Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Merkwürdiges Verhalten aber keine Viren (https://www.trojaner-board.de/101555-merkwuerdiges-verhalten-keine-viren.html)

Solaris 21.07.2011 05:25
Merkwürdiges Verhalten aber keine Viren
 
Hallo Liebes Trojaner-Board Team,
auf der Suche nach der Fehlerbehebung meines Fehler/s bin ich auf euch Aufmerksam geworden.
Mein folgendes Anliegen:
Manche Programme starten nicht obwohl ich sie ordnungsgemäß starte (Windows 7 Nutzer).

Manche Bilder im Netz kann ich nicht sehen (aber halbso schlimm)
Vielmehr wundert mich es, das ich Malewarebytes 2mal durchlaufen ließ (Vollscann + Aktuallisiert) hat der kein Virus gefunden.
Mein Antivir ebenso.

In der hoffnung auf OTL hoffe ich, das ihr mir damit helfen könnt.
Virus habe ich defenitiv keine muss also defeckte exe oder sonstiges sein.

Zitat:
OTL Extras logfile created on: 21.07.2011 06:20:05 - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\*****\Downloads
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,72% Memory free
4,00 Gb Paging File | 2,78 Gb Available in Paging File | 69,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 385,16 Gb Free Space | 82,70% Space Free | Partition Type: NTFS
Drive D: | 6,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{153C7D89-9CF4-4719-A551-C5BF45236DB5}" = redist
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{229B6751-774A-11E0-BCAE-0013D3D69929}" = MSVCRT Redists
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{404245D0-E836-4737-9C12-D4D0034540F5}_is1" = Free Countdown Timer 2.2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DEDF2885-0086-4534-9912-F9B97377ED07}" = AGEIA GAME System Software
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"DivX Setup.divx.com" = DivX-Setup
"FileZilla Client" = FileZilla Client 3.3.5.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst War Rock" = War Rock
"HyperCam 2" = HyperCam 2
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 550" = Left 4 Dead 2
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"Veetle TV" = Veetle TV
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.5
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.97-11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Länderfile Aserbaidschan" = Länderfile Aserbaidschan

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

cosinus 21.07.2011 10:21
Bitte trotzdem ALLE Logs von Malwarebytes posten.

Führe auch bitte ESET aus, danach sehen wir weiter.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

n.

Solaris 21.07.2011 18:53
Ersteinmal, entschuldigung das es so lange gedauert hat aber aus beruflichen Gründen konnte ich nicht eher.
Dummerweise habe ich meine Logfile gelöscht sodas ich ein erneuten Scann machen musste. Und siehe da: 4 Funde.
Zur sicherheit mache füge ich noch eine OTL Log-File hinzu, zu Sicherheitshalber.


Hier Malewarebytes:
Zitat:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7223

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

21.07.2011 18:02:56
mbam-log-2011-07-21 (18-02-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 438390
Laufzeit: 1 Stunde(n), 20 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\********\AppData\LocalLow\Sun\Java\deployment\cache\6.0\15\36eab94f-16920b8b (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\********\AppData\Roaming\Adobe\plugs\mmc362998.txt (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\********\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\********\AppData\Roaming\Adobe\plugs\mmc217.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
Diese habe ich natürlich sofort gelöscht

