|
Log-Analyse und Auswertung: Windows Recovery + TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.06.2011, 15:00 | #1 |
| Windows Recovery + Trojaner Hallo! Ich hatte vor ein paar Tagen probleme mit Windows Recovery. Es müsste eigendlich gelöscht sein, Dateien sind auch wieder sichtbar etc. Dank der unhide.exe, welche ich hier im Forum fand. Allerdings gab es nun ein weiteres Problem.. Der Schöpfer des (anscheinend) Trojaners, welchen ich mir eingefangen habe, meinte meinen Mauszeiger steuern zu müssen und auf Systemsteuerung zu klicken. (Ziemlich bescheuert, ich hätte es ansonsten doch garnicht gemerkt, dass ich diesen Trojaner auf meinem Laptop habe.) Denn HijackThis hat ausgespuckt, alle Prozesse wären sicher, Malwarebytes fand nichts mehr und TDSSKiller fand auch nichts. Hier die OTL Logfiles: Anhang 18511 Die OTL File war leider zu groß um sie als Anhang Hochzuladen... Deshalb habe ich sie normal gepostet und mit blauer Schriftfarbe unterlegt. OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.06.2011 15:42:47 - Run 3 Code:
ATTFilter OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Gary\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free 5,00 Gb Paging File | 3,00 Gb Available in Paging File | 65,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 8,48 Gb Free Space | 5,89% Space Free | Partition Type: NTFS Drive D: | 140,50 Gb Total Space | 21,63 Gb Free Space | 15,40% Space Free | Partition Type: NTFS Computer Name: WHATEVER | User Name: Gary | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [COLOR=blue]========== Processes (SafeList) ========== PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Users\Gary\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Users\Gary\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\MySQL\MySQL Server 5.5\bin\mysqld.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.) PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe () PRC - C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) PRC - C:\Programme\Common Files\SPBA\upeksvr.exe (UPEK Inc.) PRC - c:\Programme\Common Files\Mcafee\MNA\McNASvc.exe (McAfee, Inc.) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\ACER\Mobility Center\MobilityService.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Gary\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (MySQL) -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe () SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe () SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (McNASvc) -- c:\Programme\Common Files\Mcafee\MNA\McNASvc.exe (McAfee, Inc.) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation) DRV - (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) -- C:\Windows\System32\drivers\ssceserd.sys (MCCI Corporation) DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (appliandMP) -- C:\Windows\System32\drivers\appliand.sys (Applian Technologies Inc.) DRV - (appliand) -- C:\Windows\System32\drivers\appliand.sys (Applian Technologies Inc.) DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation) DRV - (KORGUMDS) -- C:\Windows\System32\drivers\KORGUMDS.SYS (KORG INC.) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.) DRV - (TPkd) -- C:\Windows\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (ISODrive) -- C:\Programme\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.) DRV - (ahcix86s) -- C:\Windows\system32\DRIVERS\ahcix86s.sys (AMD Technologies Inc.) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.) DRV - (anf0100.sys) -- C:\Windows\System32\drivers\anf0100.sys (Netmarketing Pawel Wisniewski) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys () DRV - (EverestDriver) -- C:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0510&m=aspire_6530g IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=GRfox000&ptb=3UCC9T1IeBGiVweK6SUqKw IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..extensions.enabledItems: video.downloader.plugin@ffpimp.com:3.3.1 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.04 15:08:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.04 15:08:02 | 000,000,000 | ---D | M] [2010.12.15 17:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary\AppData\Roaming\mozilla\Extensions [2010.12.15 17:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com [2011.06.03 19:14:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary\AppData\Roaming\mozilla\Firefox\Profiles\r00jl7tk.default\extensions [2011.06.03 18:44:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gary\AppData\Roaming\mozilla\Firefox\Profiles\r00jl7tk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.05.30 01:31:31 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Gary\AppData\Roaming\mozilla\Firefox\Profiles\r00jl7tk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.05.30 01:31:32 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Gary\AppData\Roaming\mozilla\Firefox\Profiles\r00jl7tk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.05.30 01:31:32 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Gary\AppData\Roaming\mozilla\Firefox\Profiles\r00jl7tk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.05.30 01:31:32 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Gary\AppData\Roaming\mozilla\Firefox\Profiles\r00jl7tk.