Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows Recovery + Trojaner

Windows Recovery + Trojaner


Log-Analyse und Auswertung: Windows Recovery + Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 04.06.2011, 15:00   #1
Anthro
 
Windows Recovery + Trojaner - Standard

Windows Recovery + Trojaner


Hallo!

Ich hatte vor ein paar Tagen probleme mit Windows Recovery.
Es müsste eigendlich gelöscht sein, Dateien sind auch wieder sichtbar etc.
Dank der unhide.exe, welche ich hier im Forum fand.

Allerdings gab es nun ein weiteres Problem..
Der Schöpfer des (anscheinend) Trojaners, welchen ich mir eingefangen habe, meinte meinen Mauszeiger steuern zu müssen und auf Systemsteuerung zu klicken.
(Ziemlich bescheuert, ich hätte es ansonsten doch garnicht gemerkt, dass ich diesen Trojaner auf meinem Laptop habe.) Denn HijackThis hat ausgespuckt, alle Prozesse wären sicher, Malwarebytes fand nichts mehr und TDSSKiller fand auch nichts.

Hier die OTL Logfiles:

Anhang 18511

Die OTL File war leider zu groß um sie als Anhang Hochzuladen...
Deshalb habe ich sie normal gepostet und mit blauer Schriftfarbe unterlegt.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.06.2011 15:42:47 - Run 3
Code:
ATTFilter
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Gary\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 8,48 Gb Free Space | 5,89% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 21,63 Gb Free Space | 15,40% Space Free | Partition Type: NTFS
 
Computer Name: WHATEVER | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[COLOR=blue]========== Processes (SafeList) ==========
 
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Users\Gary\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Users\Gary\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\MySQL\MySQL Server 5.5\bin\mysqld.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
PRC - C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
PRC - C:\Programme\Common Files\SPBA\upeksvr.exe (UPEK Inc.)
PRC - c:\Programme\Common Files\Mcafee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Gary\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (MySQL) -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe ()
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe ()
SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (McNASvc) -- c:\Programme\Common Files\Mcafee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) -- C:\Windows\System32\drivers\ssceserd.sys (MCCI Corporation)
DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (appliandMP) -- C:\Windows\System32\drivers\appliand.sys (Applian Technologies Inc.)
DRV - (appliand) -- C:\Windows\System32\drivers\appliand.sys (Applian Technologies Inc.)
DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation)
DRV - (KORGUMDS) -- C:\Windows\System32\drivers\KORGUMDS.SYS (KORG INC.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (TPkd) -- C:\Windows\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ISODrive) -- C:\Programme\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.)
DRV - (ahcix86s) -- C:\Windows\system32\DRIVERS\ahcix86s.sys (AMD Technologies Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (anf0100.sys) -- C:\Windows\System32\drivers\anf0100.sys (Netmarketing Pawel Wisniewski)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - (EverestDriver) -- C:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0510&m=aspire_6530g
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=GRfox000&ptb=3UCC9T1IeBGiVweK6SUqKw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: video.downloader.plugin@ffpimp.com:3.3.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.04 15:08:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.04 15:08:02 | 000,000,000 | ---D | M]
 