So nun zu aktuellen OTL:
OTL Logfile:
Code:
OTL logfile created on: 21.07.2011 18:04:41 - Run 5
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\********\Downloads
 An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,77% Memory free
4,00 Gb Paging File | 2,63 Gb Available in Paging File | 65,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 379,88 Gb Free Space | 81,56% Space Free | Partition Type: NTFS
Drive D: | 6,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ********-PC | User Name: ******** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.21 18:02:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\********\Downloads\OTL.exe
PRC - [2011.07.02 14:15:34 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.30 22:21:10 | 002,588,784 | ---- | M] (GamersFirst) -- C:\Program Files\GamersFirst\LIVE!\Live.exe
PRC - [2011.06.24 08:54:46 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.06.24 08:54:36 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.06.16 06:32:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.05.25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.05.25 09:25:02 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.05.25 09:24:56 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.05.05 14:15:53 | 003,071,384 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011.04.30 01:55:23 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.11.20 05:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 05:17:02 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.07.21 18:02:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\********\Downloads\OTL.exe
MOD - [2010.11.20 04:55:10 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- ({D8F737AD-AF9D-40ED-B1683075A1C327EA})
SRV - [2011.07.13 19:54:31 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.02 14:15:34 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.29 20:08:36 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011.05.25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.04.30 01:55:23 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.10 07:36:00 | 003,648,584 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.07.02 14:15:35 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.02 14:15:35 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.06.28 18:06:34 | 000,271,360 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.06.28 18:05:02 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2011.05.25 09:24:42 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.12.21 07:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.12.21 07:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010.12.21 07:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010.11.20 05:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 05:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 05:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 03:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 02:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 02:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 02:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.03.18 17:35:40 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 70 EF D1 68 DB CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{03CAE00B-981A-482D-8915-72FD4E3EF2B1}: C:\Users\********\AppData\Local\{03CAE00B-981A-482D-8915-72FD4E3EF2B1}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.21 16:20:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.21 16:20:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\********\AppData\Roaming\5015
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.21 17:09:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.10 18:51:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\********\AppData\Roaming\5015
 