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8} [2011.05.30 01:31:32 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Gary\AppData\Roaming\mozilla\Firefox\Profiles\r00jl7tk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.05.30 01:31:28 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Gary\AppData\Roaming\mozilla\Firefox\Profiles\r00jl7tk.default\extensions\firebug@software.joehewitt.com [2011.05.30 01:31:31 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\Gary\AppData\Roaming\mozilla\Firefox\Profiles\r00jl7tk.default\extensions\video.downloader.plugin@ffpimp.com [2010.12.06 17:25:50 | 000,000,873 | ---- | M] () -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\r00jl7tk.default\searchplugins\conduit.xml [2011.05.28 20:07:58 | 000,001,056 | ---- | M] () -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\r00jl7tk.default\searchplugins\icqplugin.xml [2010.11.02 23:34:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.07.03 15:20:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.10 18:18:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.06.04 15:07:54 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.06.04 15:07:54 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.06.04 15:07:54 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.06.04 15:07:54 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.06.04 15:07:54 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.01.19 16:31:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\Gary\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gary\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O20 - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Users\Gary\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Gary\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.06.03 12:55:30 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll [2011.06.03 12:55:29 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll [2011.06.03 12:55:28 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll [2011.06.03 12:55:27 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll [2011.06.03 12:55:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2011.06.03 12:55:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll [2011.06.03 12:55:27 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll [2011.06.03 12:55:27 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll [2011.06.03 12:55:26 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll [2011.06.03 12:55:26 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll [2011.06.03 12:55:25 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll [2011.06.03 12:55:25 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll [2011.06.03 12:55:25 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll [2011.06.03 12:55:25 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll [2011.06.03 12:55:24 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll [2011.06.03 12:55:24 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll [2011.06.03 12:55:24 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll [2011.06.03 12:55:24 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll [2011.06.03 12:55:23 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll [2011.06.03 12:55:22 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll [2011.06.03 12:55:22 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll [2011.06.03 12:55:22 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll [2011.06.03 12:55:22 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll [2011.06.03 12:55:22 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll [2011.06.03 12:50:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011.06.03 12:47:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2011.06.03 12:47:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2011.06.03 12:47:17 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2011.06.03 12:47:17 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2011.06.03 12:47:15 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2011.06.03 12:47:15 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2011.06.03 12:47:10 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2011.06.03 12:47:10 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2011.06.03 12:47:10 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2011.06.03 12:47:10 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2011.06.03 12:47:09 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2011.06.03 12:46:57 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2011.06.03 12:46:57 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2011.06.03 12:46:56 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2011.06.03 12:46:56 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2011.06.03 12:46:56 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2011.06.02 16:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2011.06.02 16:20:44 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Malwarebytes [2011.06.02 16:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.06.02 16:20:22 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.06.02 16:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.06.02 16:20:16 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.06.02 16:20:15 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.06.02 15:42:43 | 000,000,000 | ---D | C] -- C:\Benutzer [2011.06.02 15:41:34 | 000,000,000 | ---D | C] -- C:\User [2011.06.02 15:16:11 | 001,553,408 | ---- | C] (Image-Line) -- C:\Windows\System32\FLEngine.dll [2011.06.02 14:01:23 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Thinstall [2011.06.02 13:00:36 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.05.31 22:52:34 | 000,000,000 | ---D | C] -- C:\Casino [2011.05.31 21:50:06 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2011.05.31 00:13:30 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2011.05.30 23:34:35 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll [2011.05.30 23:34:33 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll [2011.05.30 23:34:32 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe [2011.05.30 23:34:32 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl [2011.05.30 23:34:31 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll [2011.05.30 23:34:27 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll [2011.05.30 23:21:39 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll [2011.05.30 23:21:31 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll [2011.05.30 23:18:35 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2011.05.30 23:18:29 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll [2011.05.30 23:17:27 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0 [2011.05.30 23:15:16 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2011.05.30 23:15:00 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll [2011.05.30 23:14:59 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE [2011.05.30 23:14:59 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE [2011.05.30 23:14:59 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe [2011.05.30 23:14:58 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE [2011.05.30 23:14:58 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE [2011.05.30 23:14:58 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE [2011.05.30 23:14:18 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.05.30 23:14:17 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.05.30 23:12:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2011.05.30 23:12:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2011.05.30 23:12:46 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2011.05.30 23:12:44 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb [2011.05.30 23:12:44 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb [2011.05.30 23:12:38 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll [2011.05.30 23:12:38 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll [2011.05.30 23:12:37 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll [2011.05.30 23:11:52 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll [2011.05.30 23:11:43 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll [2011.05.30 23:11:38 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll [2011.05.30 23:11:17 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll [2011.05.30 23:10:10 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.05.30 23:10:09 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll [2011.05.30 23:10:09 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll [2011.05.30 23:10:09 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll [2011.05.30 23:10:09 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll [2011.05.30 23:10:09 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.05.30 23:10:09 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe [2011.05.30 23:09:51 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2011.05.30 23:09:24 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL [2011.05.30 23:09:22 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.05.30 23:09:10 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll [2011.05.30 23:09:08 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.05.30 23:09:07 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2011.05.30 23:09:07 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.05.30 23:09:07 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll [2011.05.30 23:09:02 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.05.30 23:08:56 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.05.30 23:08:55 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.05.30 23:08:55 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.05.30 23:08:54 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.05.30 23:08:54 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.05.30 23:08:53 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.05.30 23:08:53 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.05.30 23:08:53 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.05.30 23:08:53 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.05.30 23:08:53 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.05.30 23:08:52 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.05.30 23:08:42 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll [2011.05.30 23:08:42 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll [2011.05.30 23:08:37 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2011.05.30 23:08:37 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2011.05.30 23:08:30 | 001,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2011.05.30 23:08:14 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll [2011.05.30 23:08:08 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll [2011.05.30 23:08:07 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe [2011.05.30 23:07:58 | 002,041,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.05.30 23:07:55 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.05.30 23:07:55 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.05.30 23:07:53 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.05.30 23:07:52 