[2010.12.15 17:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary\AppData\Roaming\mozilla\Extensions
[2010.12.15 17:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2011.06.03 19:14:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary\AppData\Roaming\mozilla\Firefox\Profiles\r00jl7tk.default\extensions
[2011.06.03 18:44:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gary\AppData\Roaming\mozilla\Firefox\Profiles\r00jl7tk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.30 01:31:31 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Gary\AppData\Roaming\mozilla\Firefox\Profiles\r00jl7tk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.05.30 01:31:32 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Gary\AppData\Roaming\mozilla\Firefox\Profiles\r00jl7tk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.05.30 01:31:32 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Gary\AppData\Roaming\mozilla\Firefox\Profiles\r00jl7tk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.30 01:31:32 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Gary\AppData\Roaming\mozilla\Firefox\Profiles\r00jl7tk.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2011.05.30 01:31:32 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Gary\AppData\Roaming\mozilla\Firefox\Profiles\r00jl7tk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.05.30 01:31:28 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Gary\AppData\Roaming\mozilla\Firefox\Profiles\r00jl7tk.default\extensions\firebug@software.joehewitt.com
[2011.05.30 01:31:31 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\Gary\AppData\Roaming\mozilla\Firefox\Profiles\r00jl7tk.default\extensions\video.downloader.plugin@ffpimp.com
[2010.12.06 17:25:50 | 000,000,873 | ---- | M] () -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\r00jl7tk.default\searchplugins\conduit.xml
[2011.05.28 20:07:58 | 000,001,056 | ---- | M] () -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\r00jl7tk.default\searchplugins\icqplugin.xml
[2010.11.02 23:34:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.03 15:20:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.10 18:18:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.06.04 15:07:54 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.06.04 15:07:54 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.06.04 15:07:54 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.06.04 15:07:54 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.06.04 15:07:54 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.01.19 16:31:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Gary\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gary\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O20 - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Gary\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gary\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.03 12:55:30 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2011.06.03 12:55:29 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2011.06.03 12:55:28 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2011.06.03 12:55:27 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2011.06.03 12:55:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011.06.03 12:55:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2011.06.03 12:55:27 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2011.06.03 12:55:27 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2011.06.03 12:55:26 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2011.06.03 12:55:26 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2011.06.03 12:55:25 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2011.06.03 12:55:25 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2011.06.03 12:55:25 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2011.06.03 12:55:25 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2011.06.03 12:55:24 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2011.06.03 12:55:24 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2011.06.03 12:55:24 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011.06.03 12:55:24 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2011.06.03 12:55:23 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2011.06.03 12:55:22 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011.06.03 12:55:22 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011.06.03 12:55:22 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011.06.03 12:55:22 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011.06.03 12:55:22 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011.06.03 12:50:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.06.03 12:47:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011.06.03 12:47:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011.06.03 12:47:17 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011.06.03 12:47:17 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011.06.03 12:47:15 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011.06.03 12:47:15 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011.06.03 12:47:10 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011.06.03 12:47:10 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011.06.03 12:47:10 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011.06.03 12:47:10 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011.06.03 12:47:09 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011.06.03 12:46:57 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011.06.03 12:46:57 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011.06.03 12:46:56 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011.06.03 12:46:56 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011.06.03 12:46:56 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011.06.02 16:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011.06.02 16:20:44 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Malwarebytes
