Vermutlich Problem mit Malware/Viurs

baum89 · 07.03.2011, 13:18

stimmt, hatte ich irgendwie vergessen!

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 05.03.2011 19:28:21 - Run 1
OTL by OldTimer - Version 3.2.22.2     Folder = C:\Users\Klemens\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 151,49 Gb Total Space | 96,51 Gb Free Space | 63,71% Space Free | Partition Type: NTFS
Drive E: | 136,83 Gb Total Space | 94,46 Gb Free Space | 69,03% Space Free | Partition Type: NTFS
 
Computer Name: KLEMENS-PC | User Name: Klemens | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.03.05 18:06:07 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Klemens\Desktop\MFTools\OTL.exe
PRC - [2011.02.23 16:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.02.23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011.01.27 18:02:17 | 000,943,472 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2009.06.23 16:19:14 | 000,711,200 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe
PRC - [2009.06.23 16:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe
PRC - [2009.06.23 16:19:12 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe
PRC - [2009.05.26 14:26:20 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.18 09:46:30 | 001,160,736 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
PRC - [2009.03.06 23:48:52 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared files\brs.exe
PRC - [2009.02.19 04:42:50 | 000,866,824 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008.11.06 04:53:58 | 000,474,168 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.03.05 18:06:07 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Klemens\Desktop\MFTools\OTL.exe
MOD - [2011.02.23 16:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2011.02.23 16:04:11 | 000,122,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\ashShell.dll
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010.05.04 20:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2009.06.23 16:19:38 | 000,215,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\SysHook.dll
MOD - [2008.01.21 03:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.02.23 16:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.11.10 16:34:32 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.09.29 17:47:00 | 004,032,992 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.06.23 16:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.05.26 14:26:20 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.02.23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.02.23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.02.23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.02.23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.02.23 15:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.02.23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.06.22 14:50:00 | 009,753,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.05.01 06:43:34 | 000,064,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.03.17 19:28:50 | 000,452,096 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009.03.06 13:48:38 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/07/31 17:24:47] [Kernel | Auto | Running] -- c:\Program Files\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2008.12.29 18:51:14 | 003,715,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.09.04 05:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008.04.01 15:48:14 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2007.05.02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007.05.02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007.05.02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {22e03916-85c5-44b0-8dc9-1830c11238d9} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.52
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.03 18:59:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.03 18:59:21 | 000,000,000 | ---D | M]
 
