Home » Viren, Trojaner & Malware Forum » Trojan.Agent/Gen-BanLoad - Wie richtig entfernen ? » Themenansicht

Trojan.Agent/Gen-BanLoad - Wie richtig entfernen ?
#0
14.10.2010, 11:48
Wolfseye
...neu hier

Beiträge: 7
#1 Hallo,

hab gestern auf welche Art auch immer mir den Trojan.Agent/Gen-BanLoad eingefangen. Man sollte meinen das AVAST sowas findet aber anscheinend nicht. Im Endeffekt war es SuperAntiSpyware die mich darüber informiert hat.

Laut diesem Program ist der angeblich auch weg, aber bei Trojanern eher wohl nicht. Habe von jemand gehört das es fast unmöglich isst den richtig wegzukriegen. Weiss jemand wo ich z.b. in der Registry bei dem Trojaner nach schauen müsste ? Vielleicht hat den ja schonmal einer gehabt und weiss wie er am besten weggeht.

Wäre für jede Hilfe dankbar.

Mfg

Wolfseye
Seitenanfang Seitenende
14.10.2010, 12:53
gangren
Member

Beiträge: 420
#2 Hi,

sehen wir mal nach.

1. Malwarebytes
http://www.malwarebytes.org/affiliates/g2g/mbam-setup.exe
Malwarebytes bitte installieren, aktualisieren, einen Quick Scan durchführen, evt. Funde entfernen lassen und das Log posten.

2. OTL
http://oldtimer.geekstogo.com/OTL.exe
Starte das Programm, setze Häckchen bei "Scanne alle Benutzer", "LOP Prüfung" und "Purity Prüfung", kopiere unten in das Script-Feld rein:

Zitat

netsvcs
msconfig
und klicke auf Scan. Poste bitte die OTL.txt und Extras.txt
Seitenanfang Seitenende
14.10.2010, 13:09
Wolfseye
...neu hier

Themenstarter

Beiträge: 7
#3 Ok, hier schon mal die OTL Logs.

OTL.txt

Zitat

OTL logfile created on: 14.10.2010 12:55:41 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = H:\
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 63,47 Gb Total Space | 51,16 Gb Free Space | 80,60% Space Free | Partition Type: NTFS
Drive D: | 117,19 Gb Total Space | 91,46 Gb Free Space | 78,04% Space Free | Partition Type: NTFS
Drive E: | 146,48 Gb Total Space | 132,70 Gb Free Space | 90,59% Space Free | Partition Type: NTFS
Drive F: | 117,19 Gb Total Space | 106,37 Gb Free Space | 90,77% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 46,61 Gb Free Space | 95,46% Space Free | Partition Type: NTFS
Drive H: | 119,08 Gb Total Space | 117,39 Gb Free Space | 98,58% Space Free | Partition Type: NTFS
Drive I: | 146,48 Gb Total Space | 124,95 Gb Free Space | 85,30% Space Free | Partition Type: NTFS
Drive J: | 172,80 Gb Total Space | 67,07 Gb Free Space | 38,82% Space Free | Partition Type: NTFS
Drive L: | 488,28 Gb Total Space | 150,83 Gb Free Space | 30,89% Space Free | Partition Type: NTFS
Drive M: | 443,23 Gb Total Space | 94,24 Gb Free Space | 21,26% Space Free | Partition Type: NTFS
Drive N: | 372,61 Gb Total Space | 29,37 Gb Free Space | 7,88% Space Free | Partition Type: NTFS

Computer Name: WOLF-PC | User Name: wolfs270672eye | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010.10.14 12:27:52 | 000,293,376 | ---- | M] () -- H:\ki49y6vn.exe
PRC - [2010.10.14 12:27:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2010.10.10 23:44:22 | 000,815,200 | ---- | M] ( ) -- G:\Program Files\Miranda IM\miranda32.exe
PRC - [2010.10.06 13:39:27 | 002,002,728 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.10.05 19:56:48 | 009,742,952 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2010.09.15 01:02:28 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.09.10 00:09:36 | 001,511,424 | ---- | M] (Mortal Universe) -- C:\Program Files\POP Peeper\POPPeeper.exe
PRC - [2010.09.07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.07.09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.07.07 20:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
PRC - [2010.07.07 20:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2010.06.16 18:13:38 | 004,454,104 | ---- | M] (Mischel Internet Security) -- C:\Program Files\TrojanHunter 5.3\TrojanHunter.exe
PRC - [2010.06.16 18:13:38 | 001,070,296 | ---- | M] (Mischel Internet Security) -- C:\Program Files\TrojanHunter 5.3\THGuard.exe
PRC - [2010.03.10 19:07:04 | 000,659,456 | ---- | M] (IDEVFH L.L.C.) -- C:\Users\wolfs270672eye\AppData\Roaming\Mozilla\Firefox\Profiles\9sf60r8u.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
PRC - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010.10.14 12:27:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010.10.14 07:39:26 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.10.06 13:39:27 | 002,002,728 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.07.09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010.10.14 08:03:10 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.10.05 19:57:10 | 003,211,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010.09.07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.09.07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.09.07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.09.07 16:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010.09.07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.07.10 00:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.07.07 22:15:22 | 001,227,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x22k.sys -- (ha20x22k)
DRV - [2010.07.07 22:15:10 | 001,184,344 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2010.07.07 22:15:00 | 000,095,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2010.07.07 22:14:52 | 000,159,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010.07.07 22:14:44 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010.07.07 22:14:36 | 000,130,136 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010.07.07 22:14:20 | 000,537,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010.07.07 22:14:00 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010.07.07 22:13:52 | 001,353,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2010.07.07 22:13:52 | 001,353,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2010.07.07 22:13:42 | 000,073,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2010.07.07 22:13:42 | 000,073,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2010.07.07 22:13:34 | 000,198,232 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2010.07.07 22:13:34 | 000,198,232 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009.12.11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.10.13 02:16:02 | 000,049,152 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.14 00:02:54 | 000,588,544 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fus2base.sys -- (FUS2BASE)
DRV - [2009.07.14 00:02:54 | 000,064,000 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2007.08.02 09:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dadder.sys -- (DAdderFltr)
DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1474853986-1418939389-2533785236-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1474853986-1418939389-2533785236-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1474853986-1418939389-2533785236-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F5 1A 63 C0 1A 6B CB 01 [binary data]
IE - HKU\S-1-5-21-1474853986-1418939389-2533785236-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}:1.4.4
FF - prefs.js..extensions.enabledItems: mintrayr@tn123.ath.cx:0.5.4
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: anticontainer@downthemall.net:0.8.4
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: multilinks@plugin:2.0.0.17
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..network.proxy.http: "206.225.132.55"
FF - prefs.js..network.proxy.http_port: 80


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.13 23:37:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.13 23:12:06 | 000,000,000 | ---D | M]