[2011.06.02 16:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.02 16:20:22 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.02 16:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.02 16:20:16 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.06.02 16:20:15 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.06.02 15:42:43 | 000,000,000 | ---D | C] -- C:\Benutzer
[2011.06.02 15:41:34 | 000,000,000 | ---D | C] -- C:\User
[2011.06.02 15:16:11 | 001,553,408 | ---- | C] (Image-Line) -- C:\Windows\System32\FLEngine.dll
[2011.06.02 14:01:23 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Thinstall
[2011.06.02 13:00:36 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.31 22:52:34 | 000,000,000 | ---D | C] -- C:\Casino
[2011.05.31 21:50:06 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2011.05.31 00:13:30 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2011.05.30 23:34:35 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2011.05.30 23:34:33 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2011.05.30 23:34:32 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011.05.30 23:34:32 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2011.05.30 23:34:31 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2011.05.30 23:34:27 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2011.05.30 23:21:39 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011.05.30 23:21:31 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011.05.30 23:18:35 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2011.05.30 23:18:29 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2011.05.30 23:17:27 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0
[2011.05.30 23:15:16 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011.05.30 23:15:00 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2011.05.30 23:14:59 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2011.05.30 23:14:59 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2011.05.30 23:14:59 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2011.05.30 23:14:58 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2011.05.30 23:14:58 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2011.05.30 23:14:58 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2011.05.30 23:14:18 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.05.30 23:14:17 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.05.30 23:12:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011.05.30 23:12:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2011.05.30 23:12:46 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011.05.30 23:12:44 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2011.05.30 23:12:44 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2011.05.30 23:12:38 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2011.05.30 23:12:38 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2011.05.30 23:12:37 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2011.05.30 23:11:52 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2011.05.30 23:11:43 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2011.05.30 23:11:38 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2011.05.30 23:11:17 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011.05.30 23:10:10 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011.05.30 23:10:09 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2011.05.30 23:10:09 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011.05.30 23:10:09 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2011.05.30 23:10:09 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2011.05.30 23:10:09 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011.05.30 23:10:09 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2011.05.30 23:09:51 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011.05.30 23:09:24 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011.05.30 23:09:22 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.05.30 23:09:10 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2011.05.30 23:09:08 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.05.30 23:09:07 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011.05.30 23:09:07 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.05.30 23:09:07 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2011.05.30 23:09:02 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.05.30 23:08:56 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.05.30 23:08:55 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.05.30 23:08:55 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.05.30 23:08:54 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.05.30 23:08:54 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.05.30 23:08:53 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.05.30 23:08:53 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.05.30 23:08:53 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.05.30 23:08:53 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.05.30 23:08:53 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.05.30 23:08:52 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.05.30 23:08:42 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2011.05.30 23:08:42 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2011.05.30 23:08:37 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011.05.30 23:08:37 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011.05.30 