[2011.05.27 06:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\********\AppData\Roaming\Mozilla\Extensions
[2011.07.05 23:31:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions
[2011.04.14 07:01:00 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\battlefieldplay4free@ea.com
[2011.07.05 23:31:04 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\extensions\ffxtlbr@Facemoods.com
[2011.07.15 18:58:38 | 000,001,056 | ---- | M] () -- C:\Users\********\AppData\Roaming\Mozilla\Firefox\Profiles\sdt57vlf.default\searchplugins\icqplugin.xml
[2011.06.21 17:09:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.12.30 21:03:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.07.05 23:31:05 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.16 16:18:22 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O3 - HKLM\..\Toolbar: (no name) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\********\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: infospyware.net ([www] https in Trusted sites)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.10 23:33:59 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2010.09.10 23:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2010.09.10 23:34:02 | 007,864,832 | R--- | M] () - D:\autorun.dat -- [ UDF ]
O32 - AutoRun File - [2010.09.10 23:33:38 | 000,000,141 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{dc86f325-1447-11e0-8218-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010.09.10 23:34:03 | 000,439,056 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.21 17:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.07.20 15:52:08 | 000,000,000 | ---D | C] -- C:\Temp
[2011.07.20 15:39:29 | 000,136,808 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdm.sys
[2011.07.20 15:39:29 | 000,012,776 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdfl.sys
[2011.07.20 15:39:29 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcmnt.sys
[2011.07.20 15:39:29 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcm.sys
[2011.07.20 15:39:29 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwhnt.sys
[2011.07.20 15:39:29 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwh.sys
[2011.07.20 15:39:28 | 000,121,064 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadbus.sys
[2011.07.20 15:38:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32
[2011.07.20 15:28:10 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\Samsung
[2011.07.20 15:28:00 | 000,000,000 | ---D | C] -- C:\Users\********\Documents\samsung
[2011.07.20 15:24:35 | 000,132,424 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdm.sys
[2011.07.20 15:24:35 | 000,104,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdbus.sys
[2011.07.20 15:24:35 | 000,014,920 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdfl.sys
[2011.07.20 15:24:35 | 000,012,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcmnt.sys
[2011.07.20 15:24:35 | 000,012,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdcm.sys
[2011.07.20 15:24:35 | 000,012,488 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwhnt.sys
[2011.07.20 15:24:35 | 000,012,488 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdwh.sys
[2011.07.20 15:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2011.07.20 15:23:45 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2011.07.20 15:23:35 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2011.07.20 15:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2011.07.20 15:23:07 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\Samsung
[2011.07.20 15:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2011.07.20 15:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2011.07.18 01:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2011.07.17 21:55:30 | 000,000,000 | ---D | C] -- C:\Users\********\Documents\Trapped Dead
[2011.07.16 00:09:28 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Komplettes Länderfile Aserbaidschan
[2011.07.15 04:19:06 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\FalloutNV
[2011.07.10 18:59:53 | 000,000,000 | ---D | C] -- C:\Users\********\Documents\UEFA EURO 2008
[2011.07.10 13:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011.07.09 19:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mplayer.com
[2011.07.09 19:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mplayer
[2011.07.09 19:51:32 | 000,305,152 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2011.07.09 16:12:11 | 016,456,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2011.07.09 16:12:11 | 013,011,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2011.07.09 16:12:11 | 011,992,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2011.07.09 16:12:11 | 010,589,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2011.07.09 16:12:11 | 005,301,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2011.07.09 16:12:11 | 002,804,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2011.07.09 16:12:11 | 002,082,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2011.07.09 16:12:11 | 000,899,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3220150.dll
[2011.07.09 16:12:11 | 000,865,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322090.dll
[2011.07.09 16:12:11 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011.07.09 16:12:11 | 000,012,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2011.07.09 03:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\AutoShutdownManager
[2011.07.08 23:57:55 | 000,000,000 | ---D | C] -- C:\Users\********\Desktop\Commando
[2011.07.07 14:49:03 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\Fallout3
[2011.07.06 20:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Activision
[2011.07.06 19:47:47 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2011.07.05 23:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2011.07.03 16:08:11 | 000,000,000 | ---D | C] -- C:\Users\********\Documents\FUSSBALL MANAGER 11 ONLINE
[2011.06.29 19:58:43 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\ts3overlay
[2011.06.27 15:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cossacks - Back To War
[2011.06.26 17:31:10 | 000,000,000 | ---D | C] -- C:\Users\********\Documents\GTA San Andreas User Files
[2011.06.26 00:07:20 | 000,268,048 | ---- | C] (MetaCreations Corporation) -- C:\Windows\System32\dxtmeta2.dll
[2011.06.25 23:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2011.06.25 23:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2011.06.22 17:49:56 | 000,034,304 | ---- | C] (AMD, Inc.) -- C:\Windows\System32\drivers\AmdLLD.sys
[2011.06.22 17:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2011.06.22 17:49:53 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\Downloaded Installations
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\********\AppData\Roaming\*.tmp files -> C:\Users\********\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.21 18:00:23 | 000,025,328 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.21 18:00:23 | 000,025,328 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.21 08:41:12 | 000,001,078 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2011.07.21 08:41:12 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
