| |
| |||||||
Log-Analyse und Auswertung: Fehlermeldung Festplattencluster geschädigtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.05.2011, 13:45
| #1 |
 |  Fehlermeldung Festplattencluster geschädigt Hallo  Ich bin neu hier und hab ein kleines bis großes Problem. Also, bei mir kam eine Viren Warnung von AntiVir. Ich hab die Datei löschen lassen und das System neu gestartet. Danach war dann kein Programm mehr in der Startleiste und der Desktop Hintergrund verschwunden. Auch waren hier keine Dateien mehr zu finden. hab dann Malwsrebytes drüberlaufen lassen. Das Prgramm brach dann aber ab, konnte aber Infizierte Dateien finden. Windows 6.1.7600 Internet Explorer 9.0.8112.16421 12.05.2011 23:36:00 mbam-log-2011-05-12 (23-36-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 53893 Laufzeit: 17 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 4 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 5 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 6 Infizierte Speicherprozesse: c:\Users\Simon\AppData\Roaming\dwm.exe (Trojan.Downloader) -> 1936 -> Unloaded process successfully. c:\Users\Simon\AppData\Roaming\microsoft\conhost.exe (Backdoor.Cycbot.Gen) -> 2156 -> Unloaded process successfully. c:\Users\Simon\AppData\Local\Temp\csrss.exe (Backdoor.Cycbot.Gen) -> 2252 -> Unloaded process successfully. c:\programdata\qblolqqpgbayhx.exe (Rogue.Installer.Gen) -> 2636 -> Unloaded process successfully. Infizierte Speichermodule: c:\Users\Simon\AppData\Local\Nlusef.dll (Trojan.Hiloti) -> Delete on reboot. Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Backdoor.Cycbot.Gen) -> Value: conhost -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Backdoor.Cycbot.Gen) -> Value: conhost -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jmotafomohux (Trojan.Hiloti) -> Value: Jmotafomohux -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QbloLqqPgBaYHX (Rogue.Installer.Gen) -> Value: QbloLqqPgBaYHX -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1W2D6J4HZB9IYW9XVHB (Spyware.Passwords.XGen) -> Value: 1W2D6J4HZB9IYW9XVHB -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.Cycbot.Gen) -> Bad: (C:\Users\Simon\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Simon\AppData\Roaming\dwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Roaming\microsoft\conhost.exe (Backdoor.Cycbot.Gen) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\Temp\csrss.exe (Backdoor.Cycbot.Gen) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\Nlusef.dll (Trojan.Hiloti) -> Quarantined and deleted successfully. c:\programdata\qblolqqpgbayhx.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully. c:\Saberz.r01\saberz.r01.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. So, danach hab ich es nochmal laufen lassen, und es brach wieder ab. Datenbank Version: 6563 Windows 6.1.7600 Internet Explorer 9.0.8112.16421 13.05.2011 08:56:05 mbam-log-2011-05-13 (08-56-05).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 153932 Laufzeit: 1 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 21 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Saberz.r01 (Trojan.SpyEyes) -> Quarantined and deleted successfully. Infizierte Dateien: c:\Users\Simon\AppData\Local\Temp\0.07813443144034027.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\Temp\8A3B.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\Temp\A8F1.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\Temp\setup1047908352.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\Temp\setup1120627968.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\Temp\setup1239927296.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\Temp\setup1694125824.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\Temp\setup182910976.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\Temp\setup1889441536.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\Temp\setup1902627840.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\Temp\setup1997066752.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\Temp\setup2835923456.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\Temp\setup3047489536.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\Temp\setup3637991424.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\Temp\setup470803968.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\Temp\setup698659328.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\Temp\setup825909504.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\Temp\setup837544704.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Roaming\Adobe\plugs\mmc52.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Saberz.r01\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully. So, dann noch ein drittes mal, diesmal hat lief das Programm komplett durch: Datenbank Version: 6567 Windows 6.1.7600 Internet Explorer 9.0.8112.16421 14.05.2011 08:23:49 mbam-log-2011-05-14 (08-23-49).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 2518731 Laufzeit: 14 Stunde(n), 15 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 6 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Simon\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\0QWI1F9S\windows-update-sp3-kb87063-setup[1].exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\CQ3FGKTM\load[1].htm (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\CQ3FGKTM\load[2].htm (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Local\virtualstore\program files (x86)\mozilla firefox\1.htm (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\LocalLow\Sun\Java\deployment\cache\6.0\35\5e08cc63-2e6d51fa (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\Simon\AppData\Roaming\Adobe\plugs\mmc17194570.txt (Rogue.Installer.Gen) -> Quarantined and deleted successfully. Ein Quickscan erbrachte dann auch keine weiteren treffer: Datenbank Version: 6587 Windows 6.1.7600 Internet Explorer 9.0.8112.16421 16.05.2011 10:04:01 mbam-log-2011-05-16 (10-04-01).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 154338 Laufzeit: 9 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) So, dann wollte ich mit Unhide meine Dateien wieder sichtbar machen. Das Programm startete auch, doch nach etwa einer Stunde ist dann immer wieder nichts passiert. Ich solle immer nur geduld haben, während meine Daten wieder sichtbar gemacht werden. Manuell kann ich den Desktophintergrund auch nicht wieder ändern, sprich zum Beispiel eine neues Bild nehmen. Kann ich sonst noch etwas machen oder ist hier der Drops gelutscht? Bin für jede Hilfe dankbar beste Grüße Akeem |
|
16.05.2011, 14:07
| #2 |
| /// Malware-holic   | Fehlermeldung Festplattencluster geschädigt hiho
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten.
__________________ |
|
16.05.2011, 15:08
| #3 |
| | Fehlermeldung Festplattencluster geschädigt So, vielen dank schonmal!!