23:08:30 | 001,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2011.05.30 23:08:14 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2011.05.30 23:08:08 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011.05.30 23:08:07 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011.05.30 23:07:58 | 002,041,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.05.30 23:07:55 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.05.30 23:07:55 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.05.30 23:07:53 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.05.30 23:07:52 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.05.30 23:07:45 | 000,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2011.05.30 23:07:42 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.05.30 23:07:42 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.05.30 23:07:41 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.05.30 23:07:41 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011.05.30 23:07:37 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011.05.30 23:07:37 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011.05.30 23:07:36 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011.05.30 23:07:01 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.05.30 23:06:44 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2011.05.30 23:06:24 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011.05.30 23:06:17 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.05.30 23:06:01 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2011.05.30 23:06:01 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2011.05.30 23:06:01 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011.05.30 23:05:59 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2011.05.30 23:05:54 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2011.05.30 23:05:54 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2011.05.30 23:05:52 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011.05.30 23:05:47 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2011.05.30 23:05:47 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011.05.30 23:05:47 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011.05.30 23:05:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2011.05.30 23:05:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.05.30 23:04:59 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011.05.30 23:04:56 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.05.30 23:04:51 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011.05.30 23:04:48 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2011.05.30 23:04:48 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2011.05.30 23:04:45 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2011.05.30 23:04:45 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.05.30 23:04:43 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2011.05.30 23:04:38 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011.05.30 23:04:35 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011.05.30 23:04:32 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011.05.30 23:02:43 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2011.05.30 22:19:35 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2011.05.30 22:19:34 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2011.05.30 22:19:01 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2011.05.30 22:19:01 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2011.05.30 22:19:01 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2011.05.30 22:18:53 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2011.05.30 22:18:53 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011.05.26 20:47:50 | 000,000,000 | ---D | C] -- C:\Programme\Pivot Stickfigure Animator
[2011.05.26 16:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2011.05.26 16:55:19 | 000,000,000 | ---D | C] -- C:\Programme\WinPcap
[2011.05.26 16:55:11 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain
[2011.05.26 16:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
[2011.05.26 16:55:08 | 000,000,000 | ---D | C] -- C:\Programme\Cain
[2011.05.25 23:28:04 | 000,000,000 | ---D | C] -- C:\Users\Gary\Documents\Sticks
[2011.05.25 22:39:04 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Untitled
[2011.05.25 22:09:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pivot Stickfigure Animator
[2011.05.24 22:37:57 | 000,000,000 | ---D | C] -- C:\Programme\InterLok
[2011.05.24 20:49:51 | 000,520,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DBGrid32.ocx
[2011.05.24 20:49:51 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mr.Big App's
[2011.05.24 20:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr.Big App's
[2011.05.24 20:49:50 | 001,028,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.009
[2011.05.24 20:49:50 | 000,403,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msrepl35.dll
[2011.05.24 20:49:50 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.008
[2011.05.24 20:49:50 | 000,278,559 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.006
[2011.05.24 20:49:50 | 000,251,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msrd2x35.dll
[2011.05.24 20:49:50 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Odbctl32.dll
[2011.05.24 20:49:50 | 000,053,279 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.007
[2011.05.24 20:49:49 | 001,039,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msjet35.dll
[2011.05.24 20:49:49 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.005
[2011.05.24 20:49:49 | 000,045,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msjint35.dll