[2011.07.21 06:53:06 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\War Rock.lnk
[2011.07.21 06:33:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.20 16:23:16 | 000,678,770 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.20 16:23:16 | 000,628,662 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.20 16:23:16 | 000,138,914 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.20 16:23:16 | 000,114,108 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.20 15:50:48 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.07.20 15:27:53 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011.07.18 04:54:26 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.14 00:32:17 | 000,001,697 | ---- | M] () -- C:\WarRock.ini
[2011.07.12 17:59:10 | 000,000,717 | ---- | M] () -- C:\Windows\QIII.INI
[2011.07.11 21:25:56 | 000,022,328 | ---- | M] () -- C:\Users\********\AppData\Roaming\PnkBstrK.sys
[2011.07.09 03:35:17 | 000,013,521 | ---- | M] () -- C:\Users\********\Desktop\herunterfahren.zip
[2011.07.07 01:40:55 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.07.04 16:26:28 | 000,174,013 | ---- | M] () -- C:\Users\********\Desktop\Unbenannt.png
[2011.07.02 14:15:35 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.07.02 14:15:35 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.06.28 18:06:34 | 000,271,360 | ---- | M] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.06.28 18:05:02 | 000,018,048 | ---- | M] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.06.27 17:47:59 | 000,002,210 | ---- | M] () -- C:\Users\********\.recently-used.xbel
[2011.06.27 15:08:52 | 000,053,248 | ---- | M] () -- C:\Windows\System32\unrar.dll
[2011.06.26 18:00:00 | 000,000,215 | ---- | M] () -- C:\Users\********\Desktop\Grand Theft Auto San Andreas.url
[2011.06.25 23:07:35 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\********\AppData\Roaming\*.tmp files -> C:\Users\********\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.07.21 08:41:12 | 000,001,078 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2011.07.21 06:53:06 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\War Rock.lnk
[2011.07.20 15:50:48 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.07.20 15:27:53 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011.07.09 19:51:29 | 000,000,717 | ---- | C] () -- C:\Windows\QIII.INI
[2011.07.09 03:43:26 | 000,013,521 | ---- | C] () -- C:\Users\********\Desktop\herunterfahren.zip
[2011.07.05 23:30:43 | 000,001,872 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2011.07.05 23:30:42 | 000,001,851 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2011.07.05 23:30:42 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2011.07.04 16:26:27 | 000,174,013 | ---- | C] () -- C:\Users\********\Desktop\Unbenannt.png
[2011.06.28 18:05:21 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.06.28 18:05:02 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.06.27 17:47:59 | 000,002,210 | ---- | C] () -- C:\Users\********\.recently-used.xbel
[2011.06.27 15:08:52 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.06.26 00:00:08 | 000,000,215 | ---- | C] () -- C:\Users\********\Desktop\Grand Theft Auto San Andreas.url
[2011.06.25 23:07:35 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2011.06.08 21:30:19 | 814,041,040 | ---- | C] () -- C:\Program Files\War_Rock_20110307_G1.exe
[2011.05.27 12:49:10 | 000,000,092 | ---- | C] () -- C:\Users\********\AppData\Local\fusioncache.dat
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.05.15 12:58:47 | 000,000,012 | ---- | C] () -- C:\ProgramData\io.ini
[2011.04.30 20:58:41 | 000,000,096 | ---- | C] () -- C:\Windows\wininit.ini
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.31 00:27:56 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini
[2011.03.19 23:24:26 | 000,000,080 | ---- | C] () -- C:\Users\********\AppData\Local\X-Plane Installer.prf
[2011.03.02 23:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.03.02 23:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.03.02 23:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.03.02 23:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.03.02 23:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.02.24 18:21:33 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.17 15:48:15 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2011.02.09 13:03:04 | 000,000,239 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.02.07 02:34:41 | 000,000,000 | ---- | C] () -- C:\Windows\Editor.INI
[2011.01.31 18:20:21 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.01.22 02:35:04 | 000,022,328 | ---- | C] () -- C:\Users\********\AppData\Roaming\PnkBstrK.sys
[2011.01.08 09:13:48 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.01.04 21:41:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.14 10:47:43 | 000,678,770 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,138,914 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,265,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,628,662 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,114,108 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2011.04.08 17:19:24 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\.minecraft
[2011.06.11 13:27:48 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Bioshock
[2011.02.02 19:38:12 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Command and Conquer 4
[2011.04.14 07:01:00 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Digitanks
[2011.01.03 06:12:13 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.01 17:37:32 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\FileZilla
[2011.02.05 16:43:04 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\FOG Downloader
[2011.05.07 22:26:56 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\GetRightToGo
[2011.06.27 17:47:59 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\gtk-2.0
[2011.05.27 00:37:25 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\ICQ
[2011.04.12 14:17:53 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Leadertech
[2011.06.15 06:35:44 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\NationRed
[2011.04.06 05:36:09 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Petroglyph
[2011.05.09 18:25:03 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\ProtectDisc
[2011.07.20 15:23:07 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Samsung
[2011.05.13 22:20:59 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\SoftGrid Client
[2011.05.27 00:37:27 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Sony
[2011.04.14 07:00:59 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\temp
[2011.02.07 17:41:23 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Thies Gerken
[2011.04.18 18:46:11 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\TileRacer
[2011.06.10 16:48:03 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\TS3Client
[2011.06.29 19:58:43 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\ts3overlay
[2011.01.15 03:31:51 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\TuneUp Software
[2011.04.14 05:56:41 | 000,000,000 | ---D | M] -- C:\Users\********\AppData\Roaming\Uniblue
[2011.06.26 17:58:26 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