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.05.30 23:07:45 | 000,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll [2011.05.30 23:07:42 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.05.30 23:07:42 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.05.30 23:07:41 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.05.30 23:07:41 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011.05.30 23:07:37 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2011.05.30 23:07:37 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2011.05.30 23:07:36 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2011.05.30 23:07:01 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.05.30 23:06:44 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2011.05.30 23:06:24 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll [2011.05.30 23:06:17 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.05.30 23:06:01 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll [2011.05.30 23:06:01 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx [2011.05.30 23:06:01 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe [2011.05.30 23:05:59 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2011.05.30 23:05:54 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll [2011.05.30 23:05:54 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll [2011.05.30 23:05:52 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2011.05.30 23:05:47 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll [2011.05.30 23:05:47 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2011.05.30 23:05:47 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2011.05.30 23:05:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll [2011.05.30 23:05:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.05.30 23:04:59 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2011.05.30 23:04:56 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2011.05.30 23:04:51 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2011.05.30 23:04:48 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll [2011.05.30 23:04:48 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll [2011.05.30 23:04:45 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll [2011.05.30 23:04:45 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.05.30 23:04:43 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2011.05.30 23:04:38 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2011.05.30 23:04:35 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2011.05.30 23:04:32 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011.05.30 23:02:43 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL [2011.05.30 22:19:35 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2011.05.30 22:19:34 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2011.05.30 22:19:01 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2011.05.30 22:19:01 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2011.05.30 22:19:01 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2011.05.30 22:18:53 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2011.05.30 22:18:53 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2011.05.26 20:47:50 | 000,000,000 | ---D | C] -- C:\Programme\Pivot Stickfigure Animator [2011.05.26 16:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap [2011.05.26 16:55:19 | 000,000,000 | ---D | C] -- C:\Programme\WinPcap [2011.05.26 16:55:11 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain [2011.05.26 16:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain [2011.05.26 16:55:08 | 000,000,000 | ---D | C] -- C:\Programme\Cain [2011.05.25 23:28:04 | 000,000,000 | ---D | C] -- C:\Users\Gary\Documents\Sticks [2011.05.25 22:39:04 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Untitled [2011.05.25 22:09:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pivot Stickfigure Animator [2011.05.24 22:37:57 | 000,000,000 | ---D | C] -- C:\Programme\InterLok [2011.05.24 20:49:51 | 000,520,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DBGrid32.ocx [2011.05.24 20:49:51 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mr.Big App's [2011.05.24 20:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr.Big App's [2011.05.24 20:49:50 | 001,028,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.009 [2011.05.24 20:49:50 | 000,403,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msrepl35.dll [2011.05.24 20:49:50 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.008 [2011.05.24 20:49:50 | 000,278,559 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.006 [2011.05.24 20:49:50 | 000,251,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msrd2x35.dll [2011.05.24 20:49:50 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Odbctl32.dll [2011.05.24 20:49:50 | 000,053,279 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.007 [2011.05.24 20:49:49 | 001,039,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msjet35.dll [2011.05.24 20:49:49 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.005 [2011.05.24 20:49:49 | 000,045,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msjint35.dll [2011.05.24 20:49:49 | 000,024,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msjter35.dll [2011.05.24 20:49:49 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.004 [2011.05.24 20:49:48 | 001,355,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVBVM50.dll [2011.05.24 20:49:48 | 000,492,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.001 [2011.05.24 20:49:48 | 