[2011.05.24 20:49:49 | 000,024,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msjter35.dll
[2011.05.24 20:49:49 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.004
[2011.05.24 20:49:48 | 001,355,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVBVM50.dll
[2011.05.24 20:49:48 | 000,492,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.001
[2011.05.24 20:49:48 | 000,118,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.003
[2011.05.24 20:49:48 | 000,114,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.002
[2011.05.24 20:49:48 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.000
[2011.05.24 20:49:48 | 000,000,000 | ---D | C] -- C:\Programme\SQL-Learning Tool
[2011.05.11 22:13:11 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Native Instruments
[2011.05.11 22:06:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C2686527-0D57-4F0B-ADAB-EE203CA30FC6}
[2011.05.11 21:59:26 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2011.05.11 21:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2011.05.09 23:27:48 | 000,000,000 | ---D | C] -- C:\Users\Gary\Documents\SelfMV
[2011.05.08 17:35:39 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\ReFX.Nexus.2.Vocoder.Expansion.Pack-AiRISO_Marwal.de
[2011.05.08 12:59:23 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Plasmoo
[2008.11.03 04:43:05 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Gary\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Gary\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Gary\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Gary\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.04 14:21:43 | 002,690,681 | ---- | M] () -- C:\Users\Gary\Desktop\04-06-2011 weiter!.mp3
[2011.06.04 14:11:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.04 14:11:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.04 13:17:26 | 002,432,591 | ---- | M] () -- C:\Users\Gary\Desktop\untitled.mp3
[2011.06.04 12:19:06 | 000,606,105 | ---- | M] () -- C:\Users\Gary\Desktop\unhide.exe
[2011.06.04 10:19:09 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.04 10:19:08 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.04 10:19:08 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.04 10:19:08 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.04 10:12:19 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.06.04 10:11:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.04 10:10:21 | 2649,079,808 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.03 02:38:28 | 000,001,356 | ---- | M] () -- C:\Users\Gary\AppData\Local\d3d9caps.dat
[2011.06.02 16:20:23 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.02 13:00:36 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.06.01 08:00:02 | 000,140,800 | ---- | M] () -- C:\Users\Gary\AppData\Roaming\lll.virus
[2011.05.31 06:48:46 | 002,239,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.05.30 21:42:35 | 000,016,896 | ---- | M] () -- C:\Users\Gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.29 23:23:10 | 002,702,175 | ---- | M] () -- C:\Users\Gary\Desktop\29-05-2011 weiter.mp3
[2011.05.29 21:52:01 | 003,734,534 | ---- | M] () -- C:\Users\Gary\Desktop\27-05-2011 weiter!!.mp3
[2011.05.29 20:54:34 | 007,080,064 | ---- | M] () -- C:\Users\Gary\Desktop\Parov Stelar - Catgroove (TSC - Forsythe)‏.mp3
[2011.05.29 16:03:22 | 003,902,762 | ---- | M] () -- C:\Users\Gary\Desktop\29-05-2011 weiter!.mp3
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.25 23:04:00 | 000,126,808 | ---- | M] () -- C:\Users\Gary\Desktop\Produce_7.wmv
[2011.05.25 23:01:46 | 000,071,082 | ---- | M] () -- C:\Users\Gary\Documents\pivot 1.pds
[2011.05.25 22:32:37 | 000,056,642 | ---- | M] () -- C:\Users\Gary\Desktop\(=.gif
[2011.05.25 22:09:32 | 000,000,623 | ---- | M] () -- C:\Users\Public\Desktop\Pivot Stickfigure Animator.lnk
[2011.05.25 21:14:09 | 003,122,224 | ---- | M] () -- C:\Users\Gary\Desktop\fdk.mp3
[2011.05.25 17:15:44 | 009,486,728 | ---- | M] () -- C:\Users\Gary\Documents\Produce_6.wmv
[2011.05.24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011.05.23 23:44:17 | 001,760,722 | ---- | M] () -- C:\Users\Gary\Desktop\darkwing.mp3
[2011.05.23 23:09:26 | 004,780,477 | ---- | M] () -- C:\Users\Gary\Desktop\Aladdin-One Jump Ahead.mp3
[2011.05.23 22:53:17 | 007,868,149 | ---- | M] () -- C:\Users\Gary\Desktop\This is Halloween.mp3
[2011.05.23 21:22:36 | 004,116,967 | ---- | M] () -- C:\Users\Gary\Desktop\23-05-2011 weiter 140 bpm !! nice.mp3
[2011.05.23 16:45:27 | 003,312,395 | ---- | M] () -- C:\Users\Gary\Desktop\23-05-2011 weiter!.mp3
[2011.05.19 21:53:21 | 061,711,190 | ---- | M] () -- C:\Users\Gary\Documents\Produce_5.wmv
[2011.05.18 22:37:51 | 010,431,260 | ---- | M] () -- C:\Users\Gary\Desktop\Anthro - Get Ready [Sample].mp3
[2011.05.18 01:20:48 | 004,480,566 | ---- | M] () -- C:\Users\Gary\Desktop\18-05-2011 weiter!.mp3
[2011.05.14 20:55:27 | 001,752,362 | ---- | M] () -- C:\Users\Gary\Desktop\14-05-2011 weiter!.mp3
[2011.05.14 16:42:11 | 008,773,032 | ---- | M] () -- C:\Users\Gary\Desktop\14-05-2011 weiter!!!.mp3
[2011.05.13 14:10:27 | 003,700,052 | ---- | M] () -- C:\Users\Gary\Desktop\13-05-2011 weiter!.mp3
[2011.05.12 01:53:50 | 003,714,656 | ---- | M] () -- C:\Users\Gary\Desktop\11-05-2011 weiter!.mp3
[2011.05.10 22:24:09 | 009,811,636 | ---- | M] () -- C:\Users\Gary\Desktop\Eins Zwei Polizei (Remix by Anthro).mp3
[2011.05.09 03:48:30 | 002,786,578 | ---- | M] () -- C:\Users\Gary\Desktop\08-05-2011 weiter!!!.mp3
[2011.05.09 03:34:57 | 004,997,791 | ---- | M] () -- C:\Users\Gary\Desktop\Trick and Treat.mp3
[2011.05.08 13:06:34 | 003,936,384 | ---- | M] () -- C:\Users\Gary\Desktop\Fred vom Jupiter (neue Deutsche Welle).mp3
[2011.05.07 15:01:24 | 002,721,610 | ---- | M] () -- C:\Users\Gary\Desktop\07-05-2011.mp3
 