[2010.10.13 23:39:10 | 000,000,000 | ---D | M] -- C:\Users\wolfs270672eye\AppData\Roaming\mozilla\Extensions
[2010.10.13 23:39:10 | 000,000,000 | ---D | M] -- C:\Users\wolfs270672eye\AppData\Roaming\mozilla\Firefox\_Profiles\p56v4fqu.default\extensions
[2010.10.13 23:55:25 | 000,000,000 | ---D | M] -- C:\Users\wolfs270672eye\AppData\Roaming\mozilla\Firefox\Profiles\9sf60r8u.default\extensions
[2010.10.13 23:45:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wolfs270672eye\AppData\Roaming\mozilla\Firefox\Profiles\9sf60r8u.default\extensions\{6BFD307A-C040-11DA-9749-FB1C850B47DF}
[2010.10.13 23:45:12 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\wolfs270672eye\AppData\Roaming\mozilla\Firefox\Profiles\9sf60r8u.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.10.13 23:45:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\wolfs270672eye\AppData\Roaming\mozilla\Firefox\Profiles\9sf60r8u.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.10.13 23:45:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\wolfs270672eye\AppData\Roaming\mozilla\Firefox\Profiles\9sf60r8u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.13 23:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wolfs270672eye\AppData\Roaming\mozilla\Firefox\Profiles\9sf60r8u.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.10.13 23:45:13 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\wolfs270672eye\AppData\Roaming\mozilla\Firefox\Profiles\9sf60r8u.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.10.13 23:45:14 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\wolfs270672eye\AppData\Roaming\mozilla\Firefox\Profiles\9sf60r8u.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2010.10.13 23:45:12 | 000,000,000 | ---D | M] -- C:\Users\wolfs270672eye\AppData\Roaming\mozilla\Firefox\Profiles\9sf60r8u.default\extensions\anticontainer@downthemall.net
[2010.10.13 23:45:12 | 000,000,000 | ---D | M] -- C:\Users\wolfs270672eye\AppData\Roaming\mozilla\Firefox\Profiles\9sf60r8u.default\extensions\mintrayr@tn123.ath.cx
[2010.10.13 23:45:12 | 000,000,000 | ---D | M] -- C:\Users\wolfs270672eye\AppData\Roaming\mozilla\Firefox\Profiles\9sf60r8u.default\extensions\multilinks@plugin
[2010.10.13 23:45:12 | 000,000,000 | ---D | M] -- C:\Users\wolfs270672eye\AppData\Roaming\mozilla\Firefox\Profiles\9sf60r8u.default\extensions\YoutubeDownloader@PeterOlayev.com
[2010.03.17 14:30:37 | 000,002,252 | ---- | M] () -- C:\Users\wolfs270672eye\AppData\Roaming\Mozilla\FireFox\Profiles\9sf60r8u.default\searchplugins\askcom.xml
[2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\wolfs270672eye\AppData\Roaming\Mozilla\FireFox\Profiles\9sf60r8u.default\searchplugins\conduit.xml
[2010.10.14 08:37:17 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.10.14 08:37:18 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.10.13 23:11:30 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.10.14 08:45:26 | 000,422,499 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14565 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [THGuard] C:\Program Files\TrojanHunter 5.3\THGuard.exe (Mischel Internet Security)
O4 - HKU\S-1-5-21-1474853986-1418939389-2533785236-1001..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-1474853986-1418939389-2533785236-1001..\Run: [POP Peeper] C:\Program Files\POP Peeper\POPPeeper.exe (Mortal Universe)
O4 - HKU\S-1-5-21-1474853986-1418939389-2533785236-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1474853986-1418939389-2533785236-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-1474853986-1418939389-2533785236-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.118 195.50.140.248
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.02.02 01:02:30 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.10.14 12:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TrojanHunter
[2010.10.14 12:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.3
[2010.10.14 11:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.10.14 09:24:29 | 000,000,000 | ---D | C] -- C:\Users\wolfs270672eye\AppData\Roaming\vlc
[2010.10.14 08:52:01 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.10.14 08:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.10.14 08:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.10.14 08:38:24 | 000,000,000 | ---D | C] -- C:\Users\wolfs270672eye\AppData\Roaming\skypePM
[2010.10.14 08:37:21 | 000,000,000 | ---D | C] -- C:\Users\wolfs270672eye\AppData\Roaming\Skype
[2010.10.14 08:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.10.14 08:37:04 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010.10.14 08:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.10.14 08:28:16 | 000,000,000 | ---D | C] -- C:\Users\wolfs270672eye\AppData\Roaming\Miranda
[2010.10.14 08:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2010.10.14 08:10:48 | 000,000,000 | ---D | C] -- C:\Users\wolfs270672eye\AppData\Roaming\Ventrilo
[2010.10.14 08:10:48 | 000,000,000 | ---D | C] -- C:\Users\wolfs270672eye\AppData\Roaming\TS3Client
[2010.10.14 08:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\xp-AntiSpy
[2010.10.14 08:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Registry Cleaner
[2010.10.14 08:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010.10.14 08:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010.10.14 08:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010.10.14 08:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2010.10.14 08:03:46 | 000,000,000 | ---D | C] -- C:\Users\wolfs270672eye\AppData\Roaming\Malwarebytes
[2010.10.14 08:03:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.14 08:03:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.14 08:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.10.14 08:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.14 07:58:31 | 000,000,000 | ---D | C] -- C:\Users\wolfs270672eye\AppData\Roaming\POP Peeper
[2010.10.14 07:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2010.10.14 07:53:46 | 000,000,000 | ---D | C] -- C:\Users\wolfs270672eye\AppData\Roaming\TeamViewer
[2010.10.14 07:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010.10.14 07:50:42 | 000,000,000 | ---D | C] -- C:\Users\wolfs270672eye\AppData\Roaming\SUPERAntiSpyware.com
[2010.10.14 07:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.10.14 07:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010.10.14 07:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2010.10.14 07:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\POP Peeper
[2010.10.14 07:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup
[2010.10.14 07:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2010.10.14 07:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative Labs Shared
[2010.10.14 07:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2010.10.14 07:38:40 | 000,106,496 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\cttele32.dll
[2010.10.14 07:38:33 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2010.10.14 07:38:33 | 000,109,144 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2010.10.14 07:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2010.10.14 07:38:04 | 000,020,480 | ---- | C] (Creative Technology Limited) -- C:\Windows\INRESGER.DLL
[2010.10.14 07:38:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\Data
[2010.10.14 07:36:13 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010.10.14 07:36:13 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010.10.14 07:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010.10.14 07:35:43 | 000,000,000 | ---D | C] -- C:\Users\wolfs270672eye\AppData\Roaming\Winamp
[2010.10.14 07:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010.10.14 07:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010.10.14 07:23:08 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.10.14 07:23:08 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.10.14 07:23:07 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.10.14 07:23:05 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.10.14 07:23:05 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010.10.14 07:22:33 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010.10.14 07:22:33 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010.10.14 07:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010.10.14 07:11:29 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010.10.14 07:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010.10.14 07:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010.10.14 07:09:47 | 014,092,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.10.14 07:09:47 | 011,008,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.10.14 07:09:47 | 000,795,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpinst.exe
[2010.10.14 07:09:47 | 000,314,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll
[2010.10.14 07:09:47 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.10.14 07:09:47 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.10.14 07:09:44 | 009,818,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2010.10.14 07:09:44 | 002,892,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.10.14 07:09:43 | 010,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.10.14 07:09:43 | 004,553,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.10.14 07:09:43 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.10.14 07:09:43 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod1922.dll