__________________Hab OTL jetzt ausgeführt und diese zwie Sachsen hat es ausgespuckt. Hm..die zweite Sache ist für nen Anhang zu groß, hoffe das ist kein Problem wenn ich sie in den Beitrag poste....OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.05.2011 15:12:14 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Simon\Downloads 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 32,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 231,25 Gb Total Space | 27,97 Gb Free Space | 12,09% Space Free | Partition Type: NTFS Drive D: | 458,59 Gb Total Space | 113,81 Gb Free Space | 24,82% Space Free | Partition Type: NTFS Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Simon\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.) PRC - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe () PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Simon\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.) SRV - (sdCoreService) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe (PC Tools) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (sdAuxService) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe (PC Tools) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation) SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE () SRV - (HotspotShieldService) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe () SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools) DRV:64bit: - (PCTSD) -- C:\Windows\SysNative\drivers\PCTSD64.sys (PC Tools) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\drivers\HssDrv.sys (AnchorFree Inc.) DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G DATA Software AG) DRV:64bit: - (pctEFA) -- C:\Windows\SysNative\drivers\pctEFA64.sys (PC Tools) DRV:64bit: - (pctDS) -- C:\Windows\SysNative\drivers\pctDS64.sys (PC Tools) DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation) DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation) DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM) -- C:\Windows\SysNative\drivers\s117unic.sys (MCCI Corporation) DRV:64bit: - (s117obex) -- C:\Windows\SysNative\drivers\s117obex.sys (MCCI Corporation) DRV:64bit: - (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS) -- C:\Windows\SysNative\drivers\s117nd5.sys (MCCI Corporation) DRV:64bit: - (s117mdm) -- C:\Windows\SysNative\drivers\s117mdm.sys (MCCI Corporation) DRV:64bit: - (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s117mgmt.sys (MCCI Corporation) DRV:64bit: - (s117mdfl) -- C:\Windows\SysNative\drivers\s117mdfl.sys (MCCI Corporation) DRV:64bit: - (s117bus) Sony Ericsson Device 117 driver (WDM) -- C:\Windows\SysNative\drivers\s117bus.sys (MCCI Corporation) DRV:64bit: - (whfltr2k) -- C:\Windows\SysNative\drivers\whfltr2k.sys () DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (pfc) -- C:\Windows\SysWOW64\drivers\pfc.sys (Padus, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-933275078-270321984-1768607596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-933275078-270321984-1768607596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-933275078-270321984-1768607596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 90 CC 48 91 DA CB 01 [binary data] IE - HKU\S-1-5-21-933275078-270321984-1768607596-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKU\S-1-5-21-933275078-270321984-1768607596-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-933275078-270321984-1768607596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-933275078-270321984-1768607596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63394 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.30 FF - prefs.js..extensions.enabledItems: spam@trashmail.net:2.5.2 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 63394 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\ [2011.05.16 10:11:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.29 13:18:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.13 17:12:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\components [2011.02.15 15:40:08 | 000,000,000 | ---D | M] [2010.08.31 22:46:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Extensions [2011.05.15 18:47:23 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\earxikgj.default\extensions [2010.10.13 00:16:17 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\earxikgj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.04.02 08:49:12 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\earxikgj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.03.25 14:39:22 | 000,000,000 | -H-D | M] (softonic-de3 Community Toolbar) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\earxikgj.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2011.03.25 14:39:21 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\earxikgj.default\extensions\engine@conduit.com [2010.09.28 20:44:57 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\earxikgj.default\extensions\firefox@tvunetworks.com [2011.04.05 19:29:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.04.05 19:29:01 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.08.31 22:48:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.05 17:58:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} File not found (No name found) -- [2011.05.16 10:11:33 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES (X86)\PC TOOLS SECURITY\BDT\FIREFOX [2011.05.12 22:23:38 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\SIMON\APPDATA\LOCAL\{9E0B97F5-D661-4E68-857C-E181E8875AAB} () (No name found) -- C:\USERS\SIMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EARXIKGJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\SIMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EARXIKGJ.DEFAULT\EXTENSIONS\{D49175B3-3FD8-43B8-B28E-DA5D47F3C398}.XPI () (No name found) -- C:\USERS\SIMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EARXIKGJ.DEFAULT\EXTENSIONS\SPAM@TRASHMAIL.NET.XPI [2011.04.29 13:18:26 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKU\S-1-5-21-933275078-270321984-1768607596-1000\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. O3 - HKU\S-1-5-21-933275078-270321984-1768607596-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.92.173\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [WheelMouse] C:\Advanced Wheel Mouse\wh_exec.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-933275078-270321984-1768607596-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.225 83.169.186.97 192.168.0.1 O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4c241754-61c5-11e0-aee9-001d92b6a476}\Shell - "" = AutoRun O33 - MountPoints2\{4c241754-61c5-11e0-aee9-001d92b6a476}\Shell\AutoRun\command - "" = K:\setup\rsrc\Autorun.exe O33 - MountPoints2\{4c241754-61c5-11e0-aee9-001d92b6a476}\Shell\dinstall\command - "" = K:\Directx\dxsetup.exe O33 - MountPoints2\{75defc10-1be4-11e0-a899-001d92b6a476}\Shell - "" = AutoRun O33 - MountPoints2\{75defc10-1be4-11e0-a899-001d92b6a476}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: AnyDVD - hkey= - key= - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.) MsConfig:64bit - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: PicPick Start - hkey= - key= - C:\Program Files (x86)\PicPick\picpick.exe () MsConfig:64bit - StartUpReg: Steam - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: VIDC.ZMBV - C:\Windows\SysWow64\zmbv.