Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: wiederkehrender Trojaner unter C:\windows\Installer

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.07.2012, 22:27   #1
gadoi
 
wiederkehrender Trojaner unter C:\windows\Installer - Standard

wiederkehrender Trojaner unter C:\windows\Installer



Hallo

Auch mich hat es anscheinend mit einem Trojaner getroffen...eigentlich bin ich selber eher einer der googelt und die Lösung erarbeitet aber hier in dem Falle steht überall dass man einen eigenen Thread aufmachen soll mit dem OTL Log....also hier

Ich weiss dass der Trojaner im C:\Windows\Installer\{c88e03ac-72e2-1c3b-eba2-04460bebfd89} sitzt, aber entfernen kann ich ihn nicht.

Danke im voraus.

Gruss gadoi

Code:
ATTFilter
OTL logfile created on: 7/31/2012 10:21:46 PM - Run 2
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\ray\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
15.98 Gb Total Physical Memory | 13.23 Gb Available Physical Memory | 82.77% Memory free
31.96 Gb Paging File | 28.88 Gb Available in Paging File | 90.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 101.54 Gb Total Space | 33.86 Gb Free Space | 33.35% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1097.59 Gb Free Space | 58.91% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 6.88 Gb Free Space | 0.74% Space Free | Partition Type: NTFS
Drive K: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: RAYMASCHINE | User Name: ray | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\ray\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe (ROCCAT GmbH)
PRC - C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe ()
PRC - C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe (Realtime Soft Ltd)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()
MOD - C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PanService) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe (Pandora.TV)
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (UsbClientService) -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys (NVIDIA Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (busenum) -- C:\Windows\SysNative\drivers\busenum.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (UltraMonUtility) -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys (Realtime Soft Ltd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 8A D8 9C A3 6D CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ca526f8b-9e0a-4756-9077-19d6f3e64ea8}:2011.3.22.01
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {af4b964d-1551-e684-eeb6-065e141db643}:4.6.7.3
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/31 21:20:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/28 12:26:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/15 16:13:10 | 000,000,000 | ---D | M]
 