[2010.10.14 07:09:43 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010.10.14 07:09:40 | 001,625,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2010.10.14 07:09:34 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010.10.14 00:03:39 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2010.10.14 00:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010.10.14 00:01:56 | 000,000,000 | ---D | C] -- C:\Intel
[2010.10.13 23:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.10.13 23:46:45 | 000,000,000 | ---D | C] -- C:\Users\wolfs270672eye\AppData\Roaming\Macromedia
[2010.10.13 23:46:45 | 000,000,000 | ---D | C] -- C:\Users\wolfs270672eye\AppData\Roaming\Adobe
[2010.10.13 23:46:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010.10.13 23:46:28 | 000,000,000 | ---D | C] -- C:\Windows\de-DE
[2010.10.13 23:46:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\XPSViewer
[2010.10.13 23:46:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\0407
[2010.10.13 23:46:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\de-DE
[2010.10.13 23:46:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\de
[2010.10.13 23:42:14 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\volsnap.sys.mui
[2010.10.13 23:42:14 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\usbport.sys.mui
[2010.10.13 23:42:14 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\usbhub.sys.mui
[2010.10.13 23:42:14 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\de-DE\pscr.sys.mui
[2010.10.13 23:42:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vhdmp.sys.mui
[2010.10.13 23:42:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tpm.sys.mui
[2010.10.13 23:42:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\portcls.sys.mui
[2010.10.13 23:42:14 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\umbus.sys.mui
[2010.10.13 23:42:14 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\serscan.sys.mui
[2010.10.13 23:42:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wd.sys.mui
[2010.10.13 23:42:12 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pcmcia.sys.mui
[2010.10.13 23:42:12 | 000,003,072 | ---- | C] (VIA Technologies, Inc. ) -- C:\Windows\System32\drivers\de-DE\getn62.sys.mui
[2010.10.13 23:42:12 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\rndismpx.sys.mui
[2010.10.13 23:42:12 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\rndismp6.sys.mui
[2010.10.13 23:42:12 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vwifibus.sys.mui
[2010.10.13 23:42:11 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mpio.sys.mui
[2010.10.13 23:42:11 | 000,033,280 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\de-DE\yk62x86.sys.mui
[2010.10.13 23:42:11 | 000,025,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1y6032.sys.mui
[2010.10.13 23:42:11 | 000,025,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1e6032.sys.mui
[2010.10.13 23:42:11 | 000,022,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\E1G60I32.sys.mui
[2010.10.13 23:42:11 | 000,013,312 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1q6032.sys.mui
[2010.10.13 23:42:11 | 000,013,312 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1k6032.sys.mui
[2010.10.13 23:42:11 | 000,013,312 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\de-DE\k57nd60x.sys.mui
[2010.10.13 23:42:11 | 000,013,312 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\de-DE\b57nd60x.sys.mui
[2010.10.13 23:42:11 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\serial.sys.mui
[2010.10.13 23:42:11 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\i8042prt.sys.mui
[2010.10.13 23:42:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\msdsm.sys.mui
[2010.10.13 23:42:11 | 000,006,144 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\de-DE\bcm4sbxp.sys.mui
[2010.10.13 23:42:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\sermouse.sys.mui
[2010.10.13 23:42:11 | 000,005,120 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e100b325.sys.mui
[2010.10.13 23:42:11 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mouclass.sys.mui
[2010.10.13 23:42:11 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\parport.sys.mui
[2010.10.13 23:42:11 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ataport.sys.mui
[2010.10.13 23:42:11 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\parvdm.sys.mui
[2010.10.13 23:42:11 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mouhid.sys.mui
[2010.10.13 23:42:11 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\MTConfig.sys.mui
[2010.10.13 23:42:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdide.sys.mui
[2010.10.13 23:42:10 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\afd.sys.mui
[2010.10.13 23:42:10 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\scsiport.sys.mui
[2010.10.13 23:42:09 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tcpip.sys.mui
[2010.10.13 23:42:09 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bfe.dll.mui
[2010.10.13 23:42:09 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tunnel.sys.mui
[2010.10.13 23:42:09 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\modem.sys.mui
[2010.10.13 23:42:09 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui
[2010.10.13 23:42:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ws2ifsl.sys.mui
[2010.10.13 23:42:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\usbrpm.sys.mui
[2010.10.13 23:42:07 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\fvevol.sys.mui
[2010.10.13 23:42:07 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\srv.sys.mui
[2010.10.13 23:42:07 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\scfilter.sys.mui
[2010.10.13 23:42:04 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\rdbss.sys.mui
[2010.10.13 23:42:03 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pacer.sys.mui
[2010.10.13 23:42:03 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\RNDISMP.sys.mui
[2010.10.13 23:42:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\qwavedrv.sys.mui
[2010.10.13 23:42:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\partmgr.sys.mui
[2010.10.13 23:42:02 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ntfs.sys.mui
[2010.10.13 23:42:02 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\nwifi.sys.mui
[2010.10.13 23:42:01 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ndis.sys.mui
[2010.10.13 23:42:01 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ndisuio.sys.mui
[2010.10.13 23:42:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ndiscap.sys.mui
[2010.10.13 23:41:59 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mountmgr.sys.mui
[2010.10.13 23:41:58 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\luafv.sys.mui
[2010.10.13 23:41:58 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ipnat.sys.mui
[2010.10.13 23:41:57 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\http.sys.mui
[2010.10.13 23:41:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\fltmgr.sys.mui
[2010.10.13 23:41:53 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\volmgrx.sys.mui
[2010.10.13 23:41:51 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerIb.sys.mui
[2010.10.13 23:41:51 | 000,010,752 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\de-DE\ltmdmnt.sys.mui
[2010.10.13 23:41:51 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pci.sys.mui
[2010.10.13 23:41:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\IPMIDrv.sys.mui
[2010.10.13 23:41:51 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\kbdclass.sys.mui
[2010.10.13 23:41:51 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wacompen.sys.mui
[2010.10.13 23:41:51 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vdrvroot.sys.mui
[2010.10.13 23:41:51 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\isapnp.sys.mui
[2010.10.13 23:41:51 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\hdaudbus.sys.mui
[2010.10.13 23:41:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\HdAudio.sys.mui
[2010.10.13 23:41:51 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mssmbios.sys.mui
[2010.10.13 23:41:51 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\hidbth.sys.mui
[2010.10.13 23:41:51 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\VIAAGP.SYS.mui
[2010.10.13 23:41:51 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ULIAGPKX.SYS.mui
[2010.10.13 23:41:51 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\SISAGP.SYS.mui
[2010.10.13 23:41:51 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pnpmem.sys.mui
[2010.10.13 23:41:51 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\NV_AGP.SYS.mui
[2010.10.13 23:41:51 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\kbdhid.sys.mui
[2010.10.13 23:41:51 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\Dot4usb.sys.mui
[2010.10.13 23:41:51 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\AMDAGP.SYS.mui
[2010.10.13 23:41:51 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\AGP440.sys.mui
[2010.10.13 23:41:50 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\viac7.sys.mui
[2010.10.13 23:41:50 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\processr.sys.mui
[2010.10.13 23:41:50 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\intelppm.sys.mui
[2010.10.13 23:41:50 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdppm.sys.mui
[2010.10.13 23:41:50 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdk8.sys.mui
[2010.10.13 23:41:50 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ohci1394.sys.mui