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.05.16 10:11:29 | 002,074,576 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2011.05.16 10:11:29 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll [2011.05.16 10:11:29 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll [2011.05.16 10:10:35 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys [2011.05.16 10:10:35 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys [2011.05.16 10:10:34 | 000,334,976 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys [2011.05.16 10:10:34 | 000,140,800 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys [2011.05.16 10:10:23 | 000,282,440 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys [2011.05.16 10:10:17 | 000,279,344 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys [2011.05.16 10:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security [2011.05.16 10:10:12 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys [2011.05.16 10:09:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2011.05.16 10:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security [2011.05.16 10:07:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011.05.13 13:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.05.13 13:11:20 | 000,000,000 | ---D | C] -- C:\Users\Simon\Documents\Simply Super Software [2011.05.13 13:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2011.05.13 13:11:16 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ztvcabinet.dll [2011.05.13 13:11:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2011.05.13 13:11:15 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Simply Super Software [2011.05.13 13:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2011.05.13 11:33:16 | 000,000,000 | -HSD | C] -- C:\found.000 [2011.05.12 22:44:33 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Roaming\Malwarebytes [2011.05.12 22:44:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.05.12 22:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.12 22:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.12 22:44:11 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.05.12 22:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.05.12 22:42:51 | 007,734,240 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\Simon\mbam-setup.exe [2011.05.12 22:23:38 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Local\{9E0B97F5-D661-4E68-857C-E181E8875AAB} [2011.05.12 13:30:42 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2011.05.12 13:30:42 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll [2011.05.12 13:30:42 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.05.12 13:30:42 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2011.05.12 13:30:42 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.05.12 13:30:42 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll [2011.05.12 13:30:42 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll [2011.05.12 13:30:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.05.12 13:30:42 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2011.05.12 13:30:42 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll [2011.05.12 13:30:42 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2011.05.12 13:30:42 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.05.12 13:30:42 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2011.05.12 13:30:42 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2011.05.12 13:30:42 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2011.05.12 13:30:42 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2011.05.12 13:30:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2011.05.12 13:30:42 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2011.05.12 13:30:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2011.05.12 13:30:42 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.05.12 13:30:41 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2011.05.12 13:30:41 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011.05.12 13:30:41 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011.05.12 13:30:41 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.05.12 13:30:41 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.05.12 13:30:41 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.05.12 13:30:41 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.05.12 13:30:41 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.05.12 13:30:41 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2011.05.12 13:30:41 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2011.05.12 13:30:41 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.05.12 13:30:41 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2011.05.12 13:30:41 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2011.05.12 13:30:41 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.05.12 13:30:41 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.05.12 13:30:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.05.12 13:30:41 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2011.05.12 13:30:41 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2011.05.12 13:30:41 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2011.05.12 13:30:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2011.05.12 13:30:41 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2011.05.12 13:30:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2011.05.12 13:30:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2011.05.12 13:30:41 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2011.05.12 13:30:41 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2011.05.12 13:30:41 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2011.05.12 13:30:41 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2011.05.12 13:30:41 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2011.05.12 13:30:41 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.05.12 13:30:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2011.05.12 13:30:41 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2011.05.12 13:30:41 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011.05.12 13:30:41 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2011.05.12 13:30:41 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2011.05.12 13:30:41 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2011.05.12 13:30:41 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2011.05.12 13:30:41 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.05.12 13:30:41 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2011.05.12 13:30:41 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2011.05.12 13:30:41 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2011.05.12 13:30:41 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2011.05.12 13:30:41 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2011.05.12 13:30:41 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2011.05.12 13:30:41 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2011.05.12 13:30:41 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2011.05.12 13:30:41 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.05.12 13:30:41 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2011.05.12 13:30:41 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2011.05.12 13:30:41 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2011.05.12 13:30:41 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2011.05.12 13:30:41 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2011.05.12 13:30:41 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2011.05.12 13:30:41 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll [2011.05.12 13:30:41 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2011.05.12 13:30:41 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.05.12 13:30:41 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.05.12 13:30:41 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2011.05.12 13:30:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.05.12 13:27:26 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe [2011.05.12 13:27:26 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe [2011.05.12 13:27:25 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2011.05.12 13:27:25 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll [2011.05.12 09:58:18 | 005,509,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011.05.12 09:58:17 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011.05.12 09:58:17 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011.05.12 09:58:11 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2011.05.12 09:58:10 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2011.05.03 21:43:11 | 000,000,000 | ---D | C] -- C:\Users\Simon\Desktop\2011-05-03 [2011.05.01 20:19:41 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Local\{613D7299-6945-4920-8B89-7A9F99175944} [2011.04.29 21:10:11 | 000,000,000 | ---D | C] -- C:\Programme\punkbuster [2011.04.29 21:03:31 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Local\PunkBuster [2011.04.28 21:20:18 | 000,000,000 | ---D | C] -- C:\Users\Simon\Documents\Battlefield 2 [2011.04.28 20:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES [2011.04.28 20:30:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA GAMES [2011.04.28 10:41:35 | 000,000,000 | ---D | C] -- C:\Users\Simon\Desktop\2011-04-28 [2011.04.28 08:19:50 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2011.04.28 08:19:49 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2011.04.28 08:19:47 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011.04.28 08:19:47 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011.04.28 08:19:32 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll [2011.04.28 08:19:31 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll [2011.04.28 08:19:31 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2011.04.28 08:19:31 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys [2011.04.28 08:19:31 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe [2011.04.28 08:19:31 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe [2011.04.28 08:19:31 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys [2011.04.28 08:19:27 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe [2011.04.28 08:19:27 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe [2011.04.21 00:02:39 | 000,000,000 | -H-D | C] -- C:\Users\Simon\AppData\Local\{151CE21D-B331-4E5D-B262-3F2BA139F253} ========== Files - Modified Within 30 Days ========== [2011.05.16 15:14:15 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-933275078-270321984-1768607596-1000UA.job [2011.05.16 14:59:14 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.16 14:59:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.16 13:36:30 | 000,001,904 | ---- | M] () -- C:\Users\Simon\Desktop\MySyncFolder.lnk [2011.05.16 13:26:51 | 000,120,507 | ---- | M] () -- C:\Users\Simon\bookmarks-2011-05-16.json [2011.05.16 11:37:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.16 10:12:28 | 001,383,976 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2011.05.15 19:14:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-933275078-270321984-1768607596-1000Core.job [2011.05.15 18:53:29 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.15 18:53:29 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.15 18:45:41 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2011.05.13 13:11:17 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011.05.13 08:45:46 | 000,502,095 | ---- | M] () -- C:\Users\Simon\unhide.exe [2011.05.13 08:37:54 | 000,000,000 | -H-- | M] () -- C:\Users\Simon\AppData\Local\Tpilamuzag.bin [2011.05.12 22:43:03 | 007,734,240 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\Simon\mbam-setup.exe [2011.05.12 22:37:55 | 000,004,740 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\F9FA.458 [2011.05.12 22:23:39 | 000,000,120 | -H-- | M] () -- C:\Users\Simon\AppData\Local\Hjujec.dat [2011.05.12 22:21:59 | 000,000,012 | ---- | M] () -- C:\ProgramData\io.ini [2011.05.12 22:21:59 | 000,000,000 | ---- | M] () -- C:\ProgramData\gjtknpsnlros.ini [2011.05.12 22:21:45 | 000,000,000 | -H-- | M] () -- C:\Users\Simon\2gweorjqjutp92vjy9gake [2011.05.12 18:41:32 | 000,234,536 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.05.12 18:41:32 | 000,234,536 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.05.12 13:30:42 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2011.05.12 13:30:42 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll [2011.05.12 13:30:42 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.05.12 13:30:42 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2011.05.12 13:30:42 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.05.12 13:30:42 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll [2011.05.12 13:30:42 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll [2011.05.12 13:30:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.05.12 13:30:42 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2011.05.12 13:30:42 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll [2011.05.12 13:30:42 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2011.05.12 13:30:42 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.05.12 13:30:42 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2011.05.12 13:30:42 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2011.05.12 13:30:42 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2011.05.12 13:30:42 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2011.05.12 13:30:42 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2011.05.12 13:30:42 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2011.05.12 13:30:42 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2011.05.12 13:30:42 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.05.12 13:30:41 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2011.05.12 13:30:41 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011.05.12 13:30:41 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011.05.12 13:30:41 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.05.12 13:30:41 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.05.12 13:30:41 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.05.12 13:30:41 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.05.12 13:30:41 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.05.12 13:30:41 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2011.05.12 13:30:41 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2011.05.12 13:30:41 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.05.12 13:30:41 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2011.05.12 13:30:41 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2011.05.12 13:30:41 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.05.12 13:30:41 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.05.12 13:30:41 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.05.12 13:30:41 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2011.05.12 13:30:41 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2011.05.12 13:30:41 