========== Files Created - No Company Name ==========
 
[2011.06.04 14:06:16 | 002,690,681 | ---- | C] () -- C:\Users\Gary\Desktop\04-06-2011 weiter!.mp3
[2011.06.04 13:16:19 | 002,432,591 | ---- | C] () -- C:\Users\Gary\Desktop\untitled.mp3
[2011.06.04 12:19:04 | 000,606,105 | ---- | C] () -- C:\Users\Gary\Desktop\unhide.exe
[2011.06.03 12:55:30 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.06.03 12:55:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.06.03 12:55:25 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2011.06.03 12:46:59 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.06.03 12:46:59 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011.06.03 12:46:59 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011.06.02 16:20:23 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.01 08:00:02 | 000,140,800 | ---- | C] () -- C:\Users\Gary\AppData\Roaming\lll.virus
[2011.05.30 23:12:40 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011.05.29 23:05:55 | 002,702,175 | ---- | C] () -- C:\Users\Gary\Desktop\29-05-2011 weiter.mp3
[2011.05.29 20:53:05 | 007,080,064 | ---- | C] () -- C:\Users\Gary\Desktop\Parov Stelar - Catgroove (TSC - Forsythe)‏.mp3
[2011.05.29 16:02:05 | 003,902,762 | ---- | C] () -- C:\Users\Gary\Desktop\29-05-2011 weiter!.mp3
[2011.05.27 18:28:05 | 003,734,534 | ---- | C] () -- C:\Users\Gary\Desktop\27-05-2011 weiter!!.mp3
[2011.05.26 20:54:47 | 000,836,608 | ---- | C] () -- C:\Users\Gary\Desktop\pivot.exe
[2011.05.25 23:03:54 | 000,126,808 | ---- | C] () -- C:\Users\Gary\Desktop\Produce_7.wmv
[2011.05.25 23:01:44 | 000,071,082 | ---- | C] () -- C:\Users\Gary\Documents\pivot 1.pds
[2011.05.25 22:12:47 | 000,056,642 | ---- | C] () -- C:\Users\Gary\Desktop\(=.gif
[2011.05.25 22:09:32 | 000,000,623 | ---- | C] () -- C:\Users\Public\Desktop\Pivot Stickfigure Animator.lnk
[2011.05.25 21:12:57 | 003,122,224 | ---- | C] () -- C:\Users\Gary\Desktop\fdk.mp3
[2011.05.25 16:48:18 | 009,486,728 | ---- | C] () -- C:\Users\Gary\Documents\Produce_6.wmv
[2011.05.23 23:36:45 | 001,760,722 | ---- | C] () -- C:\Users\Gary\Desktop\darkwing.mp3
[2011.05.23 22:50:08 | 007,868,149 | ---- | C] () -- C:\Users\Gary\Desktop\This is Halloween.mp3
[2011.05.23 22:18:32 | 004,780,477 | ---- | C] () -- C:\Users\Gary\Desktop\Aladdin-One Jump Ahead.mp3
[2011.05.23 21:11:11 | 004,116,967 | ---- | C] () -- C:\Users\Gary\Desktop\23-05-2011 weiter 140 bpm !! nice.mp3
[2011.05.23 16:00:40 | 003,312,395 | ---- | C] () -- C:\Users\Gary\Desktop\23-05-2011 weiter!.mp3
[2011.05.19 20:52:25 | 061,711,190 | ---- | C] () -- C:\Users\Gary\Documents\Produce_5.wmv
[2011.05.18 01:06:52 | 004,480,566 | ---- | C] () -- C:\Users\Gary\Desktop\18-05-2011 weiter!.mp3
[2011.05.15 15:05:01 | 010,431,260 | ---- | C] () -- C:\Users\Gary\Desktop\Anthro - Get Ready [Sample].mp3
[2011.05.14 20:54:53 | 001,752,362 | ---- | C] () -- C:\Users\Gary\Desktop\14-05-2011 weiter!.mp3
[2011.05.14 15:36:32 | 008,773,032 | ---- | C] () -- C:\Users\Gary\Desktop\14-05-2011 weiter!!!.mp3
[2011.05.13 18:21:35 | 011,240,782 | ---- | C] () -- C:\Users\Gary\Desktop\03_vicious_delicious.mp3
[2011.05.13 13:54:43 | 003,700,052 | ---- | C] () -- C:\Users\Gary\Desktop\13-05-2011 weiter!.mp3
[2011.05.11 23:18:17 | 003,714,656 | ---- | C] () -- C:\Users\Gary\Desktop\11-05-2011 weiter!.mp3
[2011.05.10 22:02:02 | 009,811,636 | ---- | C] () -- C:\Users\Gary\Desktop\Eins Zwei Polizei (Remix by Anthro).mp3
[2011.05.08 23:36:00 | 004,997,791 | ---- | C] () -- C:\Users\Gary\Desktop\Trick and Treat.mp3
[2011.05.08 18:08:34 | 002,786,578 | ---- | C] () -- C:\Users\Gary\Desktop\08-05-2011 weiter!!!.mp3
[2011.05.08 13:05:51 | 003,936,384 | ---- | C] () -- C:\Users\Gary\Desktop\Fred vom Jupiter (neue Deutsche Welle).mp3
[2011.05.07 14:59:46 | 002,721,610 | ---- | C] () -- C:\Users\Gary\Desktop\07-05-2011.mp3
[2011.04.29 15:05:57 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.04.06 01:30:44 | 000,000,905 | ---- | C] () -- C:\Windows\asfbinwin.INI
[2011.04.02 11:48:27 | 000,019,049 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011.03.02 20:10:27 | 000,098,344 | ---- | C] () -- C:\Windows\unTMV.exe
[2011.02.06 10:42:03 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2011.01.29 18:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.01.27 22:40:39 | 000,000,132 | ---- | C] () -- C:\Users\Gary\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.01.19 16:04:22 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.01.19 16:04:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.01.19 16:04:22 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.01.19 16:04:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.01.19 16:04:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.01.07 21:21:52 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.01.07 21:21:51 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.01.06 14:44:29 | 004,874,240 | ---- | C] () -- C:\Windows\System32\DSE2_DFT.dll
[2010.12.21 12:21:31 | 000,000,041 | ---- | C] () -- C:\Windows\budsaver.dat