[2010.10.13 23:41:50 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\1394ohci.sys.mui
[2010.10.13 23:41:50 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerId.sys.mui
[2010.10.13 23:41:50 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\acpi.sys.mui
[2010.10.13 23:41:50 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\battc.sys.mui
[2010.10.13 23:41:50 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthport.sys.mui
[2010.10.13 23:41:50 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthpan.sys.mui
[2010.10.13 23:41:50 | 000,003,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\de-DE\atikmdag.sys.mui
[2010.10.13 23:41:50 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\UAGP35.SYS.mui
[2010.10.13 23:41:50 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\GAGP30KX.SYS.mui
[2010.10.13 23:41:50 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\BTHUSB.SYS.mui
[2010.10.13 23:41:50 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrParwdm.sys.mui
[2010.10.13 23:41:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\disk.sys.mui
[2010.10.13 23:41:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\cdrom.sys.mui
[2010.10.13 23:41:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthenum.sys.mui
[2010.10.13 23:37:11 | 000,000,000 | ---D | C] -- C:\Users\wolfs270672eye\AppData\Roaming\Mozilla
[2010.10.13 23:37:11 | 000,000,000 | ---D | C] -- C:\Users\wolfs270672eye\AppData\Local\Mozilla
[2010.10.13 23:20:30 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.10.13 23:20:30 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.10.13 23:20:30 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.10.13 23:18:36 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.10.13 23:16:02 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.10.13 23:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.10.13 23:14:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2010.10.13 23:14:16 | 003,610,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2010.10.13 23:14:16 | 003,211,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2010.10.13 23:14:16 | 001,843,816 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2010.10.13 23:14:16 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2010.10.13 23:14:16 | 001,738,072 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2010.10.13 23:14:16 | 001,084,008 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2010.10.13 23:14:16 | 000,453,224 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2010.10.13 23:14:16 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2010.10.13 23:14:16 | 000,214,352 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFNHK.dll
[2010.10.13 23:14:16 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2010.10.13 23:14:16 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2010.10.13 23:14:16 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2010.10.13 23:14:16 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFCOM.dll
[2010.10.13 23:14:16 | 000,068,944 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFAPO.dll
[2010.10.13 23:14:16 | 000,066,152 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2010.10.13 23:14:15 | 001,938,704 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2010.10.13 23:14:15 | 001,327,104 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2010.10.13 23:14:15 | 000,477,288 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RCoRes.dat
[2010.10.13 23:14:15 | 000,357,576 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2010.10.13 23:14:15 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2010.10.13 23:14:15 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2010.10.13 23:14:15 | 000,252,928 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2010.10.13 23:14:15 | 000,252,760 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2010.10.13 23:14:15 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2010.10.13 23:14:15 | 000,168,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2010.10.13 23:14:15 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2010.10.13 23:14:15 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2010.10.13 23:14:15 | 000,062,664 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2010.10.13 23:14:14 | 001,131,232 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2010.10.13 23:14:14 | 000,961,248 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2010.10.13 23:14:14 | 000,899,808 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2010.10.13 23:14:14 | 000,447,200 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2010.10.13 23:14:14 | 000,427,744 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2010.10.13 23:14:14 | 000,404,704 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2010.10.13 23:14:14 | 000,305,568 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2010.10.13 23:14:14 | 000,290,016 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2010.10.13 23:14:14 | 000,235,232 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2010.10.13 23:14:14 | 000,222,944 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2010.10.13 23:14:14 | 000,175,200 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2010.10.13 23:14:14 | 000,105,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2010.10.13 23:14:14 | 000,105,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2010.10.13 23:14:14 | 000,105,184 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2010.10.13 23:14:14 | 000,096,160 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2010.10.13 23:14:14 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010.10.13 23:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010.10.13 23:14:13 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2010.10.13 23:14:12 | 001,251,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010.10.13 23:14:11 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010.10.13 23:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010.10.13 23:13:29 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
[2010.10.13 23:13:28 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.10.13 23:13:28 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010.10.13 23:13:28 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.10.13 23:13:27 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.10.13 23:13:27 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.10.13 23:13:24 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010.10.13 23:13:24 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010.10.13 23:13:24 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010.10.13 23:13:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.10.13 23:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010.10.13 23:13:14 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.10.13 23:13:14 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.10.13 23:13:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.10.13 23:13:14 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.10.13 23:13:14 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.10.13 23:13:14 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.10.13 23:13:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.10.13 23:13:14 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.10.13 23:13:14 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.10.13 23:13:14 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.10.13 23:13:14 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.10.13 23:13:13 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.13 23:13:13 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.13 23:13:11 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.10.13 23:13:11 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.10.13 23:13:07 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.10.13 23:13:07 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010.10.13 23:13:06 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.10.13 23:13:06 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.10.13 23:13:06 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.10.13 23:13:06 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.10.13 23:13:06 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.10.13 23:13:06 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.10.13 23:13:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.10.13 23:13:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.10.13 23:13:05 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.10.13 23:13:04 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.13 23:13:01 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.13 23:13:00 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.10.13 23:13:00 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.10.13 23:13:00 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.10.13 23:12:59 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.10.13 23:12:59 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.10.13 23:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.10.13 23:12:55 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.10.13 23:12:54 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.10.13 23:12:53 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.13 23:12:52 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.10.13 23:12:52 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010.10.13 23:12:52 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.10.13 23:12:08 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.10.13 23:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010.10.13 23:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010.10.13 23:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010.10.13 23:08:41 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.10.13 23:08:41 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.10.13 23:08:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.10.13 23:05:37 | 000,000,000 | R--D | C] -- C:\Users\wolfs270672eye\Searches