[2012/03/29 21:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ray\AppData\Roaming\mozilla\Extensions
[2012/07/31 00:59:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ray\AppData\Roaming\mozilla\Firefox\Profiles\r0b9qb3y.default\extensions
[2012/06/28 17:57:10 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\ray\AppData\Roaming\mozilla\Firefox\Profiles\r0b9qb3y.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012/03/30 20:18:59 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\ray\AppData\Roaming\mozilla\Firefox\Profiles\r0b9qb3y.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2012/03/30 20:18:59 | 000,000,000 | ---D | M] (TabGroups Manager) -- C:\Users\ray\AppData\Roaming\mozilla\Firefox\Profiles\r0b9qb3y.default\extensions\{ca526f8b-9e0a-4756-9077-19d6f3e64ea8}
[2012/03/30 20:18:57 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\ray\AppData\Roaming\mozilla\Firefox\Profiles\r0b9qb3y.default\extensions\2020Player@2020Technologies.com
[2010/04/30 18:57:49 | 000,000,679 | ---- | M] () -- C:\Users\ray\AppData\Roaming\Mozilla\Firefox\Profiles\r0b9qb3y.default\searchplugins\tokyo-toshokan.xml
[2012/03/30 20:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/07/26 00:52:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/31 21:20:22 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/07/28 12:26:06 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/13 20:00:48 | 000,170,592 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012/03/13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [whlsdc] rundll32.exe ",PszEscapeMenuStringA File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [XSECVA] -s File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [XSECVA] -s File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = C:\Users\ray\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment)
O4 - Startup: C:\Users\ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{065DEA7E-E1CE-4A5C-9440-C6E98C6FF56C}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: calcdiag - (C:\Windows\system32\msdtHost.dll) -  File not found
O36 - AppCertDlls: findshta - (C:\Windows\system32\msdtHost64.dll) -  File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/07/31 21:48:14 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\ray\Desktop\OTL.exe
[2012/07/31 21:45:52 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Roaming\Malwarebytes
[2012/07/31 21:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/31 21:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/31 21:45:44 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/31 21:45:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/31 21:45:23 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\ray\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/31 21:20:27 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/31 21:20:27 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/31 21:20:27 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/07/31 21:20:27 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/31 21:20:27 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/31 21:20:27 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/07/31 21:20:27 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/31 21:20:27 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\Google
[2012/07/31 21:20:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/07/31 21:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/07/31 21:20:18 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/31 21:20:17 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/07/31 21:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/07/31 21:20:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/07/31 17:38:48 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{5E541A34-7E48-4BDB-9CD3-4F6A41137E5E}
[2012/07/31 17:38:38 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{CFF93A4B-7C62-4A35-B4B0-C05E9BF398DE}
[2012/07/30 17:50:21 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{554C462F-9E5B-42DC-B116-B76470B6F8AC}
[2012/07/30 17:50:11 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{81E60A44-C30C-472B-9F50-DA974D5725F5}
[2012/07/29 22:48:56 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Roaming\xsecva
[2012/07/29 13:47:04 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{DF83FB39-73D9-437E-92FF-6C795A0D4B19}
[2012/07/29 13:46:53 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{E351DBB0-FA02-4E97-96E0-F6F20A7C3301}
[2012/07/29 01:39:54 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{A022DDE0-8D80-46FD-B5FA-49FCA3C28133}
[2012/07/29 01:39:43 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{75077A22-041B-4882-A002-40C904CDFBC9}
[2012/07/28 13:39:27 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{7EA0F432-EF1B-45E6-B35D-D2BDB3F42EBC}
[2012/07/28 13:39:16 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{D8B570A0-3A82-4F96-B994-5C2E983B2B8C}
[2012/07/28 01:38:48 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{9BD0426C-EFBB-4C6C-BF97-E296C74E5ABC}