[2010.06.30 14:40:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Klemens\AppData\Roaming\mozilla\Extensions
[2011.03.02 20:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Klemens\AppData\Roaming\mozilla\Firefox\Profiles\j25cexvw.default\extensions
[2010.07.08 15:25:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Klemens\AppData\Roaming\mozilla\Firefox\Profiles\j25cexvw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.27 23:43:00 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\Klemens\AppData\Roaming\mozilla\Firefox\Profiles\j25cexvw.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2010.11.25 19:28:35 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Klemens\AppData\Roaming\mozilla\Firefox\Profiles\j25cexvw.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.11.25 18:49:10 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Klemens\AppData\Roaming\mozilla\Firefox\Profiles\j25cexvw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.02.27 21:32:19 | 000,000,000 | ---D | M] ("BitDefender QuickScan") -- C:\Users\Klemens\AppData\Roaming\mozilla\Firefox\Profiles\j25cexvw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.02.27 23:42:57 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\Users\Klemens\AppData\Roaming\mozilla\Firefox\Profiles\j25cexvw.default\extensions\finder@meingutscheincode.de
[2011.03.02 00:25:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.02.16 15:23:43 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.12.31 16:18:21 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
[2010.12.09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010.11.17 14:37:24 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.11.17 14:37:24 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.11.17 14:37:24 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.11.17 14:37:24 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.11.17 14:37:24 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {22E03916-85C5-44B0-8DC9-1830C11238D9} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BDRegion] c:\Program Files\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe (Acer Incorporated)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Klemens\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BackupManagerTray - hkey= - key= - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= -  File not found
MsConfig - StartUpReg: RemoteControl8 - hkey= - key= - c:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
MsConfig - StartUpReg: swg - hkey= - key= -  File not found
MsConfig - StartUpReg: VideoWebCamera - hkey= - key= - C:\Program Files\VideoWebCamera\VideoWebCamera.exe (Suyin)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.05 18:27:07 | 000,000,000 | R--D | C] -- C:\Users\Klemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2011.03.05 18:04:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.05 18:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.05 18:04:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.05 17:29:02 | 000,000,000 | ---D | C] -- C:\Users\Klemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShotOnline
[2011.03.05 17:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\ShotOnline
[2011.03.05 15:32:46 | 000,000,000 | ---D | C] -- C:\Users\Klemens\AppData\Local\PMB Files
[2011.03.05 15:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011.02.28 17:59:14 | 000,000,000 | ---D | C] -- C:\Users\Klemens\AppData\Roaming\Malwarebytes
[2011.02.28 17:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.02.28 17:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.02.28 17:55:23 | 000,000,000 | ---D | C] -- C:\Users\Klemens\Desktop\MFTools
[2011.02.27 23:53:47 | 000,114,176 | ---- | C] (CPUID) -- C:\Windows\System32\PCWizard.cpl
[2011.02.27 23:53:47 | 000,000,000 | ---D | C] -- C:\Windows\Java
[2011.02.27 23:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2011.02.27 23:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2011.02.27 23:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Winload
[2011.02.27 22:17:10 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011.02.27 21:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\GeCAD
[2011.02.27 21:32:24 | 000,000,000 | ---D | C] -- C:\Users\Klemens\AppData\Roaming\QuickScan
[2011.02.27 20:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AntiSpyInfo
[2011.02.27 20:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2011.02.27 20:22:16 | 000,000,000 | ---D | C] -- C:\Users\Klemens\AppData\Roaming\Uniblue
[2011.02.27 20:21:03 | 000,000,000 | ---D | C] -- C:\Users\Klemens\AppData\Local\PackageAware
[2011.02.27 19:17:51 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.02.27 12:10:02 | 000,000,000 | R--D | C] -- C:\Users\Klemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8(34)
[2011.02.22 23:07:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.02.22 20:42:23 | 000,000,000 | ---D | C] -- C:\Users\Klemens\AppData\Roaming\Zyywgo
[2011.02.17 23:30:17 | 000,000,000 | ---D | C] -- C:\Users\Klemens\Desktop\Minimal, Electro, Dub
[2011.02.16 15:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.02.16 15:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011.02.14 00:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011.02.13 23:48:52 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.02.13 23:01:32 | 000,000,000 | R--D | C] -- C:\Users\Klemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8(17)