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2011.05.12 13:30:41 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2011.05.12 13:30:41 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2011.05.12 13:30:41 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2011.05.12 13:30:41 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2011.05.12 13:30:41 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2011.05.12 13:30:41 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2011.05.12 13:30:41 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2011.05.12 13:30:41 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2011.05.12 13:30:41 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2011.05.12 13:30:41 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.05.12 13:30:41 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2011.05.12 13:30:41 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2011.05.12 13:30:41 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011.05.12 13:30:41 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2011.05.12 13:30:41 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2011.05.12 13:30:41 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2011.05.12 13:30:41 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2011.05.12 13:30:41 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.05.12 13:30:41 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2011.05.12 13:30:41 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2011.05.12 13:30:41 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2011.05.12 13:30:41 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2011.05.12 13:30:41 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2011.05.12 13:30:41 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2011.05.12 13:30:41 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2011.05.12 13:30:41 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2011.05.12 13:30:41 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2011.05.12 13:30:41 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2011.05.12 13:30:41 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.05.12 13:30:41 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2011.05.12 13:30:41 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2011.05.12 13:30:41 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2011.05.12 13:30:41 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2011.05.12 13:30:41 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2011.05.12 13:30:41 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2011.05.12 13:30:41 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll [2011.05.12 13:30:41 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2011.05.12 13:30:41 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.05.12 13:30:41 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.05.12 13:30:41 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2011.05.12 13:30:41 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.05.11 22:16:25 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.05.11 22:16:25 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.05.11 22:16:25 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.05.11 22:16:25 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.05.11 22:16:25 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.05.04 00:33:51 | 001,036,696 | ---- | M] () -- C:\Users\Simon\Desktop\Bafög .PDF [2011.04.29 21:37:02 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.04.27 15:37:12 | 000,149,456 | ---- | M] (PC Tools) -- C:\Windows\SGDetectionTool.dll [2011.04.27 15:37:06 | 002,074,576 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2011.04.27 15:37:06 | 001,533,904 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll [2011.04.27 15:36:58 | 000,767,952 | ---- | M] () -- C:\Windows\BDTSupport.dll ========== Files Created - No Company Name ========== [2011.05.16 13:26:48 | 000,120,507 | ---- | C] () -- C:\Users\Simon\bookmarks-2011-05-16.json [2011.05.16 10:11:30 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2011.05.16 10:11:29 | 000,002,125 | ---- | C] () -- C:\Windows\UDB.zip [2011.05.16 10:11:29 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml [2011.05.16 10:11:29 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml [2011.05.16 10:11:29 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip [2011.05.16 10:10:42 | 001,383,976 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB [2011.05.13 13:11:17 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011.05.13 13:11:16 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll [2011.05.13 13:11:16 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll [2011.05.13 13:11:16 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll [2011.05.13 13:11:15 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll [2011.05.13 08:45:35 | 000,502,095 | ---- | C] () -- C:\Users\Simon\unhide.exe [2011.05.12 22:23:39 | 000,000,120 | -H-- | C] () -- C:\Users\Simon\AppData\Local\Hjujec.dat [2011.05.12 22:23:39 | 000,000,000 | -H-- | C] () -- C:\Users\Simon\AppData\Local\Tpilamuzag.bin [2011.05.12 22:23:03 | 000,004,740 | -H-- | C] () -- C:\Users\Simon\AppData\Roaming\F9FA.458 [2011.05.12 22:21:59 | 000,000,012 | ---- | C] () -- C:\ProgramData\io.ini [2011.05.12 22:21:59 | 000,000,000 | ---- | C] () -- C:\ProgramData\gjtknpsnlros.ini [2011.05.12 22:21:45 | 000,000,000 | -H-- | C] () -- C:\Users\Simon\2gweorjqjutp92vjy9gake [2011.05.12 13:30:41 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2011.05.12 13:30:41 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2011.05.04 00:33:51 | 001,036,696 | ---- | C] () -- C:\Users\Simon\Desktop\Bafög .PDF [2011.04.29 21:37:26 | 000,234,536 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.04.29 21:37:07 | 000,234,536 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.04.29 21:37:02 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.04.29 21:25:57 | 000,846,336 | ---- | C] () -- C:\Users\Simon\Desktop\pbsetup.exe [2011.04.08 18:27:24 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2011.04.05 19:29:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.03.14 22:55:56 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.02.06 22:06:09 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.02.06 22:06:09 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.11.08 23:54:33 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini [2010.11.08 23:54:33 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini [2010.11.08 23:51:46 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.04.09 21:08:26 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\zmbv.dll [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.02.26 08:50:32 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config [2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys ========== LOP Check ========== [2010.12.04 12:23:34 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\Amazon [2010.11.18 09:15:17 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\Ashampoo [2011.05.16 13:36:30 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\ASUS WebStorage [2010.10.07 13:46:02 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\Canon [2010.09.01 11:25:06 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\COMPUTERBILD-Abzockschutz [2011.04.08 18:09:00 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\DAEMON Tools Lite [2011.04.10 23:47:41 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers [2011.04.29 15:08:39 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\GetRightToGo [2011.01.23 11:50:36 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\Gutscheinmieze [2010.08.31 20:14:33 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\OpenOffice.org [2011.04.16 12:46:22 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\Rovio [2011.02.11 17:24:45 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\Samsung [2010.09.27 13:10:09 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\ScummVM [2011.05.13 13:11:15 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Simply Super Software [2011.02.04 21:04:43 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\temp [2011.03.18 15:07:26 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\TuneUp Software [2010.09.03 17:18:59 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\Windows SideBar [2011.04.20 16:01:44 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.05.12 22:21:45 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\Adobe [2010.12.04 12:23:34 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\Amazon [2010.11.18 09:15:17 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\Ashampoo [2011.05.16 13:36:30 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\ASUS WebStorage [2010.09.01 16:07:55 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\Avira [2010.10.07 13:46:02 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\Canon [2010.09.01 11:25:06 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\COMPUTERBILD-Abzockschutz [2011.04.08 18:09:00 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\DAEMON Tools Lite [2011.03.15 21:23:34 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\DivX [2011.03.07 14:49:24 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\dvdcss [2011.04.10 23:47:41 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers [2011.04.29 15:08:39 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\GetRightToGo [2011.01.23 11:50:36 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\Gutscheinmieze [2010.08.31 18:38:12 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\Identities [2010.08.31 20:16:06 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\Macromedia [2011.05.12 22:44:33 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\Malwarebytes [2009.07.14 20:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\Media Center Programs [2011.05.12 22:23:02 | 000,000,000 | --SD | M] -- C:\Users\Simon\AppData\Roaming\Microsoft [2010.08.31 22:46:28 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\Mozilla [2010.08.31 20:14:33 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\OpenOffice.org [2011.04.16 12:46:22 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\Rovio [2011.02.11 17:24:45 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\Samsung [2010.09.27 13:10:09 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\ScummVM [2011.01.31 14:44:12 | 000,000,000 | RH-D | M] -- C:\Users\Simon\AppData\Roaming\SecuROM [2011.05.13 13:11:15 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Simply Super Software [2011.04.06 00:29:22 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\Skype [2011.04.06 00:02:37 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\skypePM [2011.02.04 21:04:43 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\temp [2011.03.18 15:07:26 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\TuneUp Software [2010.11.09 10:08:55 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\vlc [2010.09.03 17:18:59 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\Windows SideBar [2010.09.01 15:33:16 | 000,000,000 | -H-D | M] -- C:\Users\Simon\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.03.17 11:21:00 | 014,462,304 | -H-- | M] () -- C:\Users\Simon\AppData\Roaming\ASUS WebStorage\Update\ASUSWebStorage3.0.92.173.exe [2010.06.10 14:19:22 | 000,825,856 | -H-- | M] (Synatix GmbH) -- C:\Users\Simon\AppData\Roaming\Gutscheinmieze\uninstall.exe [2011.02.24 17:34:43 | 000,010,134 | RH-- | M] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 < End of report > beste Grüße Akeem |
|
16.05.2011, 15:24
| #4 |
| /// Malware-holic | Fehlermeldung Festplattencluster geschädigt • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found [2011.05.13 08:37:54 | 000,000,000 | -H-- | M] () -- C:\Users\Simon\AppData\Local\Tpilamuzag.bin [2011.05.12 22:23:39 | 000,000,120 | -H-- | M] () -- C:\Users\Simon\AppData\Local\Hjujec.dat [2011.05.12 22:21:59 | 000,000,012 | ---- | M] () -- C:\ProgramData\io.ini [2011.05.12 22:21:59 | 000,000,000 | ---- | M] () -- C:\ProgramData\gjtknpsnlros.ini [2011.05.12 22:21:45 | 000,000,000 | -H-- | M] () -- C:\Users\Simon\2gweorjqjutp92vjy9gake :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.05.2011, 18:22
| #5 |
| | Fehlermeldung Festplattencluster geschädigt So, hat ein bisserl länger gedauert, musste in die Uni. Dankeschön All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. C:\Users\Simon\AppData\Local\Tpilamuzag.bin moved successfully. C:\Users\Simon\AppData\Local\Hjujec.dat moved successfully. C:\ProgramData\io.ini moved successfully. C:\ProgramData\gjtknpsnlros.ini moved successfully. C:\Users\Simon\2gweorjqjutp92vjy9gake moved successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: Simon ->Flash cache emptied: 121854 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Simon ->Temp folder emptied: 16115953 bytes ->Temporary Internet Files folder emptied: 131945006 bytes ->Java cache emptied: 7440481 bytes ->FireFox cache emptied: 105257571 bytes ->Google Chrome cache emptied: 23397721 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1412428 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes RecycleBin emptied: 512992 bytes Total Files Cleaned = 273,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 05162011_162644 Files\Folders moved on Reboot... C:\Users\Simon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... |
|
16.05.2011, 18:23
| #6 |
| /// Malware-holic | Fehlermeldung Festplattencluster geschädigt und das noch zum abend hin, du armer :d bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ --> Fehlermeldung Festplattencluster geschädigt |
|
16.05.2011, 18:29
| #7 |
| | Fehlermeldung Festplattencluster geschädigt Tja, bleibt nicht aus  Wird erledigt. |
|
16.05.2011, 19:58
| #8 |
| | Fehlermeldung Festplattencluster geschädigt So, was lange wärt wird endlich gut. Hier das Ergebnis ComboFix 11-05-16.01 - Simon 16.05.2011 19:35:37.1.4 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4095.2797 [GMT 2:00] ausgeführt von:: C:\Users\Simon\Downloads\ComboFix.exe AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files (x86)\Hotspot Shield\HssIE\HsSIe.dll C:\Users\Simon\AppData\Local\{9E0B97F5-D661-4E68-857C-E181E8875AAB} C:\Users\Simon\AppData\Local\{9E0B97F5-D661-4E68-857C-E181E8875AAB}\chrome.manifest C:\Users\Simon\AppData\Local\{9E0B97F5-D661-4E68-857C-E181E8875AAB}\chrome\content\_cfg.js C:\Users\Simon\AppData\Local\{9E0B97F5-D661-4E68-857C-E181E8875AAB}\chrome\content\overlay.xul C:\Users\Simon\AppData\Local\{9E0B97F5-D661-4E68-857C-E181E8875AAB}\install.rdf C:\Users\Simon\AppData\Roaming\Adobe\plugs C:\Users\Simon\AppData\Roaming\Adobe\shed C:\Users\Simon\AppData\Roaming\Adobe\shed\thr1.chm C:\Users\Simon\mbam-setup.exe C:\Users\Simon\Nero7590.exe C:\Users\Simon\SetupAnyDVD6603.exe C:\Users\Simon\unhide.exe ((((((((((((((((((((((( Dateien erstellt von 2011-04-16 bis 2011-05-16 )))))))))))))))))))))))))))))) 2011-05-16 17:50:09 . 