So nun weiter im Text bzw zum Vorpost:

Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=1fcb5fe6a33cdb4598493d9a34fa111b
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-21 03:44:40
# local_time=2011-07-21 05:44:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 39641 47799832 32434 0
# compatibility_mode=5893 16776574 100 94 8505727 62894202 0 0
# compatibility_mode=8192 67108863 100 0 264 264 0 0
# scanned=608
# found=0
# cleaned=0
# scan_time=69
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=1fcb5fe6a33cdb4598493d9a34fa111b
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-21 04:10:33
# local_time=2011-07-21 06:10:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 41263 47801454 34056 0
# compatibility_mode=5893 16776574 100 94 8507349 62895824 0 0
# compatibility_mode=8192 67108863 100 0 1886 1886 0 0
# scanned=129
# found=0
# cleaned=0
# scan_time=0
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=1fcb5fe6a33cdb4598493d9a34fa111b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-21 05:49:57
# local_time=2011-07-21 07:49:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 41306 47801497 34099 0
# compatibility_mode=5893 16776574 100 94 8507392 62895867 0 0
# compatibility_mode=8192 67108863 100 0 1929 1929 0 0
# scanned=263552
# found=14
# cleaned=0
# scan_time=5921
C:\Program Files\GamersFirst\War Rock\system\WarRock.exe a variant of Win32/Packed.Themida application (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\Local\Mozilla\Firefox\Profiles\sdt57vlf.default\Cache\7\F7\762AAd01 JS/Kryptik.BI trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\Local\Mozilla\Firefox\Profiles\sdt57vlf.default\Cache\D\3D\99CAFd01 JS/Kryptik.BD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\3cc664c-7ede5054 Java/Exploit.CVE-2010-4452.A trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4144d260-2008220c Java/TrojanDownloader.OpenStream.NBV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\37db3fe2-340dfbab Java/TrojanDownloader.Agent.ME trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\72e2fe76-5bae2686 Java/TrojanDownloader.OpenStream.NBV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\10a506b7-42a91d93 a variant of Java/Exploit.CVE-2010-4452.A trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\51444dfa-258f31a1 a variant of Java/TrojanDownloader.OpenStream.NBE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\51444dfa-421b4a24 a variant of Java/TrojanDownloader.OpenStream.NBE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\51444dfa-4faea00c a variant of Java/TrojanDownloader.OpenStream.NBE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\51444dfa-64d63ec9 a variant of Java/TrojanDownloader.OpenStream.NBE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\51444dfa-6d62e673 a variant of Java/TrojanDownloader.OpenStream.NBE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\734cfb3f-44464849 Java/TrojanDownloader.OpenStream.NBV trojan (unable to clean) 00000000000000000000000000000000 I
Hoffe ihr versteht das was da angezeigt wird.
Für mich ist das irgendwie alles Chinesisch aber ich setze Vertrauen in euch.
Sers

cosinus 21.07.2011 19:02
Zitat:
Dummerweise habe ich meine Logfile gelöscht
Was heißt gelöscht? Absichtlich aus der Liste der Logdateien entfernt??