[2011.02.13 22:39:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011.02.13 22:39:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011.02.13 22:39:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011.02.13 22:19:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.02.12 16:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.02.12 16:59:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.02.12 16:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.02.12 16:17:48 | 000,301,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.02.12 16:17:48 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.02.12 16:17:48 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.02.12 16:17:47 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.02.12 16:17:46 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.02.12 16:16:08 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.02.12 16:16:07 | 000,190,016 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.02.12 16:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011.02.12 16:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011.02.12 13:44:10 | 000,000,000 | R--D | C] -- C:\Users\Klemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8(24)
[2011.02.11 10:16:56 | 000,000,000 | R--D | C] -- C:\Users\Klemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8(29)
[2011.02.10 11:48:39 | 000,000,000 | -H-D | C] -- C:\Recycle.Bin
[2009.06.16 13:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.05 19:03:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.05 18:28:43 | 000,130,351 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.03.05 18:28:43 | 000,130,351 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.03.05 18:27:07 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.05 18:27:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.05 18:27:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.05 18:26:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.05 18:26:05 | 3215,818,752 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.05 18:23:46 | 000,000,000 | ---- | M] () -- C:\Users\Klemens\defogger_reenable
[2011.03.05 18:20:35 | 000,001,726 | ---- | M] () -- C:\Users\Klemens\Documents\cc_20110305_182026.reg
[2011.03.05 18:06:55 | 000,296,448 | ---- | M] () -- C:\Users\Klemens\Desktop\g2m3e4r.exe
[2011.03.05 18:06:52 | 000,050,477 | ---- | M] () -- C:\Users\Klemens\Desktop\defogger.exe
[2011.03.05 18:04:17 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.05 17:33:50 | 000,000,788 | ---- | M] () -- C:\Users\Klemens\Desktop\ShotOnline.lnk
[2011.03.05 17:12:49 | 713,940,194 | ---- | M] () -- C:\Users\Klemens\Desktop\ShotOnlineClient_GER_COM_1231.exe
[2011.03.05 15:31:30 | 002,023,792 | ---- | M] () -- C:\Users\Klemens\Desktop\ShotOnline_GER_COM_1231_Downloader.exe
[2011.03.04 12:26:31 | 000,002,591 | ---- | M] () -- C:\Users\Klemens\Desktop\Microsoft Office Word 2007.lnk
[2011.03.04 12:02:59 | 000,001,746 | ---- | M] () -- C:\Users\Klemens\Desktop\Trillian.lnk
[2011.03.03 19:01:31 | 000,000,036 | ---- | M] () -- C:\Users\Klemens\AppData\Local\housecall.guid.cache
[2011.03.02 19:21:26 | 000,015,689 | ---- | M] () -- C:\Users\Klemens\Desktop\show.account.turnovers.pdf.pdf
[2011.03.01 12:47:28 | 000,019,456 | ---- | M] () -- C:\Users\Klemens\AppData\Local\WebpageIcons.db
[2011.02.28 17:55:04 | 000,472,080 | ---- | M] () -- C:\Users\Klemens\Desktop\Load.exe
[2011.02.28 11:20:58 | 000,001,278 | ---- | M] () -- C:\Users\Klemens\Documents\cc_20110228_112055.reg
[2011.02.28 00:04:51 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2011.02.27 23:53:47 | 000,000,837 | ---- | M] () -- C:\Users\Klemens\Desktop\PC Wizard 2010.lnk
[2011.02.27 22:22:43 | 000,132,597 | ---- | M] () -- C:\Users\Klemens\Desktop\Flash_Disinfector.exe
[2011.02.27 21:30:21 | 000,000,460 | ---- | M] () -- C:\Users\Klemens\Documents\cc_20110227_213018.reg
[2011.02.27 19:17:51 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.02.27 19:16:10 | 000,004,184 | ---- | M] () -- C:\Users\Klemens\Documents\cc_20110227_191607.reg
[2011.02.27 12:41:11 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.02.25 17:08:34 | 006,992,790 | ---- | M] () -- C:\Users\Klemens\Desktop\Anleitung_ArcGIS.pdf
[2011.02.23 16:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.02.23 16:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.02.23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.02.23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.02.23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.02.23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.02.23 15:55:03 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.02.23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.02.16 15:23:23 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.02.14 13:04:40 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.14 13:04:39 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.14 13:04:39 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.14 13:04:39 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.14 11:09:24 | 000,000,736 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011.02.14 00:06:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.02.14 00:06:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.02.13 22:43:23 | 000,359,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.02.13 03:03:31 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011.02.12 17:23:22 | 000,003,208 | ---- | M] () -- C:\Users\Klemens\Documents\cc_20110212_172318.reg
[2011.02.12 17:06:44 | 000,000,316 | ---- | M] () -- C:\Users\Klemens\Documents\cc_20110212_170642.reg
[2011.02.12 17:06:12 | 000,002,566 | ---- | M] () -- C:\Users\Klemens\Documents\cc_20110212_170609.reg
[2011.02.12 17:05:21 | 000,168,426 | ---- | M] () -- C:\Users\Klemens\Documents\cc_20110212_170501.reg
[2011.02.12 16:59:31 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.02.03 20:25:36 | 001,559,980 | ---- | M] () -- C:\Users\Klemens\Desktop\Final.pdf
 
