATOOLSET) SQL Server (BWDATOOLSET) -- C:\Program Files\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (getPlus(R) Helper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (msvsmon80) -- c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (pctEFA) -- C:\Windows\system32\drivers\pctEFA.sys (PC Tools) DRV - (pctDS) -- C:\Windows\system32\drivers\pctDS.sys (PC Tools) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (LHidEqd) -- C:\Windows\System32\drivers\LHidEqd.sys (Logitech, Inc.) DRV - (LEqdUsb) -- C:\Windows\System32\drivers\LEqdUsb.sys (Logitech, Inc.) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (s3117obex) -- C:\Windows\System32\drivers\s3117obex.sys (MCCI Corporation) DRV - (s3117mdfl) -- C:\Windows\System32\drivers\s3117mdfl.sys (MCCI Corporation) DRV - (s3117mdm) -- C:\Windows\System32\drivers\s3117mdm.sys (MCCI Corporation) DRV - (s3117unic) Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (WDM) -- C:\Windows\System32\drivers\s3117unic.sys (MCCI Corporation) DRV - (s3117mgmt) Sony Ericsson Device 3117 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s3117mgmt.sys (MCCI Corporation) DRV - (s3117nd5) Sony Ericsson Device 3117 USB Ethernet Emulation SEMC3117 (NDIS) -- C:\Windows\System32\drivers\s3117nd5.sys (MCCI Corporation) DRV - (s3117bus) Sony Ericsson Device 3117 driver (WDM) -- C:\Windows\System32\drivers\s3117bus.sys (MCCI Corporation) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (JmtFltr) -- C:\Windows\System32\drivers\JmtFltr.sys () DRV - (vhidmini) -- C:\Windows\System32\drivers\vhidmini.sys (Windows (R) Codename Longhorn DDK provider) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.) DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce)) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (VIAudio) -- C:\Windows\System32\drivers\ac97via.sys (VIA Technologies, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\System32\drivers\sfsync04.sys (Protection Technology (StarForce)) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (MRENDIS5) -- C:\Programme\Common Files\Motive\MRENDIS5.sys (Motive, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011.02.07 19:53:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011.02.18 11:26:26 | 000,000,000 | ---D | M] O1 HOSTS File: ([2011.02.18 13:04:06 | 000,431,503 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.163ns.com O1 - Hosts: 14854 more lines... O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools) O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [PCTools FGuard] C:\Programme\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [PlayNC Launcher] File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: swisscom.com ([ac] https in Trusted sites) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldde-ch.cab (MSN Photo Upload Tool) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\Pictures\MassEffect_Space002.jpg O24 - Desktop BackupWallPaper: C:\Users\***\Pictures\MassEffect_Space002.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.07.16 23:13:07 | 001,246,440 | R--- | M] (BioWare) - D:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2010.01.26 22:22:17 | 000,000,052 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2009.07.07 11:14:20 | 000,193,816 | R--- | M] (CAPCOM CO., LTD.) - E:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2009.06.29 03:01:24 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{d2ab14cc-c5bf-11dc-ae70-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d2ab14cc-c5bf-11dc-ae70-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2009.07.16 23:13:07 | 001,246,440 | R--- | M] (BioWare) O33 - MountPoints2\{d2ab14cd-c5bf-11dc-ae70-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d2ab14cd-c5bf-11dc-ae70-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2009.07.07 11:14:20 | 000,193,816 | R--- | M] (CAPCOM CO., LTD.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.18 16:04:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ahead [2011.02.18 15:41:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.02.18 15:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.02.18 15:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler [2011.02.18 15:22:17 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler [2011.02.18 15:19:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Threat Expert [2011.02.18 15:14:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2011.02.18 14:38:25 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\HijackThis-Logs [2011.02.18 14:37:34 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\OTL-Logs [2011.02.18 14:36:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MBAM-Logs [2011.02.18 12:57:16 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.02.18 12:15:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\QuickScan [2011.02.18 11:26:23 | 002,000,848 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2011.02.18 11:26:23 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll [2011.02.18 11:26:23 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll [2011.02.18 11:24:56 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys [2011.02.18 11:24:56 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys [2011.02.18 11:24:55 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys [2011.02.18 11:24:55 | 000,103,232 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys [2011.02.18 11:24:41 | 000,239,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2011.02.18 11:24:39 | 000,160,448 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2011.02.18 11:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security [2011.02.18 11:21:24 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2011.02.18 11:18:58 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PC Tools [2011.02.18 11:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.02.18 11:18:43 | 000,000,000 | ---D | C] -- C:\Programme\PC Tools Security [2011.02.18 11:18:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PC Tools [2011.02.18 11:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011.02.18 09:45:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.02.18 09:44:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.02.18 09:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.02.18 09:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.02.18 09:44:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.02.18 09:44:50 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.02.09 12:37:40 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.02.09 12:37:38 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.02.09 