[2010.10.13 23:05:37 | 000,000,000 | -H-D | C] -- C:\Users\wolfs270672eye\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010.10.13 23:05:29 | 000,000,000 | ---D | C] -- C:\Users\wolfs270672eye\AppData\Roaming\Identities
[2010.10.13 23:05:28 | 000,000,000 | R--D | C] -- C:\Users\wolfs270672eye\Contacts
[2010.10.13 23:05:21 | 000,000,000 | ---D | C] -- C:\Users\wolfs270672eye\AppData\Local\VirtualStore
[2010.10.13 23:05:20 | 000,000,000 | --SD | C] -- C:\Users\wolfs270672eye\AppData\Roaming\Microsoft
[2010.10.13 23:05:20 | 000,000,000 | R--D | C] -- C:\Users\wolfs270672eye\Videos
[2010.10.13 23:05:20 | 000,000,000 | R--D | C] -- C:\Users\wolfs270672eye\Saved Games
[2010.10.13 23:05:20 | 000,000,000 | R--D | C] -- C:\Users\wolfs270672eye\Pictures
[2010.10.13 23:05:20 | 000,000,000 | R--D | C] -- C:\Users\wolfs270672eye\Music
[2010.10.13 23:05:20 | 000,000,000 | R--D | C] -- C:\Users\wolfs270672eye\Links
[2010.10.13 23:05:20 | 000,000,000 | R--D | C] -- C:\Users\wolfs270672eye\Favorites
[2010.10.13 23:05:20 | 000,000,000 | R--D | C] -- C:\Users\wolfs270672eye\Downloads
[2010.10.13 23:05:20 | 000,000,000 | R--D | C] -- C:\Users\wolfs270672eye\Documents
[2010.10.13 23:05:20 | 000,000,000 | R--D | C] -- C:\Users\wolfs270672eye\Desktop
[2010.10.13 23:05:20 | 000,000,000 | -HSD | C] -- C:\Users\wolfs270672eye\AppData\Local\Temporary Internet Files
[2010.10.13 23:05:20 | 000,000,000 | -HSD | C] -- C:\Users\wolfs270672eye\Templates
[2010.10.13 23:05:20 | 000,000,000 | -HSD | C] -- C:\Users\wolfs270672eye\Start Menu
[2010.10.13 23:05:20 | 000,000,000 | -HSD | C] -- C:\Users\wolfs270672eye\SendTo
[2010.10.13 23:05:20 | 000,000,000 | -HSD | C] -- C:\Users\wolfs270672eye\Recent
[2010.10.13 23:05:20 | 000,000,000 | -HSD | C] -- C:\Users\wolfs270672eye\PrintHood
[2010.10.13 23:05:20 | 000,000,000 | -HSD | C] -- C:\Users\wolfs270672eye\NetHood
[2010.10.13 23:05:20 | 000,000,000 | -HSD | C] -- C:\Users\wolfs270672eye\Documents\My Videos
[2010.10.13 23:05:20 | 000,000,000 | -HSD | C] -- C:\Users\wolfs270672eye\Documents\My Pictures
[2010.10.13 23:05:20 | 000,000,000 | -HSD | C] -- C:\Users\wolfs270672eye\Documents\My Music
[2010.10.13 23:05:20 | 000,000,000 | -HSD | C] -- C:\Users\wolfs270672eye\My Documents
[2010.10.13 23:05:20 | 000,000,000 | -HSD | C] -- C:\Users\wolfs270672eye\Local Settings
[2010.10.13 23:05:20 | 000,000,000 | -HSD | C] -- C:\Users\wolfs270672eye\AppData\Local\History
[2010.10.13 23:05:20 | 000,000,000 | -HSD | C] -- C:\Users\wolfs270672eye\Cookies
[2010.10.13 23:05:20 | 000,000,000 | -HSD | C] -- C:\Users\wolfs270672eye\Application Data
[2010.10.13 23:05:20 | 000,000,000 | -HSD | C] -- C:\Users\wolfs270672eye\AppData\Local\Application Data
[2010.10.13 23:05:20 | 000,000,000 | -H-D | C] -- C:\Users\wolfs270672eye\AppData
[2010.10.13 23:05:20 | 000,000,000 | ---D | C] -- C:\Users\wolfs270672eye\AppData\Local\Temp
[2010.10.13 23:05:20 | 000,000,000 | ---D | C] -- C:\Users\wolfs270672eye\AppData\Local\Microsoft
[2010.10.13 23:05:20 | 000,000,000 | ---D | C] -- C:\Users\wolfs270672eye\AppData\Roaming\Media Center Programs
[2010.10.13 23:02:33 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010.10.13 22:56:33 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.10.13 22:54:21 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.10.13 22:53:45 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010.07.07 20:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.10.14 12:09:27 | 000,059,392 | R--- | M] () -- C:\Windows\System32\streamhlp.dll
[2010.10.14 12:09:26 | 000,001,003 | ---- | M] () -- C:\Users\wolfs270672eye\Application Data\Microsoft\Internet Explorer\Quick Launch\TrojanHunter Scanner.lnk
[2010.10.14 12:09:26 | 000,000,979 | ---- | M] () -- C:\Users\wolfs270672eye\Desktop\TrojanHunter.lnk
[2010.10.14 11:36:36 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.14 11:36:36 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.14 11:35:50 | 000,651,768 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.14 11:35:50 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.14 11:35:50 | 000,129,468 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.14 11:35:50 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.14 11:33:30 | 000,003,003 | ---- | M] () -- C:\Users\wolfs270672eye\Desktop\HiJackThis.lnk
[2010.10.14 11:31:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.14 11:31:05 | 1609,916,416 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.14 11:30:18 | 000,055,920 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00421102}.rfx
[2010.10.14 11:30:18 | 000,055,920 | ---- | M] () -- C:\Windows\System32\BMXState-{00000003-00000000-00000000-00001102-0000000B-00421102}.rfx
[2010.10.14 11:30:18 | 000,000,820 | ---- | M] () -- C:\Windows\System32\DVCState-{00000003-00000000-00000000-00001102-0000000B-00421102}.rfx
[2010.10.14 08:45:26 | 000,422,499 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.10.14 08:42:08 | 000,001,244 | ---- | M] () -- C:\Users\wolfs270672eye\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010.10.14 08:42:08 | 000,001,220 | ---- | M] () -- C:\Users\wolfs270672eye\Desktop\Spybot - Search & Destroy.lnk
[2010.10.14 08:39:24 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.10.14 08:37:07 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.10.14 08:31:01 | 000,000,714 | ---- | M] () -- C:\Users\wolfs270672eye\Desktop\Notepad++.lnk
[2010.10.14 08:26:28 | 000,000,703 | ---- | M] () -- C:\Users\wolfs270672eye\Desktop\Miranda IM.lnk
[2010.10.14 08:17:41 | 000,000,124 | ---- | M] () -- C:\Users\wolfs270672eye\Documents\ax_files.xml
[2010.10.14 08:15:16 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 52%.lnk
[2010.10.14 08:11:44 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settingsbkup.sfm
[2010.10.14 08:11:44 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settings.sfm
[2010.10.14 08:07:30 | 000,001,891 | ---- | M] () -- C:\Users\wolfs270672eye\Application Data\Microsoft\Internet Explorer\Quick Launch\xp-AntiSpy.lnk
[2010.10.14 08:07:30 | 000,001,867 | ---- | M] () -- C:\Users\wolfs270672eye\Desktop\xp-AntiSpy.lnk
[2010.10.14 08:07:15 | 000,001,139 | ---- | M] () -- C:\Users\wolfs270672eye\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Registry Cleaner.lnk
[2010.10.14 08:07:15 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2010.10.14 08:06:50 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.10.14 08:06:21 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.10.14 08:06:20 | 000,000,841 | ---- | M] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2010.10.14 08:05:16 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.10.14 08:03:43 | 000,001,007 | ---- | M] () -- C:\Users\wolfs270672eye\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010.10.14 08:03:43 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.14 08:03:10 | 000,436,792 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2010.10.14 07:54:52 | 000,000,600 | ---- | M] () -- C:\Users\wolfs270672eye\AppData\Roaming\winscp.rnd
[2010.10.14 07:54:50 | 000,001,775 | ---- | M] () -- C:\Users\wolfs270672eye\Application Data\Microsoft\Internet Explorer\Quick Launch\WinSCP.lnk
[2010.10.14 07:54:50 | 000,001,751 | ---- | M] () -- C:\Users\wolfs270672eye\Desktop\WinSCP.lnk
[2010.10.14 07:53:45 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010.10.14 07:50:40 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.10.14 07:50:22 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2010.10.14 07:49:57 | 000,001,012 | ---- | M] () -- C:\Users\wolfs270672eye\Application Data\Microsoft\Internet Explorer\Quick Launch\POP Peeper.lnk
[2010.10.14 07:49:57 | 000,000,988 | ---- | M] () -- C:\Users\wolfs270672eye\Desktop\POP Peeper.lnk
[2010.10.14 07:49:36 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2010.10.14 07:38:33 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2010.10.14 07:38:33 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2010.10.14 07:38:33 | 000,000,087 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010.10.14 07:36:14 | 000,000,965 | ---- | M] () -- C:\Users\wolfs270672eye\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010.10.14 07:36:14 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2010.10.14 07:35:02 | 000,001,235 | ---- | M] () -- C:\Users\Public\Desktop\Media Player Classic.lnk
[2010.10.14 07:23:08 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.10.14 07:23:05 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010.10.14 00:01:54 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2010.10.14 00:01:39 | 000,053,248 | ---- | M] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2010.10.13 23:45:48 | 000,295,922 | ---- | M] () -- C:\Windows\System32\perfi007.dat
[2010.10.13 23:45:48 | 000,038,104 | ---- | M] () -- C:\Windows\System32\perfd007.dat
[2010.10.13 23:37:13 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010.10.13 23:24:56 | 000,265,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.13 23:18:31 | 000,000,410 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010.10.13 23:18:31 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD7010.DAT