2011-05-16 17:50:09 -------- d-----w- C:\Users\Default\AppData\Local\temp 2011-05-16 14:26:44 . 2011-05-16 14:26:44 -------- d-----w- C:\_OTL 2011-05-16 08:11:30 . 2011-04-27 13:36:58 767952 ----a-w- C:\Windows\BDTSupport.dll 2011-05-16 08:11:29 . 2011-04-27 13:37:12 149456 ----a-w- C:\Windows\SGDetectionTool.dll 2011-05-16 08:11:29 . 2011-04-27 13:37:06 2074576 ----a-w- C:\Windows\PCTBDCore.dll 2011-05-16 08:11:29 . 2011-04-27 13:37:06 1533904 ----a-w- C:\Windows\PCTBDRes.dll 2011-05-16 08:10:35 . 2010-07-16 12:53:32 816016 ----a-w- C:\Windows\system32\drivers\pctEFA64.sys 2011-05-16 08:10:35 . 2010-06-29 08:35:34 452872 ----a-w- C:\Windows\system32\drivers\pctDS64.sys 2011-05-16 08:10:34 . 2011-03-24 10:39:32 140800 ----a-w- C:\Windows\system32\drivers\pctwfpfilter64.sys 2011-05-16 08:10:34 . 2011-01-17 07:09:58 334976 ----a-w- C:\Windows\system32\drivers\pctgntdi64.sys 2011-05-16 08:10:23 . 2011-03-10 08:07:24 282440 ----a-w- C:\Windows\system32\drivers\PCTCore64.sys 2011-05-16 08:10:17 . 2011-03-10 07:08:22 279344 ----a-w- C:\Windows\system32\drivers\PCTSD64.sys 2011-05-16 08:10:12 . 2010-12-16 05:46:10 92896 ----a-w- C:\Windows\system32\drivers\pctplsg64.sys 2011-05-16 08:09:46 . 2011-05-16 08:12:49 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools 2011-05-16 08:09:45 . 2011-05-16 08:21:47 -------- d-----w- C:\Program Files (x86)\PC Tools Security 2011-05-16 08:07:53 . 2011-05-16 08:10:15 -------- d-----w- C:\ProgramData\PC Tools 2011-05-13 11:11:16 . 2006-06-19 11:01:38 69632 ----a-w- C:\Windows\SysWow64\ztvcabinet.dll 2011-05-13 11:11:16 . 2006-05-25 13:52:46 162304 ----a-w- C:\Windows\SysWow64\ztvunrar36.dll 2011-05-13 11:11:16 . 2005-08-25 23:50:00 77312 ----a-w- C:\Windows\SysWow64\ztvunace26.dll 2011-05-13 11:11:16 . 2002-03-05 23:00:00 75264 ----a-w- C:\Windows\SysWow64\unacev2.dll 2011-05-13 11:11:15 . 2011-05-13 11:11:17 -------- d-----w- C:\Program Files (x86)\Trojan Remover 2011-05-13 11:11:15 . 2011-05-13 11:11:15 -------- d-----w- C:\Users\Simon\AppData\Roaming\Simply Super Software 2011-05-13 11:11:15 . 2011-05-13 11:11:15 -------- d-----w- C:\ProgramData\Simply Super Software 2011-05-13 11:11:15 . 2003-02-02 18:06:02 153088 ----a-w- C:\Windows\SysWow64\UNRAR3.dll 2011-05-13 09:33:16 . 2011-05-13 09:33:16 -------- d-----w- C:\found.000 2011-05-13 06:37:03 . 2011-04-11 08:21:00 8802128 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F28E1001-1CDB-4509-A692-CB15747A3AA5}\mpengine.dll 2011-05-12 20:44:33 . 2011-05-12 20:44:33 -------- d--h--w- C:\Users\Simon\AppData\Roaming\Malwarebytes 2011-05-12 20:44:15 . 2010-12-20 16:09:00 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-05-12 20:44:14 . 2011-05-12 20:44:14 -------- d-----w- C:\ProgramData\Malwarebytes 2011-05-12 20:44:11 . 2011-05-12 20:44:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-05-12 20:44:11 . 2010-12-20 16:08:40 24152 ----a-w- C:\Windows\system32\drivers\mbam.sys 2011-05-12 14:29:29 . 2011-05-12 14:29:29 -------- d-----w- C:\Windows\SysWow64\wbem\en-US 2011-05-12 14:29:25 . 2011-05-12 14:29:25 -------- d-----w- C:\Windows\system32\wbem\en-US 2011-05-12 11:27:26 . 2011-04-09 06:58:56 142336 ----a-w- C:\Windows\system32\poqexec.exe 2011-05-12 11:27:26 . 2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe 2011-05-12 11:27:25 . 2011-01-17 06:17:00 197120 ----a-w- C:\Windows\system32\d3d10_1.dll 2011-05-12 11:27:25 . 2011-01-17 05:38:38 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2011-05-12 07:58:18 . 2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\system32\ntoskrnl.exe 2011-05-12 07:58:17 . 2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2011-05-12 07:58:17 . 2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2011-05-12 07:58:11 . 2011-03-25 03:23:03 324608 ----a-w- C:\Windows\system32\drivers\usbport.sys 2011-05-12 07:58:11 . 2011-03-25 03:22:57 52224 ----a-w- C:\Windows\system32\drivers\usbehci.sys 2011-05-12 07:58:10 . 2011-03-25 03:23:22 343040 ----a-w- C:\Windows\system32\drivers\usbhub.sys 2011-05-12 07:58:10 . 2011-03-25 03:23:03 98816 ----a-w- C:\Windows\system32\drivers\usbccgp.sys 2011-05-12 07:58:10 . 2011-03-25 03:22:56 25600 ----a-w- C:\Windows\system32\drivers\usbohci.sys 2011-05-12 07:58:10 . 2011-03-25 03:22:55 30720 ----a-w- C:\Windows\system32\drivers\usbuhci.sys 2011-05-12 07:58:10 . 2011-03-25 03:22:51 7936 ----a-w- C:\Windows\system32\drivers\usbd.sys 2011-05-01 18:19:41 . 2011-05-01 18:19:52 -------- d--h--w- C:\Users\Simon\AppData\Local\{613D7299-6945-4920-8B89-7A9F99175944} 2011-04-29 19:37:26 . 2011-05-12 16:41:32 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2011-04-29 19:37:07 . 2011-05-12 16:41:32 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2011-04-29 19:37:02 . 2011-04-29 19:37:02 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2011-04-29 19:10:11 . 2011-04-29 19:11:36 -------- d-----w- C:\Program Files\punkbuster 2011-04-29 19:03:31 . 2011-04-29 19:03:31 -------- d--h--w- C:\Users\Simon\AppData\Local\PunkBuster 2011-04-28 18:30:56 . 2011-04-28 18:30:56 -------- d-----w- C:\Program Files (x86)\EA GAMES 2011-04-28 18:26:57 . 2004-10-22 00:18:12 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll 2011-04-28 18:26:57 . 2004-10-22 00:17:48 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll 2011-04-28 18:26:57 . 2004-10-22 00:17:04 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll 2011-04-28 18:26:57 . 2004-10-22 00:16:28 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll 2011-04-28 18:26:57 . 2004-10-22 00:16:10 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe 2011-04-28 18:26:51 . 2011-04-28 18:26:51 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll 2011-04-28 18:26:51 . 2011-04-28 18:26:51 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll 2011-04-20 22:02:39 . 2011-04-20 22:03:00 -------- d--h--w- C:\Users\Simon\AppData\Local\{151CE21D-B331-4E5D-B262-3F2BA139F253} . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) 2011-04-08 15:32:24 . 2011-04-08 15:32:24 254528 ----a-w- C:\Windows\system32\drivers\dtsoftbus01.sys 2011-03-17 06:58:00 . 2010-06-24 10:33:56 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-03-11 06:19:26 . 2011-04-14 07:59:56 1359872 ----a-w- C:\Windows\system32\mfc42u.dll 2011-03-11 06:19:26 . 2011-04-14 07:59:55 1395712 ----a-w- C:\Windows\system32\mfc42.dll 2011-03-11 05:40:24 . 2011-04-14 07:59:55 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll 2011-03-11 05:40:24 . 2011-04-14 07:59:55 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll 2011-03-08 06:14:30 . 2011-04-14 07:59:20 976896 ----a-w- C:\Windows\system32\inetcomm.dll 2011-03-08 05:38:13 . 2011-04-14 07:59:19 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-03-04 06:17:25 . 2011-04-28 06:19:38 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2011-03-04 06:17:24 . 2011-04-28 06:19:38 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2011-03-03 06:17:10 . 2011-04-14 07:59:21 182272 ----a-w- C:\Windows\system32\dnsrslvr.dll 2011-03-03 06:14:38 . 2011-04-14 07:59:21 30208 ----a-w- C:\Windows\system32\dnscacheugc.exe 2011-03-03 05:27:30 . 2011-04-14 07:59:21 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe 2011-03-03 03:58:32 . 2011-04-14 07:59:59 3133440 ----a-w- C:\Windows\system32\win32k.sys 2011-02-24 06:30:00 . 2011-04-14 08:00:13 476160 ----a-w- C:\Windows\system32\XpsGdiConverter.dll 2011-02-24 05:32:52 . 2011-04-14 08:00:12 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2011-02-23 05:16:28 . 