12:37:37 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.02.09 12:37:33 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.02.09 12:37:33 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.02.09 12:37:33 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.02.09 12:37:33 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [2011.02.09 12:37:33 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.02.09 12:37:33 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.02.09 12:37:33 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.02.09 12:37:32 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.02.09 12:37:32 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.02.09 12:37:32 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.02.09 12:37:32 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.02.09 12:37:32 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.02.09 12:37:32 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.02.09 12:37:32 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.02.09 12:37:32 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.02.09 12:37:32 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.02.09 12:37:31 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.02.09 12:37:31 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.02.09 12:37:31 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.02.09 12:37:31 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.02.09 12:37:31 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.02.09 12:37:31 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.02.09 12:37:30 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.02.09 12:37:30 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.02.09 12:37:30 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.02.09 12:37:24 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.02.09 12:37:24 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.02.09 12:37:24 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.02.09 12:37:24 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.02.09 12:37:24 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.02.09 12:37:24 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.02.09 12:37:24 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.02.09 12:37:24 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.02.09 12:37:24 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.02.09 12:37:24 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.02.09 12:37:24 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.02.09 12:37:24 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.02.09 12:37:24 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.02.09 12:37:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.02.09 12:37:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.02.09 12:37:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.02.09 12:37:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.02.09 12:37:19 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.02.09 12:37:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.02.02 20:05:48 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\EA Games [2011.02.02 20:02:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\EA Games [2011.02.02 20:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2011.02.02 19:20:08 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2011.02.02 19:20:08 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll [2011.02.02 19:20:08 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll [2011.02.02 19:20:08 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll [2011.02.02 19:20:07 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll [2011.02.02 19:20:07 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll [2011.02.02 19:20:07 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll [2011.02.02 19:20:07 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll [2011.02.02 19:20:07 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll [2011.01.26 21:18:58 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2011.01.26 21:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.02.18 17:00:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9D2C9BB4-6A54-4BC9-95FA-E34EFE1291D7}.job [2011.02.18 16:17:26 | 000,757,186 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2011.02.18 16:17:26 | 000,751,282 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2011.02.18 16:17:26 | 000,718,902 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.18 16:17:26 | 000,679,436 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.18 16:17:26 | 000,163,054 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2011.02.18 16:17:26 | 000,162,768 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.18 16:17:26 | 000,160,600 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2011.02.18 16:17:26 | 000,137,224 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.18 16:10:49 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.18 16:10:49 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.18 16:10:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.18 15:35:26 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.02.18 15:22:18 | 000,001,707 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk [2011.02.18 13:04:06 | 000,431,503 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.02.18 12:57:23 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.02.18 12:38:27 | 000,372,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.02.18 12:26:29 | 000,038,899 | ---- | M] () -- C:\ProgramData\bdinstall.bin [2011.02.18 11:26:37 | 003,248,584 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [2011.02.18 11:22:07 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2011.02.18 09:44:55 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.13 19:35:41 | 000,000,768 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2011.02.13 19:17:31 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini [2011.02.10 15:59:37 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011.02.02 20:25:35 | 000,431,241 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110218-130406.backup [2011.01.24 16:49:03 | 000,000,134 | ---- | M] () -- C:\Users\***\Desktop\Windows-Firewall - Verknüpfung.lnk [2011.01.24 16:43:31 | 000,430,152 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110202-202535.backup [2011.01.20 17:08:16 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.01.20 17:08:06 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.01.20 17:08:06 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.01.20 