Solaris 22.07.2011 05:36
Vielleich hab ich mich falsch ausgedrückt.
Nach einer Anzahl ( eigenes Gefühl) lösche ich die da sie mir viel Platz wegnehmen und dadurch ist es für mich sehr unübersichtlich.
Daher habe ich dummerweise bzw nichts ahnend das man die noch brauch gelöscht.
Aber ich werde es mir merken und nächstes mal besser machen

cosinus 22.07.2011 10:21
Zitat:
lösche ich die da sie mir viel Platz wegnehmen
Logs sind reine Textdateien, die nehmen fast gar kein Platz weg!

Sind noch Dateien hier zu sehen => C:\Users\DEIN NAME\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Zitat:
C:\Program Files\GamersFirst\War Rock\system\WarRock.exe
Was soll das sein?

Solaris 22.07.2011 12:39
Zum ersten:
Ich meinte optisch :)

Zum zweiten:
Ein Online Spiel wo ich mit leuten/kollegen spiele.

cosinus 22.07.2011 12:41
Die Logs sind auch nicht mehr in dem besagten Pfad?

Solaris 22.07.2011 13:42
Nur denn ich oben gepostet habe.

cosinus 22.07.2011 13:53
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
SRV - File not found [On_Demand | Stopped] --  -- ({D8F737AD-AF9D-40ED-B1683075A1C327EA})
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.10 23:33:59 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2010.09.10 23:34:03 | 000,439,056 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2010.09.10 23:34:02 | 007,864,832 | R--- | M] () - D:\autorun.dat -- [ UDF ]
O32 - AutoRun File - [2010.09.10 23:33:38 | 000,000,141 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{dc86f325-1447-11e0-8218-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010.09.10 23:34:03 | 000,439,056 | R--- | M] (Electronic Arts)
[2011.07.20 15:38:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Solaris 22.07.2011 14:17
Vielen Dank für deine Hilfe.
Hier ist das OTL Ergebniss:

Zitat:
========== OTL ==========
Service {D8F737AD-AF9D-40ED-B1683075A1C327EA} stopped successfully!
Service {D8F737AD-AF9D-40ED-B1683075A1C327EA} deleted successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
File move failed. D:\autorun.dat scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc86f325-1447-11e0-8218-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc86f325-1447-11e0-8218-806e6f6e6963}\ not found.
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
C:\Windows\System32\System32 folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 07222011_150527

Files\Folders moved on Reboot...
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
File move failed. D:\autorun.dat scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 22.07.2011 14:46
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Solaris 22.07.2011 16:54
Zitat:
2011/07/22 17:52:38.0097 3824 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/22 17:52:38.0580 3824 ================================================================================
2011/07/22 17:52:38.0580 3824 SystemInfo:
2011/07/22 17:52:38.0580 3824
2011/07/22 17:52:38.0580 3824 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/22 17:52:38.0580 3824 Product type: Workstation
2011/07/22 17:52:38.0580 3824 ComputerName: ******-PC
2011/07/22 17:52:38.0580 3824 UserName: ******
2011/07/22 17:52:38.0580 3824 Windows directory: C:\Windows
2011/07/22 17:52:38.0580 3824 System windows directory: C:\Windows
2011/07/22 17:52:38.0580 3824 Processor architecture: Intel x86
2011/07/22 17:52:38.0580 3824 Number of processors: 2
2011/07/22 17:52:38.0580 3824 Page size: 0x1000
2011/07/22 17:52:38.0580 3824 Boot type: Normal boot
2011/07/22 17:52:38.0580 3824 ================================================================================
2011/07/22 17:52:41.0123 3824 Initialize success
Unhide brauche ich anwenden da ich alles sehen und auch anwenden kann

cosinus 22.07.2011 21:48
Log ist zu kurz - hast du beide Haken gesetzt?

Solaris 22.07.2011 23:00
Ja
Die waren auch schon so.


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:02 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129