[2010.11.20 13:18:08 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2010.11.16 15:55:30 | 000,146,944 | ---- | C] () -- C:\Windows\ventilator.exe
[2010.11.09 20:28:40 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.11.09 20:28:40 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.10.31 11:23:41 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010.10.31 11:23:41 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010.10.31 11:23:41 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010.10.07 13:26:04 | 000,000,376 | ---- | C] () -- C:\Windows\wininit.ini
[2010.10.06 18:04:58 | 000,001,469 | ---- | C] () -- C:\Users\Gary\AppData\Local\RecConfig.xml
[2010.07.08 16:28:36 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010.06.25 08:25:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.05.28 01:02:19 | 000,016,896 | ---- | C] () -- C:\Users\Gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.27 18:11:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.05.27 18:08:40 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2010.05.27 18:02:19 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2010.05.27 18:02:19 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.05.27 18:02:19 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2010.05.27 17:44:11 | 000,001,356 | ---- | C] () -- C:\Users\Gary\AppData\Local\d3d9caps.dat
[2008.11.03 04:41:51 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.11.03 04:41:42 | 000,014,640 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2008.11.03 04:41:37 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.11.03 04:41:36 | 000,174,820 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.11.03 04:41:36 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.11.03 04:41:36 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.11.02 21:10:14 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.11.02 21:10:14 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.11.02 20:44:35 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.11.02 20:33:23 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2008.11.02 20:33:23 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.11.02 20:33:23 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.11.02 20:33:23 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.06.27 17:13:51 | 000,516,096 | ---- | C] () -- C:\Windows\System32\RegisterDialog.dll
[2007.01.26 08:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 002,239,344 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2011.04.29 15:08:32 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\.minecraft
[2008.11.02 21:07:45 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Acer GameZone Console
[2011.05.04 00:10:05 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Apowersoft
[2010.07.08 16:29:58 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Canneverbe Limited
[2011.02.05 17:49:58 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Crtnew
[2010.07.07 12:50:24 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\DAEMON Tools Lite
[2011.03.24 21:48:20 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.08 20:23:41 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Flood Light Games
[2011.01.08 00:10:22 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\FloodLightGames
[2011.05.30 01:31:23 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\FreeVideoConverter
[2011.06.02 14:08:47 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\FrostWire
[2011.01.07 22:28:37 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Games
[2011.05.30 01:31:23 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\gtk-2.0
[2011.06.02 17:57:13 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\ICQ
[2010.12.15 17:47:58 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\IMVU
[2011.05.30 01:31:25 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\IMVUClient
[2010.12.25 15:15:51 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\KORG
[2011.01.04 14:22:22 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2011.05.30 01:31:25 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2011.01.17 03:21:50 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Qupyb
[2011.05.04 00:59:05 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Replay Media Catcher 4
[2010.11.09 20:26:35 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Samsung
[2011.03.02 20:11:47 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\SoftMaker
[2011.06.02 14:01:23 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Thinstall
[2010.10.05 00:57:59 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\TrueCrypt
[2010.06.17 13:35:09 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\TS3Client
[2010.12.15 17:22:28 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Vivox
[2011.01.08 00:03:27 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Zawiz
[2011.06.04 03:02:38 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
--- --- ---