[2012/07/28 01:38:36 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{DFBEF640-21B0-4710-8EF8-7AD4203553AD}
[2012/07/27 13:38:21 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{C1664C18-2466-498E-87D3-842E0FF58B8E}
[2012/07/27 13:38:10 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{2EAF3C19-DF5A-4674-B673-233FEB47A94E}
[2012/07/26 16:51:55 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{5A162E90-D136-4851-91E8-67A1F47EA2AB}
[2012/07/26 16:51:44 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{4C93E3D0-0F37-487A-8505-166A793D1456}
[2012/07/26 00:52:37 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{BC47583D-E13A-48B8-AABE-207E011F452F}
[2012/07/26 00:52:26 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{80D88613-94EF-4A89-82EC-585F7B507061}
[2012/07/14 01:43:55 | 000,000,000 | ---D | C] -- C:\Users\ray\Desktop\Sean Paul - Tomahawk Technique (2012)
[2012/07/14 01:41:08 | 000,000,000 | ---D | C] -- C:\Users\ray\Desktop\Bikini Girls
[2012/07/14 00:43:53 | 000,000,000 | ---D | C] -- C:\Dancing
[2012/07/14 00:37:10 | 000,000,000 | ---D | C] -- C:\erien
[2012/07/13 18:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012/07/13 17:08:28 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{47775A81-C838-4136-8ADF-202AD2B92EFB}
[2012/07/13 17:08:17 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{56934596-1C4E-4E66-ADA6-788F8BE6BC5E}
[2012/07/12 17:46:45 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{3B37DEC7-52FC-4A51-A133-2F2994A7A19E}
[2012/07/12 17:46:34 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{75A8B6F0-7C2D-4ECB-89D0-B580388C361E}
[2012/07/12 01:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\99058D9B0000328E013E20EEB4EB2331
[2012/07/12 01:55:33 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Roaming\hellomoto
[2012/07/11 19:07:43 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{510D26E7-9F25-4506-A4C5-E3B1FC73A288}
[2012/07/11 19:07:32 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{C074BDED-FC81-4D35-B906-0CFCFC7ECBD8}
[2012/07/10 20:06:03 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\PDF24
[2012/07/10 20:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012/07/10 20:05:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2012/07/10 20:04:35 | 010,474,216 | ---- | C] (Geek Software GmbH                                          ) -- C:\Users\ray\Desktop\pdf24-creator.exe
[2012/07/10 18:27:27 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{33FE8846-B592-40DF-9F2F-E9E57D25037B}
[2012/07/10 18:27:17 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{DABF25D8-749D-480C-8AE8-567FE3A29063}
[2012/07/09 23:45:05 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{566068D3-BE48-459C-907B-D3A2074182E3}
[2012/07/09 11:44:39 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{8BB35855-E4C5-4B76-B0B8-98815CEB8E40}
[2012/07/09 11:44:28 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{07D6A0CF-C2EC-47F3-AA29-69E5D5B416B3}
[2012/07/08 23:43:59 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{A92EE11A-D1D1-4470-BE27-6585D9515414}
[2012/07/08 11:43:32 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{002F6F07-5096-4461-993F-8827222C09BF}
[2012/07/08 11:43:21 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{3300EEEA-005E-4484-B9AD-C3D19E217709}
[2012/07/07 20:20:52 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{CB5D3B39-3E34-4321-AB88-E0FFCF6AF60F}
[2012/07/07 08:20:25 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{D4F4A122-0637-443D-B970-24959E4F49E7}
[2012/07/07 08:19:57 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{32061C5A-1B48-4B06-9E70-889C09D38962}
[2012/07/06 18:53:26 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{20E74E9E-F639-4147-A165-06506615A8B8}
[2012/07/06 18:53:15 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{DF79B7C7-4FE8-4ED7-9C2D-1AE233E80EEA}
[2012/07/05 18:38:03 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{D7575626-A857-4AEE-B8B8-66368421371D}
[2012/07/05 18:37:50 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{38FCBAF8-5661-41AC-9FE8-D12C22B95663}
[2012/07/04 21:55:56 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\Chromium
[2012/07/04 21:47:59 | 000,000,000 | ---D | C] -- C:\Users\ray\Documents\My Games
[2012/07/04 21:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2012/07/04 17:49:01 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{9829926B-F107-46A0-A7FB-9A8AE431B7B4}
[2012/07/04 17:48:50 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{258DAB6D-B4D1-4EF5-8FDD-228B7DFF560A}
[2012/07/03 18:35:40 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{DAA5AE46-FC0A-47B6-8E4F-9EC18B440531}
[2012/07/03 18:35:31 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{0502C550-5A11-475D-9302-82097EA46CDF}
[2012/07/02 21:31:56 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{CDB199E4-7BB4-4E06-AD4A-96444BB63E6A}
[2012/07/02 09:31:29 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{FF4B3E73-77EC-4A65-8197-E618ADFDFBB8}
[2012/07/02 09:31:18 | 000,000,000 | ---D | C] -- C:\Users\ray\AppData\Local\{E8D915B6-40EE-439B-99A3-2B290EADC5A2}
 