[2010.10.13 23:13:17 | 000,001,867 | ---- | M] () -- C:\Users\wolfs270672eye\Desktop\Defraggler.lnk
[2010.10.13 23:12:58 | 000,000,969 | ---- | M] () -- C:\Users\wolfs270672eye\Desktop\CCleaner.lnk
[2010.10.13 23:12:17 | 000,001,216 | ---- | M] () -- C:\Users\wolfs270672eye\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010.10.13 23:12:17 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010.10.13 23:10:51 | 000,001,913 | ---- | M] () -- C:\Users\wolfs270672eye\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010.10.13 23:10:51 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.10.13 23:08:10 | 000,001,411 | ---- | M] () -- C:\Users\wolfs270672eye\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010.10.13 22:58:06 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010.10.05 19:57:22 | 001,084,008 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2010.10.05 19:57:10 | 003,211,432 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2010.10.05 19:57:10 | 001,843,816 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2010.10.05 19:56:58 | 000,453,224 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2010.10.05 19:56:58 | 000,066,152 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2010.10.05 19:56:48 | 003,610,216 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2010.10.05 19:56:36 | 000,477,288 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RCoRes.dat
[2010.09.29 13:11:02 | 001,251,944 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010.09.27 09:34:58 | 000,232,792 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2010.09.16 19:33:28 | 000,404,704 | ---- | M] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2010.09.16 19:33:24 | 000,427,744 | ---- | M] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2010.09.16 19:33:20 | 001,131,232 | ---- | M] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2010.09.16 19:33:18 | 000,961,248 | ---- | M] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2010.09.16 19:33:14 | 000,290,016 | ---- | M] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2010.09.16 19:33:10 | 000,222,944 | ---- | M] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2010.09.16 19:33:08 | 000,105,696 | ---- | M] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2010.09.16 19:33:04 | 000,105,184 | ---- | M] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2010.09.16 19:33:00 | 000,105,696 | ---- | M] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2010.09.16 19:32:58 | 000,235,232 | ---- | M] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2010.09.16 19:32:54 | 000,899,808 | ---- | M] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2010.09.16 19:32:50 | 000,447,200 | ---- | M] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.10.14 12:09:26 | 000,001,003 | ---- | C] () -- C:\Users\wolfs270672eye\Application Data\Microsoft\Internet Explorer\Quick Launch\TrojanHunter Scanner.lnk
[2010.10.14 12:09:26 | 000,000,979 | ---- | C] () -- C:\Users\wolfs270672eye\Desktop\TrojanHunter.lnk
[2010.10.14 12:09:19 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll
[2010.10.14 11:33:30 | 000,003,003 | ---- | C] () -- C:\Users\wolfs270672eye\Desktop\HiJackThis.lnk
[2010.10.14 08:42:08 | 000,001,244 | ---- | C] () -- C:\Users\wolfs270672eye\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010.10.14 08:42:08 | 000,001,220 | ---- | C] () -- C:\Users\wolfs270672eye\Desktop\Spybot - Search & Destroy.lnk
[2010.10.14 08:38:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.14 08:37:07 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.10.14 08:26:28 | 000,000,703 | ---- | C] () -- C:\Users\wolfs270672eye\Desktop\Miranda IM.lnk
[2010.10.14 08:17:41 | 000,000,124 | ---- | C] () -- C:\Users\wolfs270672eye\Documents\ax_files.xml
[2010.10.14 08:17:35 | 000,000,714 | ---- | C] () -- C:\Users\wolfs270672eye\Desktop\Notepad++.lnk
[2010.10.14 08:15:16 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 52%.lnk
[2010.10.14 08:11:44 | 000,001,080 | ---- | C] () -- C:\Windows\System32\settingsbkup.sfm
[2010.10.14 08:11:44 | 000,001,080 | ---- | C] () -- C:\Windows\System32\settings.sfm
[2010.10.14 08:07:30 | 000,001,891 | ---- | C] () -- C:\Users\wolfs270672eye\Application Data\Microsoft\Internet Explorer\Quick Launch\xp-AntiSpy.lnk
[2010.10.14 08:07:30 | 000,001,867 | ---- | C] () -- C:\Users\wolfs270672eye\Desktop\xp-AntiSpy.lnk
[2010.10.14 08:07:15 | 000,001,139 | ---- | C] () -- C:\Users\wolfs270672eye\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Registry Cleaner.lnk
[2010.10.14 08:07:15 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2010.10.14 08:06:50 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.10.14 08:06:20 | 000,000,841 | ---- | C] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2010.10.14 08:06:17 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.10.14 08:05:16 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.10.14 08:03:43 | 000,001,007 | ---- | C] () -- C:\Users\wolfs270672eye\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010.10.14 08:03:43 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.14 08:03:10 | 000,436,792 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.10.14 07:54:50 | 000,001,775 | ---- | C] () -- C:\Users\wolfs270672eye\Application Data\Microsoft\Internet Explorer\Quick Launch\WinSCP.lnk
[2010.10.14 07:54:50 | 000,001,751 | ---- | C] () -- C:\Users\wolfs270672eye\Desktop\WinSCP.lnk
[2010.10.14 07:54:50 | 000,000,600 | ---- | C] () -- C:\Users\wolfs270672eye\AppData\Roaming\winscp.rnd
[2010.10.14 07:53:45 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010.10.14 07:50:40 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.10.14 07:50:22 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2010.10.14 07:49:57 | 000,001,012 | ---- | C] () -- C:\Users\wolfs270672eye\Application Data\Microsoft\Internet Explorer\Quick Launch\POP Peeper.lnk
[2010.10.14 07:49:57 | 000,000,988 | ---- | C] () -- C:\Users\wolfs270672eye\Desktop\POP Peeper.lnk
[2010.10.14 07:49:36 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2010.10.14 07:40:46 | 000,055,920 | ---- | C] () -- C:\Windows\System32\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00421102}.rfx
[2010.10.14 07:40:46 | 000,055,920 | ---- | C] () -- C:\Windows\System32\BMXState-{00000003-00000000-00000000-00001102-0000000B-00421102}.rfx
[2010.10.14 07:40:46 | 000,000,820 | ---- | C] () -- C:\Windows\System32\DVCState-{00000003-00000000-00000000-00001102-0000000B-00421102}.rfx
[2010.10.14 07:40:18 | 000,007,062 | ---- | C] () -- C:\Windows\System32\audiopid.vxd
[2010.10.14 07:38:33 | 000,164,864 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010.10.14 07:38:33 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010.10.14 07:38:33 | 000,000,087 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2010.10.14 07:38:04 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIGER.DLL
[2010.10.14 07:36:14 | 000,000,965 | ---- | C] () -- C:\Users\wolfs270672eye\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010.10.14 07:36:14 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2010.10.14 07:35:02 | 000,001,235 | ---- | C] () -- C:\Users\Public\Desktop\Media Player Classic.lnk
[2010.10.14 07:35:01 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.10.14 07:35:01 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.10.14 07:23:08 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.10.14 07:09:47 | 000,009,596 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010.10.14 00:01:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.10.13 23:47:15 | 000,651,768 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.10.13 23:47:15 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.10.13 23:47:15 | 000,129,468 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.10.13 23:47:15 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.10.13 23:37:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.10.13 23:18:31 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.10.13 23:18:31 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD7010.DAT
[2010.10.13 23:13:17 | 000,001,867 | ---- | C] () -- C:\Users\wolfs270672eye\Desktop\Defraggler.lnk
[2010.10.13 23:12:58 | 000,000,969 | ---- | C] () -- C:\Users\wolfs270672eye\Desktop\CCleaner.lnk
[2010.10.13 23:12:17 | 000,001,216 | ---- | C] () -- C:\Users\wolfs270672eye\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010.10.13 23:12:17 | 000,001,192 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010.10.13 23:10:51 | 000,001,913 | ---- | C] () -- C:\Users\wolfs270672eye\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010.10.13 23:10:51 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.10.13 23:08:10 | 000,001,411 | ---- | C] () -- C:\Users\wolfs270672eye\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010.10.13 23:05:20 | 000,000,290 | ---- | C] () -- C:\Users\wolfs270672eye\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010.10.13 23:05:20 | 000,000,272 | ---- | C] () -- C:\Users\wolfs270672eye\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010.10.13 22:53:44 | 1609,916,416 | -HS- | C] () -- C:\hiberfil.sys
[2010.07.07 21:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2010.07.07 21:23:06 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2010.07.07 20:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.01 10:12:32 | 000,000,285 | ---- | C] () -- C:\Windows\System32\kill.ini
[2004.08.13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