17:08:06 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.01.20 17:08:06 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.01.20 17:07:58 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.01.20 17:06:38 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.01.20 17:06:35 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.01.20 17:04:54 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.01.20 17:04:54 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.01.20 15:28:38 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.01.20 15:27:50 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.01.20 15:26:30 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.01.20 15:25:25 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.01.20 15:24:32 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.01.20 15:24:26 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.01.20 15:15:10 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.01.20 15:14:39 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.01.20 15:14:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.01.20 15:14:03 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.01.20 15:12:46 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.01.20 15:11:34 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.01.20 14:47:51 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.01.20 14:44:05 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.01.20 14:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.02.18 15:35:26 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.02.18 15:22:18 | 000,001,707 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk [2011.02.18 12:14:04 | 000,038,899 | ---- | C] () -- C:\ProgramData\bdinstall.bin [2011.02.18 11:26:23 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2011.02.18 11:26:23 | 000,002,125 | ---- | C] () -- C:\Windows\UDB.zip [2011.02.18 11:26:23 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml [2011.02.18 11:26:23 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml [2011.02.18 11:26:23 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip [2011.02.18 11:25:15 | 003,248,584 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB [2011.02.18 11:22:07 | 000,001,777 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2011.02.18 09:44:55 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.13 16:31:59 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2011.01.24 16:49:03 | 000,000,134 | ---- | C] () -- C:\Users\***\Desktop\Windows-Firewall - Verknüpfung.lnk [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.06.14 14:16:04 | 000,034,308 | ---- | C] () -- C:\Windows\System32\bassmod.dll [2010.05.23 17:45:55 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2010.05.23 17:45:55 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2010.04.13 12:00:26 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2009.09.18 13:46:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.07.29 17:31:04 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2009.07.24 02:57:06 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2009.07.01 11:53:35 | 000,048,896 | ---- | C] () -- C:\Windows\System32\drivers\JmtFltr.sys [2009.04.05 12:13:17 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2009.04.05 12:13:17 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2009.04.05 12:13:17 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2009.04.05 09:04:46 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2009.03.06 12:26:07 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2008.10.25 13:41:24 | 000,022,328 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys [2008.09.11 17:24:26 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en [2008.07.31 16:33:08 | 000,000,208 | ---- | C] () -- C:\Windows\ACROREAD.INI [2008.07.12 14:08:57 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.06.20 12:30:32 | 000,000,095 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2008.03.02 10:00:12 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2008.03.02 10:00:12 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.02.23 17:55:19 | 000,007,168 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.01.18 13:51:25 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2006.11.02 13:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== LOP Check ========== [2010.04.23 15:10:49 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2008.02.27 12:09:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock [2010.12.03 17:44:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint [2008.12.14 14:41:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Codemasters [2010.07.29 17:21:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2010.08.02 13:55:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command and Conquer 4 [2009.03.06 17:28:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DNA [2010.01.27 15:46:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dragon Age Toolset [2010.03.08 03:11:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2009.05.27 13:52:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gnupg [2008.10.24 11:33:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICAClient [2010.10.31 13:55:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2009.12.19 12:23:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MobMapUpdater [2009.03.29 09:06:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDisc [2011.02.18 12:15:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2009.08.16 08:55:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\temp [2008.06.20 13:08:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Turbine [2010.06.14 14:07:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2011.02.18 16:09:06 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.02.18 17:00:00 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9D2C9BB4-6A54-4BC9-95FA-E34EFE1291D7}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 < End of report > Geändert von llemuroc (18.02.2011 um 17:29 Uhr) |
| Themen zu hotkeyshook und anderes Ungemach? |
| adobe, alternate, antivir, autorun, avg, avgntflt.sys, avira, bho, browser, checkpoint, conduit, corp./icp, defender, error, excel.exe, firefox, fontcache, format, helper, iexplore.exe, launch, location, log-files, logfile, mozilla, msvcr80.dll, nvlddmkm.sys, nvstor.sys, oldtimer, otl.exe, problem, programdata, realtek, registry, safer networking, sched.exe, security, server, software, spyware, start menu, sttray.exe, studio, system, vista, visual studio, windows, windows-firewall |
Baum-Darstellung