========== Files - Modified Within 30 Days ==========
 
[2012/07/31 21:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/31 21:48:14 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\ray\Desktop\OTL.exe
[2012/07/31 21:45:52 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\ray\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/31 21:45:45 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/07/31 21:38:21 | 000,024,496 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 21:38:21 | 000,024,496 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 21:35:21 | 005,513,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/31 21:35:21 | 000,694,676 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/07/31 21:35:21 | 000,693,700 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/07/31 21:35:21 | 000,689,354 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/07/31 21:35:21 | 000,679,588 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2012/07/31 21:35:21 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/07/31 21:35:21 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/31 21:35:21 | 000,610,448 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2012/07/31 21:35:21 | 000,137,050 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/07/31 21:35:21 | 000,133,740 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2012/07/31 21:35:21 | 000,130,128 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/07/31 21:35:21 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/07/31 21:35:21 | 000,127,132 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/07/31 21:35:21 | 000,121,514 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2012/07/31 21:35:21 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/31 21:30:25 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/31 21:30:19 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/31 21:30:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/31 21:30:16 | 4279,328,766 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/31 21:20:27 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/31 21:20:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/31 20:33:24 | 089,340,632 | ---- | M] () -- C:\Users\ray\Desktop\avast_free_antivirus_setup.exe
[2012/07/27 00:52:05 | 000,087,488 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2012/07/27 00:52:05 | 000,080,800 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2012/07/27 00:52:05 | 000,034,720 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2012/07/14 01:43:25 | 104,656,466 | ---- | M] () -- C:\Users\ray\Desktop\www.NewAlbumReleases.net_Sean Paul - Tomahawk Technique (2012).rar
[2012/07/14 01:20:26 | 005,303,213 | ---- | M] () -- C:\Users\ray\Desktop\aiseeutepego.mp3
[2012/07/14 01:19:26 | 009,217,741 | ---- | M] () -- C:\Users\ray\Desktop\Remady+&+Manu-L+feat.+J-Son+-+Single+Ladies(www.keezdance.com).mp3
[2012/07/14 01:13:13 | 003,690,518 | ---- | M] () -- C:\Users\ray\Desktop\Flo Rida - Sugar.mp3
[2012/07/14 01:11:25 | 000,024,036 | ---- | M] () -- C:\Users\ray\Desktop\Flo+Rida+-+Sugar+(feat.+Wynter+Gordon).mp3
[2012/07/14 01:09:58 | 000,000,231 | ---- | M] () -- C:\Users\ray\Desktop\Flo Rida - Sugar (ft. Wynter).mp3
[2012/07/14 00:19:00 | 054,219,901 | ---- | M] () -- C:\Users\ray\Desktop\Bikini Girls.zip
[2012/07/13 18:07:47 | 000,001,037 | ---- | M] () -- C:\Users\ray\Desktop\KMPlayer.lnk
[2012/07/13 18:07:03 | 024,313,864 | ---- | M] () -- C:\Users\ray\Desktop\KMPlayer_EN_3.3.0.33.exe
[2012/07/12 02:03:28 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 22:41:32 | 002,506,820 | ---- | M] () -- C:\Users\ray\Desktop\bewerbungohneschreiben.pdf
[2012/07/11 22:41:32 | 002,506,820 | ---- | M] () -- C:\Users\ray\Desktop\Bewerbung_TSAR.pdf
[2012/07/11 22:40:09 | 002,515,092 | ---- | M] () -- C:\Users\ray\Desktop\bewerbungmitschreiben.pdf
[2012/07/11 22:40:09 | 002,515,092 | ---- | M] () -- C:\Users\ray\Desktop\Bewerbung_RTsan.pdf
[2012/07/11 21:42:00 | 002,633,561 | ---- | M] () -- C:\Users\ray\Desktop\IMG_0623.JPG
[2012/07/10 21:33:16 | 001,646,163 | ---- | M] () -- C:\Users\ray\Desktop\newdossier.pdf
[2012/07/10 20:23:09 | 001,646,092 | ---- | M] () -- C:\Users\ray\Desktop\dossier2.pdf
[2012/07/10 20:13:32 | 001,651,163 | ---- | M] () -- C:\Users\ray\Desktop\dossier_raymondtsan.pdf
[2012/07/10 20:10:07 | 000,259,306 | ---- | M] () -- C:\Users\ray\Desktop\systemadmin.pdf
[2012/07/10 20:09:51 | 000,269,974 | ---- | M] () -- C:\Users\ray\Desktop\windows7.pdf
[2012/07/10 20:09:39 | 000,289,354 | ---- | M] () -- C:\Users\ray\Desktop\ad.pdf
[2012/07/10 20:09:28 | 000,268,066 | ---- | M] () -- C:\Users\ray\Desktop\network.pdf
[2012/07/10 20:09:13 | 000,262,806 | ---- | M] () -- C:\Users\ray\Desktop\hyperv.pdf