[color=#E56717]========== LOP Check ==========[/color]

[2010.10.14 08:28:16 | 000,000,000 | ---D | M] -- C:\Users\wolfs270672eye\AppData\Roaming\Miranda
[2010.10.14 08:10:51 | 000,000,000 | ---D | M] -- C:\Users\wolfs270672eye\AppData\Roaming\POP Peeper
[2010.10.14 08:10:52 | 000,000,000 | ---D | M] -- C:\Users\wolfs270672eye\AppData\Roaming\TeamViewer
[2010.10.14 08:10:48 | 000,000,000 | ---D | M] -- C:\Users\wolfs270672eye\AppData\Roaming\TS3Client
[2009.07.14 06:53:46 | 000,003,340 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



< End of report >
Extras.txt

Zitat

OTL Extras logfile created on: 14.10.2010 12:55:41 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = H:\
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 63,47 Gb Total Space | 51,16 Gb Free Space | 80,60% Space Free | Partition Type: NTFS
Drive D: | 117,19 Gb Total Space | 91,46 Gb Free Space | 78,04% Space Free | Partition Type: NTFS
Drive E: | 146,48 Gb Total Space | 132,70 Gb Free Space | 90,59% Space Free | Partition Type: NTFS
Drive F: | 117,19 Gb Total Space | 106,37 Gb Free Space | 90,77% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 46,61 Gb Free Space | 95,46% Space Free | Partition Type: NTFS
Drive H: | 119,08 Gb Total Space | 117,39 Gb Free Space | 98,58% Space Free | Partition Type: NTFS
Drive I: | 146,48 Gb Total Space | 124,95 Gb Free Space | 85,30% Space Free | Partition Type: NTFS
Drive J: | 172,80 Gb Total Space | 67,07 Gb Free Space | 38,82% Space Free | Partition Type: NTFS
Drive L: | 488,28 Gb Total Space | 150,83 Gb Free Space | 30,89% Space Free | Partition Type: NTFS
Drive M: | 443,23 Gb Total Space | 94,24 Gb Free Space | 21,26% Space Free | Partition Type: NTFS
Drive N: | 372,61 Gb Total Space | 29,37 Gb Free Space | 7,88% Space Free | Partition Type: NTFS

Computer Name: WOLF-PC | User Name: wolfs270672eye | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1474853986-1418939389-2533785236-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7-Zip" = 7-Zip 9.17 beta
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudioCS" = Creative Audio-Systemsteuerung
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster
"Defraggler" = Defraggler
"Diagnostics 4_5" = Creative-Diagnose
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"Foxit Reader" = Foxit Reader
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.4.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Miranda IM" = Miranda IM 0.9.6
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"POP Peeper" = POP Peeper
"Speccy" = Speccy
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"TrojanHunter_is1" = TrojanHunter 5.3
"VLC media player" = VLC media player 1.1.4
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp
"winscp3_is1" = WinSCP 4.2.9
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.73
"xp-AntiSpy" = xp-AntiSpy 3.97-9

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 13.10.2010 17:36:17 | Computer Name = Wolf-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Alwil
Software\Avast5\AvastUI.exe". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 13.10.2010 17:40:59 | Computer Name = Wolf-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
aswFsBlk. System Error: The system cannot find the file specified. .

Error - 13.10.2010 17:40:59 | Computer Name = Wolf-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
aswMonFlt. System Error: The system cannot find the file specified. .

Error - 13.10.2010 17:40:59 | Computer Name = Wolf-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
aswRdr. System Error: The system cannot find the file specified. .

Error - 13.10.2010 17:40:59 | Computer Name = Wolf-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
aswSP. System Error: The system cannot find the file specified. .

Error - 13.10.2010 17:40:59 | Computer Name = Wolf-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
avast! Network Shield Support. System Error: The system cannot find the file specified.
.

Error - 13.10.2010 17:40:59 | Computer Name = Wolf-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service
avast! Antivirus since QueryServiceConfig API failed System Error: The system cannot
find the file specified. .

Error - 14.10.2010 01:45:02 | Computer Name = Wolf-PC | Source = VSS | ID = 8194
Description =

Error - 14.10.2010 02:02:50 | Computer Name = Wolf-PC | Source = VSS | ID = 8194
Description =

Error - 14.10.2010 03:10:47 | Computer Name = Wolf-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TeaTimer.exe, Version: 1.6.6.32,
Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdaae Ausnahmecode: 0x0eedfade Fehleroffset: 0x00009617 ID des fehlerhaften
Prozesses: 0x13c0 Startzeit der fehlerhaften Anwendung: 0x01cb6b6b214e8a9d Pfad der
fehlerhaften Anwendung: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 2aa38c09-d762-11df-b7d3-404e57434401

[ System Events ]
Error - 14.10.2010 05:13:57 | Computer Name = Wolf-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 14.10.2010 05:16:03 | Computer Name = Wolf-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 14.10.2010 05:16:03 | Computer Name = Wolf-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 14.10.2010 05:16:03 | Computer Name = Wolf-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 14.10.2010 05:21:03 | Computer Name = Wolf-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 14.10.2010 05:21:03 | Computer Name = Wolf-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 14.10.2010 05:21:03 | Computer Name = Wolf-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 14.10.2010 05:23:11 | Computer Name = Wolf-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 14.10.2010 05:23:11 | Computer Name = Wolf-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 14.10.2010 05:23:11 | Computer Name = Wolf-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computer Browser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068


< End of report >
Ich seh da total nicht durch. ;) Hoffe jemand anders tut. Der Malwarebytes scan läuft noch, genau wie der von GMER und TROJAN HUNTER. Auch werd ich gleich noch HiJackThis laufen lassen.
Seitenanfang Seitenende
14.10.2010, 13:19
gangren
Member

Beiträge: 420
#4 So, für die Zukunft: Bitte keinen falschen Aktionismus - einfach die Scans durchführen, die da stehen, und auch in der Reihenfolge (schon gar nicht alle auf einmal). Sonst komme ich durcheinander. GMER ist noch ok, Trojan Hunter kann nicht schaden und HiJackThis wird nicht gebraucht.
Und, nur mal so, etwas Geduld mitbringen, ich kann nicht ständig online sein.
Seitenanfang Seitenende
14.10.2010, 13:25
Wolfseye
...neu hier

Themenstarter

Beiträge: 7
#5

Zitat

gangren postete
Und, nur mal so, etwas Geduld mitbringen, ich kann nicht ständig online sein.
Sagte ich doch nicht, oder ? Hab nur gefragt wer da helfen kann. Nicht gedrängt oder sonst was. Also bitte nicht falsch verstehen. Wenn man keine Zeit hat, ist ok, kein Problem.
Seitenanfang Seitenende
14.10.2010, 14:34
Wolfseye
...neu hier

Themenstarter

Beiträge: 7
#6 So, hier ist der Log von GMER.