Ich hoffe ihr könnt mir helfen, ich weiß leider keinen Rat mehr.

Gruß,
Anthro

Alt 05.06.2011, 16:56   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery + Trojaner - Standard

Windows Recovery + Trojaner


Zitat:
Denn HijackThis hat ausgespuckt, alle Prozesse wären sicher, Malwarebytes fand nichts mehr und TDSSKiller fand auch nichts.
Hijackthis kannst du für heutige Analysen vergessen, siehe dick und fett unten in meiner Signatur, da ist ein Link wo alles erklärt wird.
Bitte poste alle Log von Malwarebytes, die im Reiter Logdateien zu sehen sind. Auch die ohne Funde.
__________________

__________________
Antwort

Themen zu Windows Recovery + Trojaner
antivir, autorun, avira, bho, bonjour, cdburnerxp, converter, error, firefox, google, helper, hijack, hijackthis, home, mbamservice.exe, mozilla, mp3, nodrives, oldtimer, plug-in, popup, prozesse, realtek, registry, scan, sched.exe, searchplugins, server, software, sptd.sys, staropen, start menu, trick, trojane, trojaner, vista, windows, windows vista home, wlan.


« OTL Auswertung: Hatte mehrere Trojana! | Virenbefall - Brauche eure Hilfe »


Ähnliche Themen: Windows Recovery + Trojaner


  1. Windows Recovery Fake Trojaner... Problem gelöst ?
    Log-Analyse und Auswertung - 19.06.2011 (1)
  2. Windows Vista Recovery - Virus (Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 03.06.2011 (7)
  3. Windows Recovery Trojaner und dessen Nachwirkungen
    Log-Analyse und Auswertung - 03.06.2011 (29)
  4. Windows Recovery Trojaner und weitere Probleme
    Log-Analyse und Auswertung - 01.06.2011 (3)
  5. Windows 7 Recovery Trojaner
    Log-Analyse und Auswertung - 27.05.2011 (30)
  6. Trojaner TR/Dldr.Peltpox.A' [trojan], danach Windows Recovery
    Plagegeister aller Art und deren Bekämpfung - 23.05.2011 (3)
  7. windows recovery trojaner
    Log-Analyse und Auswertung - 14.05.2011 (43)
  8. Windows Recovery Trojaner - Malewarebytes durchgeführt was nun?
    Log-Analyse und Auswertung - 11.05.2011 (29)
  9. Trojaner eingefangen: Windows Recovery
    Log-Analyse und Auswertung - 10.05.2011 (20)
  10. Windows Recovery Trojaner eingefangen
    Log-Analyse und Auswertung - 08.05.2011 (1)
  11. Windows Recovery Fake Trojaner entfernt - Jedoch nichts sichtbar
    Plagegeister aller Art und deren Bekämpfung - 03.05.2011 (3)
  12. Trojaner Fake.AV / Windows Recovery?
    Plagegeister aller Art und deren Bekämpfung - 30.04.2011 (10)
  13. Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte
    Log-Analyse und Auswertung - 30.04.2011 (12)
  14. Windows recovery trojaner weg?
    Log-Analyse und Auswertung - 28.04.2011 (18)
  15. Windows Recovery Trojaner entfernt, Dateien jedoch weg
    Log-Analyse und Auswertung - 27.04.2011 (1)
  16. Nach Windows recovery Trojaner -Befall: Desktopsymbole transparent
    Log-Analyse und Auswertung - 25.04.2011 (1)
  17. windows recovery trojaner
    Log-Analyse und Auswertung - 22.04.2011 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows Recovery + Trojaner - Hallo! Ich hatte vor ein paar Tagen probleme mit Windows Recovery. Es müsste eigendlich gelöscht sein, Dateien sind auch wieder sichtbar etc. Dank der unhide.exe, welche ich hier im Forum - Windows Recovery + Trojaner...
Archiv
Du betrachtest: Windows Recovery + Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54