[2012/07/10 20:08:59 | 000,276,630 | ---- | M] () -- C:\Users\ray\Desktop\scom.pdf
[2012/07/10 20:07:11 | 000,274,402 | ---- | M] () -- C:\Users\ray\Desktop\zeugnis.pdf
[2012/07/10 20:05:47 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012/07/10 20:05:47 | 000,001,855 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012/07/10 20:04:38 | 010,474,216 | ---- | M] (Geek Software GmbH                                          ) -- C:\Users\ray\Desktop\pdf24-creator.exe
[2012/07/08 12:17:06 | 000,884,363 | ---- | M] () -- C:\Users\ray\Desktop\AntiTwin.exe
[2012/07/08 00:15:25 | 000,055,527 | ---- | M] () -- C:\e267d8dd-c33f-4325-95f3-e7fe1fbafa44.dmp
[2012/07/07 01:07:36 | 000,101,051 | ---- | M] () -- C:\Users\ray\Desktop\tsar_lebenslauf.pdf
[2012/07/03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/07/03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/07/03 18:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012/07/31 21:45:45 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/07/31 21:20:29 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/31 21:20:29 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/31 21:20:27 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/31 21:20:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/07/31 20:32:39 | 089,340,632 | ---- | C] () -- C:\Users\ray\Desktop\avast_free_antivirus_setup.exe
[2012/07/14 01:20:26 | 005,303,213 | ---- | C] () -- C:\Users\ray\Desktop\aiseeutepego.mp3
[2012/07/14 01:19:26 | 009,217,741 | ---- | C] () -- C:\Users\ray\Desktop\Remady+&+Manu-L+feat.+J-Son+-+Single+Ladies(www.keezdance.com).mp3
[2012/07/14 01:14:33 | 104,656,466 | ---- | C] () -- C:\Users\ray\Desktop\www.NewAlbumReleases.net_Sean Paul - Tomahawk Technique (2012).rar
[2012/07/14 01:11:56 | 003,690,518 | ---- | C] () -- C:\Users\ray\Desktop\Flo Rida - Sugar.mp3
[2012/07/14 01:11:25 | 000,024,036 | ---- | C] () -- C:\Users\ray\Desktop\Flo+Rida+-+Sugar+(feat.+Wynter+Gordon).mp3
[2012/07/14 01:09:58 | 000,000,231 | ---- | C] () -- C:\Users\ray\Desktop\Flo Rida - Sugar (ft. Wynter).mp3
[2012/07/14 00:18:22 | 054,219,901 | ---- | C] () -- C:\Users\ray\Desktop\Bikini Girls.zip
[2012/07/13 18:06:50 | 024,313,864 | ---- | C] () -- C:\Users\ray\Desktop\KMPlayer_EN_3.3.0.33.exe
[2012/07/11 22:54:56 | 002,506,820 | ---- | C] () -- C:\Users\ray\Desktop\Bewerbung_TSAR.pdf
[2012/07/11 22:47:24 | 002,515,092 | ---- | C] () -- C:\Users\ray\Desktop\Bewerbung_RTsan.pdf
[2012/07/11 22:41:28 | 002,506,820 | ---- | C] () -- C:\Users\ray\Desktop\bewerbungohneschreiben.pdf
[2012/07/11 22:40:06 | 002,515,092 | ---- | C] () -- C:\Users\ray\Desktop\bewerbungmitschreiben.pdf
[2012/07/11 20:18:17 | 002,633,561 | ---- | C] () -- C:\Users\ray\Desktop\IMG_0623.JPG
[2012/07/10 21:33:13 | 001,646,163 | ---- | C] () -- C:\Users\ray\Desktop\newdossier.pdf
[2012/07/10 20:23:06 | 001,646,092 | ---- | C] () -- C:\Users\ray\Desktop\dossier2.pdf
[2012/07/10 20:13:29 | 001,651,163 | ---- | C] () -- C:\Users\ray\Desktop\dossier_raymondtsan.pdf
[2012/07/10 20:10:07 | 000,259,306 | ---- | C] () -- C:\Users\ray\Desktop\systemadmin.pdf
[2012/07/10 20:09:51 | 000,269,974 | ---- | C] () -- C:\Users\ray\Desktop\windows7.pdf
[2012/07/10 20:09:39 | 000,289,354 | ---- | C] () -- C:\Users\ray\Desktop\ad.pdf
[2012/07/10 20:09:28 | 000,268,066 | ---- | C] () -- C:\Users\ray\Desktop\network.pdf
[2012/07/10 20:09:13 | 000,262,806 | ---- | C] () -- C:\Users\ray\Desktop\hyperv.pdf
[2012/07/10 20:08:59 | 000,276,630 | ---- | C] () -- C:\Users\ray\Desktop\scom.pdf
[2012/07/10 20:07:11 | 000,274,402 | ---- | C] () -- C:\Users\ray\Desktop\zeugnis.pdf
[2012/07/10 20:05:47 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012/07/10 20:05:47 | 000,001,855 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012/07/08 12:17:04 | 000,884,363 | ---- | C] () -- C:\Users\ray\Desktop\AntiTwin.exe
[2012/07/08 00:15:25 | 000,055,527 | ---- | C] () -- C:\e267d8dd-c33f-4325-95f3-e7fe1fbafa44.dmp
[2012/07/07 01:07:35 | 000,101,051 | ---- | C] () -- C:\Users\ray\Desktop\tsar_lebenslauf.pdf
[2012/06/04 17:36:44 | 005,577,852 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/30 18:34:55 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{c88e03ac-72e2-1c3b-eba2-04460bebfd89}\@
[2012/03/30 18:34:55 | 000,002,048 | -HS- | C] () -- C:\Users\ray\AppData\Local\{c88e03ac-72e2-1c3b-eba2-04460bebfd89}\@
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/11/07 15:00:55 | 000,041,964 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/11/07 14:59:19 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/11/07 14:59:15 | 000,030,394 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== LOP Check ==========
 