000,118,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.003 [2011.05.24 20:49:48 | 000,114,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.002 [2011.05.24 20:49:48 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.000 [2011.05.24 20:49:48 | 000,000,000 | ---D | C] -- C:\Programme\SQL-Learning Tool [2011.05.11 22:13:11 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Native Instruments [2011.05.11 22:06:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C2686527-0D57-4F0B-ADAB-EE203CA30FC6} [2011.05.11 21:59:26 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments [2011.05.11 21:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments [2011.05.09 23:27:48 | 000,000,000 | ---D | C] -- C:\Users\Gary\Documents\SelfMV [2011.05.08 17:35:39 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\ReFX.Nexus.2.Vocoder.Expansion.Pack-AiRISO_Marwal.de [2011.05.08 12:59:23 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Plasmoo [2008.11.03 04:43:05 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Gary\AppData\Local\CDRip.dll [2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Gary\AppData\Local\No23 Recorder.exe [2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Gary\AppData\Local\basscd.dll [2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Gary\AppData\Local\bass.dll ========== Files - Modified Within 30 Days ========== [2011.06.04 14:21:43 | 002,690,681 | ---- | M] () -- C:\Users\Gary\Desktop\04-06-2011 weiter!.mp3 [2011.06.04 14:11:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.04 14:11:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.04 13:17:26 | 002,432,591 | ---- | M] () -- C:\Users\Gary\Desktop\untitled.mp3 [2011.06.04 12:19:06 | 000,606,105 | ---- | M] () -- C:\Users\Gary\Desktop\unhide.exe [2011.06.04 10:19:09 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.06.04 10:19:08 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.06.04 10:19:08 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.06.04 10:19:08 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.06.04 10:12:19 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2011.06.04 10:11:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.04 10:10:21 | 2649,079,808 | -HS- | M] () -- C:\hiberfil.sys [2011.06.03 02:38:28 | 000,001,356 | ---- | M] () -- C:\Users\Gary\AppData\Local\d3d9caps.dat [2011.06.02 16:20:23 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.02 13:00:36 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.06.01 08:00:02 | 000,140,800 | ---- | M] () -- C:\Users\Gary\AppData\Roaming\lll.virus [2011.05.31 06:48:46 | 002,239,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.05.30 21:42:35 | 000,016,896 | ---- | M] () -- C:\Users\Gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.29 23:23:10 | 002,702,175 | ---- | M] () -- C:\Users\Gary\Desktop\29-05-2011 weiter.mp3 [2011.05.29 21:52:01 | 003,734,534 | ---- | M] () -- C:\Users\Gary\Desktop\27-05-2011 weiter!!.mp3 [2011.05.29 20:54:34 | 007,080,064 | ---- | M] () -- C:\Users\Gary\Desktop\Parov Stelar - Catgroove (TSC - Forsythe)‏.mp3 [2011.05.29 16:03:22 | 003,902,762 | ---- | M] () -- C:\Users\Gary\Desktop\29-05-2011 weiter!.mp3 [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.25 23:04:00 | 000,126,808 | ---- | M] () -- C:\Users\Gary\Desktop\Produce_7.wmv [2011.05.25 23:01:46 | 000,071,082 | ---- | M] () -- C:\Users\Gary\Documents\pivot 1.pds [2011.05.25 22:32:37 | 000,056,642 | ---- | M] () -- C:\Users\Gary\Desktop\(=.gif [2011.05.25 22:09:32 | 000,000,623 | ---- | M] () -- C:\Users\Public\Desktop\Pivot Stickfigure Animator.lnk [2011.05.25 21:14:09 | 003,122,224 | ---- | M] () -- C:\Users\Gary\Desktop\fdk.mp3 [2011.05.25 17:15:44 | 009,486,728 | ---- | M] () -- C:\Users\Gary\Documents\Produce_6.wmv [2011.05.24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2011.05.23 23:44:17 | 001,760,722 | ---- | M] () -- C:\Users\Gary\Desktop\darkwing.mp3 [2011.05.23 23:09:26 | 004,780,477 | ---- | M] () -- C:\Users\Gary\Desktop\Aladdin-One Jump Ahead.mp3 [2011.05.23 22:53:17 | 007,868,149 | ---- | M] () -- C:\Users\Gary\Desktop\This is Halloween.mp3 [2011.05.23 21:22:36 | 004,116,967 | ---- | M] () -- C:\Users\Gary\Desktop\23-05-2011 weiter 140 bpm !! nice.mp3 [2011.05.23 16:45:27 | 003,312,395 | ---- | M] () -- C:\Users\Gary\Desktop\23-05-2011 weiter!.mp3 [2011.05.19 21:53:21 | 061,711,190 | ---- | M] () -- C:\Users\Gary\Documents\Produce_5.wmv [2011.05.18 22:37:51 | 010,431,260 | ---- | M] () -- C:\Users\Gary\Desktop\Anthro - Get Ready [Sample].mp3 [2011.05.18 01:20:48 | 004,480,566 | ---- | M] () -- C:\Users\Gary\Desktop\18-05-2011 weiter!.mp3 [2011.05.14 20:55:27 | 001,752,362 | ---- | M] () -- C:\Users\Gary\Desktop\14-05-2011 weiter!.mp3 [2011.05.14 16:42:11 | 008,773,032 | ---- | M] () -- C:\Users\Gary\Desktop\14-05-2011 weiter!!!.mp3 [2011.05.13 14:10:27 | 003,700,052 | ---- | M] () -- C:\Users\Gary\Desktop\13-05-2011 weiter!.mp3 [2011.05.12 01:53:50 | 003,714,656 | ---- | M] () -- C:\Users\Gary\Desktop\11-05-2011 weiter!.mp3 [2011.05.10 22:24:09 | 009,811,636 | ---- | M] () -- C:\Users\Gary\Desktop\Eins Zwei Polizei (Remix by Anthro).mp3 [2011.05.09 03:48:30 | 002,786,578 | ---- | M] () -- C:\Users\Gary\Desktop\08-05-2011 weiter!!!.mp3 [2011.05.09 03:34:57 | 004,997,791 | ---- | M] () -- C:\Users\Gary\Desktop\Trick and Treat.mp3 [2011.05.08 13:06:34 | 003,936,384 | ---- | M] () -- C:\Users\Gary\Desktop\Fred vom Jupiter (neue Deutsche Welle).mp3 [2011.05.07 15:01:24 | 002,721,610 | ---- | M] () -- C:\Users\Gary\Desktop\07-05-2011.mp3 ========== Files Created - No Company Name ========== [2011.06.04 14:06:16 | 002,690,681 | ---- | C] () -- C:\Users\Gary\Desktop\04-06-2011 weiter!.mp3 [2011.06.04 13:16:19 | 002,432,591 | ---- | C] () -- C:\Users\Gary\Desktop\untitled.mp3 [2011.06.04 12:19:04 | 000,606,105 | ---- | C] () -- C:\Users\Gary\Desktop\unhide.exe [2011.06.03 12:55:30 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.06.03 12:55:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.06.03 12:55:25 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex [2011.06.03 12:46:59 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011.06.03 12:46:59 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011.06.03 12:46:59 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011.06.02 16:20:23 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.01 08:00:02 | 000,140,800 | ---- | C] () -- C:\Users\Gary\AppData\Roaming\lll.virus [2011.05.30 23:12:40 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf [2011.05.29 23:05:55 | 002,702,175 | ---- | C] () -- C:\Users\Gary\Desktop\29-05-2011 weiter.mp3 [2011.05.29 20:53:05 | 007,080,064 | ---- | C] () -- C:\Users\Gary\Desktop\Parov Stelar - Catgroove (TSC - Forsythe)‏.mp3 [2011.05.29 16:02:05 | 003,902,762 | ---- | C] () -- C:\Users\Gary\Desktop\29-05-2011 weiter!.mp3 [2011.05.27 18:28:05 | 003,734,534 | ---- | C] () -- C:\Users\Gary\Desktop\27-05-2011 weiter!!.mp3 [2011.05.26 20:54:47 | 000,836,608 | ---- | C] () -- C:\Users\Gary\Desktop\pivot.exe [2011.05.25 23:03:54 | 000,126,808 | ---- | C] () -- C:\Users\Gary\Desktop\Produce_7.wmv [2011.05.25 23:01:44 | 000,071,082 | ---- | C] () -- C:\Users\Gary\Documents\pivot 1.pds [2011.05.25 22:12:47 | 000,056,642 | ---- | C] () -- C:\Users\Gary\Desktop\(=.gif [2011.05.25 22:09:32 | 000,000,623 | ---- | C] () -- C:\Users\Public\Desktop\Pivot Stickfigure Animator.lnk [2011.05.25 21:12:57 | 003,122,224 | ---- | C] () -- C:\Users\Gary\Desktop\fdk.mp3 [2011.05.25 16:48:18 | 009,486,728 | ---- | C] () -- C:\Users\Gary\Documents\Produce_6.wmv [2011.05.23 23:36:45 | 001,760,722 | ---- | C] () -- C:\Users\Gary\Desktop\darkwing.mp3 [2011.05.23 22:50:08 | 007,868,149 | ---- | C] () -- C:\Users\Gary\Desktop\This is Halloween.mp3 [2011.05.23 22:18:32 | 004,780,477 | ---- | C] () -- C:\Users\Gary\Desktop\Aladdin-One Jump Ahead.mp3 [2011.05.23 21:11:11 | 004,116,967 | ---- | C] () -- C:\Users\Gary\Desktop\23-05-2011 weiter 140 bpm !! nice.mp3 [2011.05.23 16:00:40 | 003,312,395 | ---- | C] () -- C:\Users\Gary\Desktop\23-05-2011 weiter!.mp3 [2011.05.19 20:52:25 | 061,711,190 | ---- | C] () -- C:\Users\Gary\Documents\Produce_5.wmv [2011.05.18 01:06:52 | 004,480,566 | ---- | C] () -- C:\Users\Gary\Desktop\18-05-2011 weiter!.mp3 [2011.05.15 15:05:01 | 010,431,260 | ---- | C] () -- C:\Users\Gary\Desktop\Anthro - Get Ready [Sample].mp3 [2011.05.14 20:54:53 | 001,752,362 | ---- | C] () -- C:\Users\Gary\Desktop\14-05-2011 weiter!.mp3 [2011.05.14 15:36:32 | 008,773,032 | ---- | C] () -- C:\Users\Gary\Desktop\14-05-2011 weiter!!!.mp3 [2011.05.13 18:21:35 | 011,240,782 | ---- | C] () -- C:\Users\Gary\Desktop\03_vicious_delicious.mp3 [2011.05.13 13:54:43 | 003,700,052 | ---- | C] () -- C:\Users\Gary\Desktop\13-05-2011 weiter!.mp3 [2011.05.11 23:18:17 | 003,714,656 | ---- | C] () -- C:\Users\Gary\Desktop\11-05-2011 weiter!.mp3 [2011.05.10 22:02:02 | 009,811,636 | ---- | C] () -- C:\Users\Gary\Desktop\Eins Zwei Polizei (Remix by Anthro).mp3 [2011.05.08 23:36:00 | 004,997,791 | ---- | C] () -- C:\Users\Gary\Desktop\Trick and Treat.mp3 [2011.05.08 18:08:34 | 002,786,578 | ---- | C] () -- C:\Users\Gary\Desktop\08-05-2011 weiter!!!.mp3 [2011.05.08 13:05:51 | 003,936,384 | ---- | C] () -- C:\Users\Gary\Desktop\Fred vom Jupiter (neue Deutsche Welle).mp3 [2011.05.07 14:59:46 | 002,721,610 | ---- | C] () -- C:\Users\Gary\Desktop\07-05-2011.mp3 [2011.04.29 15:05:57 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2011.04.06 01:30:44 | 000,000,905 | ---- | C] () -- C:\Windows\asfbinwin.INI [2011.04.02 11:48:27 | 000,019,049 | ---- | C] () -- C:\Windows\DIIUnin.dat [2011.03.02 20:10:27 | 000,098,344 | ---- | C] () -- C:\Windows\unTMV.exe [2011.02.06 10:42:03 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2011.01.29 18:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.01.29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.01.29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.01.29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.01.29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.01.27 22:40:39 | 000,000,132 | ---- | C] () -- C:\Users\Gary\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.01.19 16:04:22 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.01.19 16:04:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.01.19 16:04:22 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.01.19 16:04:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.01.19 16:04:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.01.07 21:21:52 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.01.07 21:21:51 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.01.06 14:44:29 | 004,874,240 | ---- | C] () -- C:\Windows\System32\DSE2_DFT.dll [2010.12.21 12:21:31 | 000,000,041 | ---- | C] () -- C:\Windows\budsaver.dat [2010.11.20 13:18:08 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat [2010.11.16 15:55:30 | 000,146,944 | ---- | C] () -- C:\Windows\ventilator.exe [2010.11.09 20:28:40 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.11.09 