2011-04-14 07:59:52 461312 ----a-w- C:\Windows\system32\drivers\srv.sys 2011-02-23 05:16:01 . 2011-04-14 07:59:52 401920 ----a-w- C:\Windows\system32\drivers\srv2.sys 2011-02-23 05:15:50 . 2011-04-14 07:59:52 161792 ----a-w- C:\Windows\system32\drivers\srvnet.sys 2011-02-23 05:15:27 . 2011-04-14 07:59:15 157696 ----a-w- C:\Windows\system32\drivers\mrxsmb.sys 2011-02-23 05:15:14 . 2011-04-14 07:59:15 286720 ----a-w- C:\Windows\system32\drivers\mrxsmb10.sys 2011-02-23 05:15:13 . 2011-04-14 07:59:15 126464 ----a-w- C:\Windows\system32\drivers\mrxsmb20.sys 2011-02-23 05:15:06 . 2011-04-14 07:59:15 90624 ----a-w- C:\Windows\system32\drivers\bowser.sys 2011-02-19 06:37:44 . 2011-03-09 07:43:40 1135104 ----a-w- C:\Windows\system32\FntCache.dll 2011-02-19 06:37:10 . 2011-03-09 07:43:39 1540608 ----a-w- C:\Windows\system32\DWrite.dll 2011-02-19 06:36:49 . 2011-03-09 07:43:39 902656 ----a-w- C:\Windows\system32\d2d1.dll 2011-02-19 06:36:13 . 2011-04-14 07:59:49 46080 ----a-w- C:\Windows\system32\atmlib.dll 2011-02-19 05:32:48 . 2011-03-09 07:43:39 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll 2011-02-19 05:32:35 . 2011-03-09 07:43:39 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2011-02-19 05:32:08 . 2011-04-14 07:59:49 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2011-02-19 04:13:39 . 2011-04-14 07:59:50 367104 ----a-w- C:\Windows\system32\atmfd.dll 2011-02-19 03:37:02 . 2011-04-14 07:59:49 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll 2006-05-03 09:06:54 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll 2007-02-21 10:47:16 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll 2008-03-16 12:30:52 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-07-14 01:39:41 1475072] "DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 09:20:12 1305408] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 15:58:27 281768] "WheelMouse"="C:\ADVANC~1\wh_exec.exe" [2007-11-10 21:31:56 98304] "ASUSWebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.92.173\AsusWSPanel.exe" [2011-03-16 06:36:12 734544] "TrojanScanner"="C:\Program Files (x86)\Trojan Remover\Trjscan.exe" [2010-07-05 10:49:06 1167296] "PCTools FGuard"="C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe" [2011-04-27 13:37:02 247760] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime "Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 11:16:28 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576] R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 15:15:06 136176] R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2010-09-22 19:19:06 325168] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 13:39:34 128928] R3 GDPkIcpt;GDPkIcpt;C:\Windows\system32\drivers\PktIcpt.sys [x] R3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 15:15:06 136176] R3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-02-18 09:14:04 371472] R3 TFsExDisk;TFsExDisk;C:\Windows\System32\Drivers\TFsExDisk.sys [2010-06-14 08:32:54 16448] S0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys [x] S0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys [x] S0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys [x] S2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-04 08:57:42 136360] S2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-04-27 13:37:00 337872] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2011-01-12 16:36:56 1403200] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-24 13:41:50 11856] S3 whfltr2k;WheelMouse USB Lower Filter Driver;C:\Windows\system32\DRIVERS\whfltr2k.sys [x] Inhalt des "geplante Tasks" Ordners 2011-05-16 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 15:15:09 . 2010-09-28 15:15:06] 2011-05-16 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 15:15:09 . 2010-09-28 15:15:06] 2011-05-16 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-933275078-270321984-1768607596-1000Core.job - C:\Users\Simon\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-30 18:04:00 . 2010-10-18 17:49:28] 2011-05-16 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-933275078-270321984-1768607596-1000UA.job - C:\Users\Simon\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-30 18:04:00 . 2010-10-18 17:49:28] --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] 2010-09-22 19:19:38 284208 ----a-w- C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2010-09-02 08:41:02 220160 ----a-w- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.92.173\AsusWSShellExt64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2010-09-02 08:41:02 220160 ----a-w- C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.92.173\AsusWSShellExt64.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 16:25:38 11101800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp ------- Zusätzlicher Suchlauf ------- uLocal Page = C:\Windows\system32\blank.htm mLocal Page = C:\Windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = http=127.0.0.1:63394 IE: Free YouTube Download - C:\Users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Free YouTube to Mp3 Converter - C:\Users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll FF - ProfilePath - C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\earxikgj.default\ FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 63394 FF - prefs.js: network.proxy.type - 0 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 - - - - Entfernte verwaiste Registrierungseinträge - - - - URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file) WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file) |
|
16.05.2011, 20:04
| #9 |
| /// Malware-holic | Fehlermeldung Festplattencluster geschädigt das log ist nicht vollständig, bitte alles posten. oder als datei anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.05.2011, 20:06
| #10 |
| | Fehlermeldung Festplattencluster geschädigt Hm...grad nochmal geguckt...ist alles was er ausgespuckt hat... Soll ich es nochmal machen? |
|
16.05.2011, 20:19
| #11 |
| /// Malware-holic | Fehlermeldung Festplattencluster geschädigt eig kann das nicht sein, häng mal die ganze txt als datei hier an.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.05.2011, 23:03
| #12 |
| | Fehlermeldung Festplattencluster geschädigt So, hier jetzt nochmal der text als Datei...evtl hab ich ja was übersehen, kann ja schon mal vorkommen  |
|
17.05.2011, 10:53
| #13 |
| /// Malware-holic | Fehlermeldung Festplattencluster geschädigt hi, öffne mal computer c: qoobox rechtsklick quarantain, mit winrar oder zip packen, im upload channel hochladen. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.05.2011, 13:21
| #14 |
| | Fehlermeldung Festplattencluster geschädigt Servus, er ist schon geraume Zeit dabei, die Datei hochzuladen...vlt wird das ja heute noch was.... |
|
17.05.2011, 14:40
| #15 |
| /// Malware-holic | Fehlermeldung Festplattencluster geschädigt die ist bestimmt zu groß. lad die datei bei File-Upload.net - Ihr kostenloser File Hoster! hoch und sende mir den link als private nachicht.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Fehlermeldung Festplattencluster geschädigt |
| adobe, backdoor.cycbot.gen, bild, csrss.exe, dateien, desktop, explorer, fehlermeldung, festplatte, fetsplattencluster, firefox, hintergrund, host.exe, infizierte, infizierte dateien, keine dateien, löschen, malwarebyte, microsoft, mozilla, neu, programm, rogue.installer.gen, rootkit.tdss.gen, setup, software, system, system neu, temp, trojan.agent, viren, warnung, winlogon, ändern |
Linear-Darstellung