[2012/07/12 01:55:39 | 000,000,000 | ---D | M] -- C:\Users\ray\AppData\Roaming\hellomoto
[2012/05/10 23:55:51 | 000,000,000 | ---D | M] -- C:\Users\ray\AppData\Roaming\ICAClient
[2012/03/29 20:05:04 | 000,000,000 | ---D | M] -- C:\Users\ray\AppData\Roaming\LolClient
[2012/05/24 18:18:40 | 000,000,000 | ---D | M] -- C:\Users\ray\AppData\Roaming\LolClient2
[2012/07/11 01:27:51 | 000,000,000 | ---D | M] -- C:\Users\ray\AppData\Roaming\SoftGrid Client
[2012/06/16 13:51:17 | 000,000,000 | ---D | M] -- C:\Users\ray\AppData\Roaming\TeamViewer
[2012/06/04 17:37:26 | 000,000,000 | ---D | M] -- C:\Users\ray\AppData\Roaming\TP
[2012/07/31 22:01:15 | 000,000,000 | ---D | M] -- C:\Users\ray\AppData\Roaming\uTorrent
[2012/07/31 19:40:43 | 000,000,000 | ---D | M] -- C:\Users\ray\AppData\Roaming\xsecva
[2012/07/04 03:00:33 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
so wie es aussieht hat auch hier im Experten Board keiner eine Lösung?

Alt 01.08.2012, 20:06   #2
markusg
/// Malware-holic
 
wiederkehrender Trojaner unter C:\windows\Installer - Standard

wiederkehrender Trojaner unter C:\windows\Installer



hi
wenn du onlinebanking machst, lasse es aufgrund von zero access befall sperren.
passwörter am ende endern
da man dieses rootkit nicht 100 %ig sicher entfernen kann:

der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________

__________________

Alt 01.08.2012, 21:37   #3
gadoi
 
wiederkehrender Trojaner unter C:\windows\Installer - Standard

wiederkehrender Trojaner unter C:\windows\Installer



ich mache kein online banking, was meinst du mit einem zero access rootkit? woher hast du das aus den logs erkannt? mittlerweile habe ich mir selbst geholfen und auf jeden fall erscheinen keine trojaner meldungen mehr vom avast...
__________________