20:28:40 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.10.31 11:23:41 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2010.10.31 11:23:41 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2010.10.31 11:23:41 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2010.10.07 13:26:04 | 000,000,376 | ---- | C] () -- C:\Windows\wininit.ini [2010.10.06 18:04:58 | 000,001,469 | ---- | C] () -- C:\Users\Gary\AppData\Local\RecConfig.xml [2010.07.08 16:28:36 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2010.06.25 08:25:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.05.28 01:02:19 | 000,016,896 | ---- | C] () -- C:\Users\Gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.27 18:11:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.05.27 18:08:40 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2010.05.27 18:02:19 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2010.05.27 18:02:19 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2010.05.27 18:02:19 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2010.05.27 17:44:11 | 000,001,356 | ---- | C] () -- C:\Users\Gary\AppData\Local\d3d9caps.dat [2008.11.03 04:41:51 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.11.03 04:41:42 | 000,014,640 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2008.11.03 04:41:37 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.11.03 04:41:36 | 000,174,820 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.11.03 04:41:36 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.11.03 04:41:36 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008.11.02 21:10:14 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.11.02 21:10:14 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.11.02 20:44:35 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.11.02 20:33:23 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2008.11.02 20:33:23 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2008.11.02 20:33:23 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2008.11.02 20:33:23 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.06.27 17:13:51 | 000,516,096 | ---- | C] () -- C:\Windows\System32\RegisterDialog.dll [2007.01.26 08:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 002,239,344 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2011.04.29 15:08:32 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\.minecraft [2008.11.02 21:07:45 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Acer GameZone Console [2011.05.04 00:10:05 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Apowersoft [2010.07.08 16:29:58 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Canneverbe Limited [2011.02.05 17:49:58 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Crtnew [2010.07.07 12:50:24 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\DAEMON Tools Lite [2011.03.24 21:48:20 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.08 20:23:41 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Flood Light Games [2011.01.08 00:10:22 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\FloodLightGames [2011.05.30 01:31:23 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\FreeVideoConverter [2011.06.02 14:08:47 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\FrostWire [2011.01.07 22:28:37 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Games [2011.05.30 01:31:23 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\gtk-2.0 [2011.06.02 17:57:13 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\ICQ [2010.12.15 17:47:58 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\IMVU [2011.05.30 01:31:25 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\IMVUClient [2010.12.25 15:15:51 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\KORG [2011.01.04 14:22:22 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Meine Der Herr der Ringeâ„¢, Aufstieg des Hexenkönigsâ„¢-Dateien [2011.05.30 01:31:25 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien [2011.01.17 03:21:50 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Qupyb [2011.05.04 00:59:05 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Replay Media Catcher 4 [2010.11.09 20:26:35 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Samsung [2011.03.02 20:11:47 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\SoftMaker [2011.06.02 14:01:23 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Thinstall [2010.10.05 00:57:59 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\TrueCrypt [2010.06.17 13:35:09 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\TS3Client [2010.12.15 17:22:28 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Vivox [2011.01.08 00:03:27 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Zawiz [2011.06.04 03:02:38 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Ich hoffe ihr könnt mir helfen, ich weiß leider keinen Rat mehr. Gruß, Anthro |
05.06.2011, 16:56 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery + TrojanerZitat:
Bitte poste alle Log von Malwarebytes, die im Reiter Logdateien zu sehen sind. Auch die ohne Funde.
__________________ |
Themen zu Windows Recovery + Trojaner |
antivir, autorun, avira, bho, bonjour, cdburnerxp, converter, error, firefox, google, helper, hijack, hijackthis, home, mbamservice.exe, mozilla, mp3, nodrives, oldtimer, plug-in, popup, prozesse, realtek, registry, scan, sched.exe, searchplugins, server, software, sptd.sys, staropen, start menu, trick, trojane, trojaner, vista, windows, windows vista home, wlan. |