========== Files Created - No Company Name ==========
 
[2011.03.05 18:23:46 | 000,000,000 | ---- | C] () -- C:\Users\Klemens\defogger_reenable
[2011.03.05 18:20:32 | 000,001,726 | ---- | C] () -- C:\Users\Klemens\Documents\cc_20110305_182026.reg
[2011.03.05 18:04:17 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.05 18:02:52 | 000,296,448 | ---- | C] () -- C:\Users\Klemens\Desktop\g2m3e4r.exe
[2011.03.05 18:02:51 | 000,050,477 | ---- | C] () -- C:\Users\Klemens\Desktop\defogger.exe
[2011.03.05 17:33:50 | 000,000,788 | ---- | C] () -- C:\Users\Klemens\Desktop\ShotOnline.lnk
[2011.03.05 17:21:49 | 713,940,194 | ---- | C] () -- C:\Users\Klemens\Desktop\ShotOnlineClient_GER_COM_1231.exe
[2011.03.05 15:31:12 | 002,023,792 | ---- | C] () -- C:\Users\Klemens\Desktop\ShotOnline_GER_COM_1231_Downloader.exe
[2011.03.03 19:01:31 | 000,000,036 | ---- | C] () -- C:\Users\Klemens\AppData\Local\housecall.guid.cache
[2011.03.02 19:21:26 | 000,015,689 | ---- | C] () -- C:\Users\Klemens\Desktop\show.account.turnovers.pdf.pdf
[2011.02.28 17:55:04 | 000,472,080 | ---- | C] () -- C:\Users\Klemens\Desktop\Load.exe
[2011.02.28 11:20:57 | 000,001,278 | ---- | C] () -- C:\Users\Klemens\Documents\cc_20110228_112055.reg
[2011.02.28 00:04:51 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011.02.27 23:53:47 | 000,000,837 | ---- | C] () -- C:\Users\Klemens\Desktop\PC Wizard 2010.lnk
[2011.02.27 22:17:49 | 000,132,597 | ---- | C] () -- C:\Users\Klemens\Desktop\Flash_Disinfector.exe
[2011.02.27 21:30:20 | 000,000,460 | ---- | C] () -- C:\Users\Klemens\Documents\cc_20110227_213018.reg
[2011.02.27 19:16:08 | 000,004,184 | ---- | C] () -- C:\Users\Klemens\Documents\cc_20110227_191607.reg
[2011.02.25 17:08:34 | 006,992,790 | ---- | C] () -- C:\Users\Klemens\Desktop\Anleitung_ArcGIS.pdf
[2011.02.22 23:03:59 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011.02.22 23:03:58 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.02.22 23:03:58 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011.02.14 00:06:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.02.14 00:06:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.02.13 03:03:31 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.02.12 17:23:20 | 000,003,208 | ---- | C] () -- C:\Users\Klemens\Documents\cc_20110212_172318.reg
[2011.02.12 17:06:43 | 000,000,316 | ---- | C] () -- C:\Users\Klemens\Documents\cc_20110212_170642.reg
[2011.02.12 17:06:10 | 000,002,566 | ---- | C] () -- C:\Users\Klemens\Documents\cc_20110212_170609.reg
[2011.02.12 17:05:06 | 000,168,426 | ---- | C] () -- C:\Users\Klemens\Documents\cc_20110212_170501.reg
[2011.02.12 16:59:31 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.02.12 16:17:49 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.02.03 20:25:36 | 001,559,980 | ---- | C] () -- C:\Users\Klemens\Desktop\Final.pdf
[2011.01.14 20:35:33 | 000,019,456 | ---- | C] () -- C:\Users\Klemens\AppData\Local\WebpageIcons.db
[2010.04.15 12:46:59 | 000,000,680 | ---- | C] () -- C:\Users\Klemens\AppData\Local\d3d9caps.dat
[2010.03.16 08:04:44 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.03.16 08:03:03 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.11.23 17:33:57 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.11.23 17:33:57 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2009.11.11 21:19:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.23 11:53:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.23 11:53:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.15 15:26:37 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.09.02 01:17:12 | 000,042,496 | ---- | C] () -- C:\Users\Klemens\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.01 17:36:22 | 000,002,138 | ---- | C] () -- C:\Users\Klemens\AppData\Roaming\wklnhst.dat
[2009.08.01 00:47:01 | 000,004,184 | ---- | C] () -- C:\Windows\System32\drivers\CDConfig.bin
[2009.07.31 16:32:21 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009.07.31 16:11:20 | 000,130,351 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.07.31 16:09:40 | 000,130,351 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.06.16 13:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll
[2009.03.26 02:15:57 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.03.26 02:15:57 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.03.26 02:15:57 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.03.26 02:15:57 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.03.25 18:50:36 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.03.25 17:38:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.03.04 20:35:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.03.04 20:35:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.03.04 20:35:53 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009.03.04 20:35:53 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,359,048 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010.06.24 22:43:41 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.13 03:20:51 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Emfin
[2010.11.10 17:00:19 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\ESRI
[2011.01.25 20:03:02 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Ikre
[2010.10.18 20:14:20 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\JAM Software
[2010.03.01 01:24:24 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Opera
[2009.09.01 19:11:19 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Packard Bell
[2010.12.02 15:48:04 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\PhotoScape
[2010.02.15 14:58:16 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\pokerth
[2011.03.03 18:59:53 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\QuickScan
[2011.01.07 16:08:57 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\QuickStoresToolbar
[2011.02.12 17:10:24 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Samsung
[2010.03.19 12:41:43 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Template
[2011.02.27 20:22:16 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Uniblue
[2011.02.22 22:37:39 | 000,000,000 | ---D | M] -- C:\Users\Klemens\AppData\Roaming\Zyywgo
[2011.03.05 18:25:25 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.09.01 19:01:42 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.10.05 13:18:50 | 000,000,000 | -HSD | M] -- C:\.uuid
[2009.09.01 15:08:06 | 000,000,000 | -H-D | M] -- C:\Acer
[2011.02.13 22:46:12 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.09.01 18:54:12 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.09.01 17:13:38 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.12.02 15:47:58 | 000,000,000 | ---D | M] -- C:\output
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.03.05 17:28:40 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.03.05 15:32:42 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.09.01 18:54:12 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.11.10 16:21:07 | 000,000,000 | ---D | M] -- C:\Python26
[2011.02.27 17:55:56 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin
[2011.03.05 19:29:38 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.11.10 17:25:25 | 000,000,000 | ---D | M] -- C:\Temp
[2009.09.01 18:54:30 | 000,000,000 | R--D | M] -- C:\Users
[2011.03.05 12:30:42 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-05 14:32:21
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

--- --- ---

Vermutlich Problem mit Malware/Viurs

Log-Analyse und Auswertung: Vermutlich Problem mit Malware/Viurs

Vermutlich Problem mit Malware/Viurs

Ähnliche Themen: Vermutlich Problem mit Malware/Viurs