Alt 01.08.2012, 23:00   #4
markusg
/// Malware-holic
 
wiederkehrender Trojaner unter C:\windows\Installer - Standard

wiederkehrender Trojaner unter C:\windows\Installer



du hast das gelöscht, was avast gefunden hatt
du traust also einem programm zu, die komplette malware zu entfernen, obwohl es die infektion zugelassen hatt.
die malware erkenne ich am pfad
formatierung ist weiterhin nötig
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu wiederkehrender Trojaner unter C:\windows\Installer
adobe flash player, antivirus, application/pdf:, avast, bho, bonjour, entfernen, explorer, firefox, flash player, format, helper, langs, logfile, malwarebytes, microsoft, monitor.exe, mozilla, nvidia, nvidia update, object, pandora.tv, realtek, registry, rundll, scan, software, synology, tracker, trojaner, windows, winlogon



Ähnliche Themen: wiederkehrender Trojaner unter C:\windows\Installer


  1. Wiederkehrender Trojaner nach DHL Mail + Spam Mails von meiner Emailaddy - Fremdgesteuert?
    Plagegeister aller Art und deren Bekämpfung - 17.06.2015 (25)
  2. Windows 8 | Trojaner in Windows Installer
    Alles rund um Windows - 09.03.2014 (21)
  3. TR/Sirefef.77312 in C:\Windows\Installer\ neuer Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 21.06.2013 (7)
  4. Hohe Arbeitsspeicherauslastung des Windows Installer (msiexec.exe) unter Win 8
    Log-Analyse und Auswertung - 18.11.2012 (1)
  5. Trojaner im C:\Windows\Installer
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (6)
  6. Trojaner und Malware in C:windows/installer...
    Log-Analyse und Auswertung - 03.09.2012 (1)
  7. Trojaner TR/ATRAPS.Gen2 in c:\windows\installer...
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (1)
  8. Trojaner im Windows Installer
    Log-Analyse und Auswertung - 30.07.2012 (1)
  9. Trojaner/Rootkit Befall: 00000008.@ in C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U
    Plagegeister aller Art und deren Bekämpfung - 24.07.2012 (6)
  10. Trojaner/Rootkit Befall: 00000008.@ in C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (7)
  11. Desktop.ini Trojaner + Trojaner unter windows\Installer
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (1)
  12. Trojaner TR/ATRAPS.Gen in C:/Windows/Installer/... - wer hilft mir bitte, ihn auszulöschen?
    Log-Analyse und Auswertung - 16.07.2012 (11)
  13. Trojaner-Befall (Sirefef.GA/GY/GZ, W64.ZAccess, Generic.7629199) in Windows\Installer
    Log-Analyse und Auswertung - 13.07.2012 (1)
  14. Rootkit.0Access und vier weitere Trojaner in C:\WINDOWS\Installer\...
    Log-Analyse und Auswertung - 04.07.2012 (19)
  15. Trojaner TR/Small.FI , TR/ATRAPAS.Gen2 und TR/Sirefe.AG.35 im verzeichniss C:\Windows\Installer\{
    Plagegeister aller Art und deren Bekämpfung - 27.06.2012 (21)
  16. Trojaner in C:\Windows\Installer...
    Log-Analyse und Auswertung - 12.06.2012 (5)
  17. Wiederkehrender Trojaner C:\WINDOWS\system32\tdlcmd.dll
    Plagegeister aller Art und deren Bekämpfung - 18.12.2009 (1)

Zum Thema wiederkehrender Trojaner unter C:\windows\Installer - Hallo Auch mich hat es anscheinend mit einem Trojaner getroffen...eigentlich bin ich selber eher einer der googelt und die Lösung erarbeitet aber hier in dem Falle steht überall dass man - wiederkehrender Trojaner unter C:\windows\Installer...
Archiv
Du betrachtest: wiederkehrender Trojaner unter C:\windows\Installer auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.