Zitat

GMER 1.0.15.15315 - http://www.gmer.net
Rootkit scan 2010-10-14 14:00:28
Windows 6.1.7600
Running: ki49y6vn.exe; Driver: C:\Users\WOLFS2~1\AppData\Local\Temp\kxldqpob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8D5AFBAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8D5AF9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8D5AFB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C4D599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C71F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntkrnlpa.exe!ZwLoadDriver 82DAB291 7 Bytes JMP 8D5AFB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E12FBF 5 Bytes JMP 8D5AB5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82E2CCF3 5 Bytes JMP 8D5AD012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 82E3AD63 7 Bytes JMP 8D5AF9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82EE4EAC 7 Bytes JMP 8D5AFBB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text sptd.sys 88CBF000 8 Bytes [A6, 71, 02, 83, A0, D7, 01, ...]
.text sptd.sys 88CBF009 23 Bytes [D7, 01, 83, 48, FB, 01, 83, ...]
.text sptd.sys 88CBF024 4 Bytes [32, E5, DE, 88]
.text sptd.sys 88CBF02C 188 Bytes [FC, B8, E6, 82, 09, C1, E0, ...]
.text sptd.sys 88CBF0E9 136 Bytes [8B, C4, 82, 2C, 0D, CC, 82, ...]
.text ...
.sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x88DB6D38]
? C:\Windows\System32\Drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text USBPORT.SYS!DllUnload 929C0CA0 5 Bytes JMP 85F17410
.text aovasl16.SYS 81E32000 12 Bytes [44, F8, 01, 83, EE, F6, 01, ...]
.text aovasl16.SYS 81E3200D 188 Bytes [D7, 01, 83, 48, FB, 01, 83, ...]
.text aovasl16.SYS 81E320CA 28 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aovasl16.SYS 81E320E7 23 Bytes [00, 38, 0F, 00, 00, 00, 00, ...]
.text aovasl16.SYS 81E320FF 704 Bytes [4E, 0E, 10, 0F, D2, 0D, 94, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[880] ntdll.dll!LdrLoadDll 76E5F625 5 Bytes JMP 001F13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\TrojanHunter 5.3\TrojanHunter.exe[1096] ntdll.dll!DbgBreakPoint 76E33574 1 Byte [90]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1488] kernel32.dll!SetUnhandledExceptionFilter 75C33162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [88CC00C0] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [88CC0FE0] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [88CC0574] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [88CC11BC] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [88CC0362] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\System32\Drivers\aovasl16.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] 1456B60F

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\TrojanHunter 5.3\TrojanHunter.exe[1096] @ C:\Windows\system32\user32.dll [KERNEL32.dll!CreateThread] [0044FC24] C:\Program Files\TrojanHunter 5.3\TrojanHunter.exe (TrojanHunter Scanner/Mischel Internet Security)
IAT C:\Program Files\TrojanHunter 5.3\TrojanHunter.exe[1096] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0044FC24] C:\Program Files\TrojanHunter 5.3\TrojanHunter.exe (TrojanHunter Scanner/Mischel Internet Security)
IAT C:\Program Files\TrojanHunter 5.3\TrojanHunter.exe[1096] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044FE28] C:\Program Files\TrojanHunter 5.3\TrojanHunter.exe (TrojanHunter Scanner/Mischel Internet Security)
IAT C:\Program Files\TrojanHunter 5.3\TrojanHunter.exe[1096] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044FE28] C:\Program Files\TrojanHunter 5.3\TrojanHunter.exe (TrojanHunter Scanner/Mischel Internet Security)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84E631F8
Device \FileSystem\fastfat \FatCdrom 879351F8
Device \Driver\usbuhci \Device\USBPDO-0 85D2F430
Device \Driver\usbuhci \Device\USBPDO-1 85D2F430
Device \Driver\usbuhci \Device\USBPDO-2 85D2F430
Device \Driver\usbehci \Device\USBPDO-3 85F14430
Device \Driver\PCI_PNP4389 \Device\00000054 sptd.sys
Device \Driver\PCI_PNP4389 \Device\00000054 sptd.sys
Device \Driver\usbuhci \Device\USBPDO-4 85D2F430

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbuhci \Device\USBPDO-5 85D2F430
Device \Driver\usbuhci \Device\USBPDO-6 85D2F430

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbehci \Device\USBPDO-7 85F14430

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 85D761F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 85D761F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E611F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 84E611F8
Device \Driver\atapi \Device\Ide\IdePort0 84E611F8
Device \Driver\atapi \Device\Ide\IdePort1 84E611F8
Device \Driver\atapi \Device\Ide\IdePort2 84E611F8
Device \Driver\atapi \Device\Ide\IdePort3 84E611F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-5 84E611F8
Device \Driver\USBSTOR \Device\00000073 85D921F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\USBSTOR \Device\00000075 85D921F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBt_Wins_Export 85E221F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\USBSTOR \Device\00000079 85D921F8
Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{E79BF3A9-1571-449D-88A6-C2D446BFC0F3} 85E221F8
Device \Driver\usbuhci \Device\USBFDO-0 85D2F430
Device \Driver\usbuhci \Device\USBFDO-1 85D2F430
Device \Driver\usbuhci \Device\USBFDO-2 85D2F430
Device \Driver\usbehci \Device\USBFDO-3 85F14430
Device \Driver\usbuhci \Device\USBFDO-4 85D2F430
Device \Driver\usbuhci \Device\USBFDO-5 85D2F430
Device \Driver\USBSTOR \Device\0000007f 85D921F8
Device \Driver\usbuhci \Device\USBFDO-6 85D2F430

AttachedDevice \Driver\volmgr \Device\HarddiskVolume10 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbehci \Device\USBFDO-7 85F14430

AttachedDevice \Driver\volmgr \Device\HarddiskVolume11 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\aovasl16 \Device\Scsi\aovasl161 85F8E430
Device \Driver\aovasl16 \Device\Scsi\aovasl161Port4Path0Target0Lun0 85F8E430
Device \FileSystem\fastfat \Fat 879351F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x70 0x0A 0x3B 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xD4 0x8E 0xF3 0x06 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xEC 0x61 0xFC 0x77 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x70 0x0A 0x3B 0xB3 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xD4 0x8E 0xF3 0x06 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xEC 0x61 0xFC 0x77 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@Hidden 2
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@HideFileExt 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@ShowSuperHidden 0

---- EOF - GMER 1.0.15 ----
Trojan Hunter hat nix gefunden, hab restlos alles durchsucht. (mehrmals)

Auch Malwarebytes Anti-Malware hat nix gefunden. Wenn also jetzt jemand aus dem tuhuwabuhu der Logs von OTL oder GMER was finden würde, dann wäre ich sehr dankbar. ;)
Dieser Beitrag wurde am 14.10.2010 um 15:08 Uhr von Wolfseye editiert.
Seitenanfang Seitenende
14.10.2010, 15:51
gangren
Member

Beiträge: 420
#7 Von Malware sehe ich da nicht viel. Könntest Du bitte das Log mit dem Fund von SuperAntiSpyware posten

Zitat

Trojan.Agent/Gen-BanLoad
war eine heuristische Erkennung, unter Umständen ist es ein Fehlalarm.
Seitenanfang Seitenende
14.10.2010, 16:05
Wolfseye
...neu hier

Themenstarter

Beiträge: 7
#8 Hmm, das mal komisch. Irgendwie find ich nur noch ein Log drin bei den Logs von SuperAntiSpyware. Und da ist als Gefahr der drin.

Zitat

Trojan.Agent/Gen-HackPatch
L:\SYSTEM VOLUME INFORMATION\_RESTORE{4BBD7DB2-0395-49CB-8062-9EB4A6E09BB1}\RP338\A0029225.EXE
War aber ganz sicher das es auch der o.g. Trojaner war. Komisch das ich nur noch das 1 log hab. Die aktuellen Scanvorgänge von SuperAntiSpyware wurden, warum auch immer, nicht im Log Ordner gespeichert. Muss man nicht verstehen.

Weiss aber sicher das alle (mehrere) komplette Scans die ich in den letzten 3 1/2 Stunden gemacht hab (u.a. wieder mit SAS) definitv nix sonst mehr an Bedrohungen angezeigt haben.

Ich hoffe es war wirklich ein Fehlalarm oder das was auch immer war, der SAS auch schon entfernt hatte.

Und von den Logs oben sieht es alles mehr oder weniger ok aus ?

P.S: Systemwiederherstellung ist btw. mittlerweile deaktiviert.
Seitenanfang Seitenende
14.10.2010, 16:14
gangren
Member

Beiträge: 420
#9 In den Logs ist wie gesagt nichts zu entdecken, ich tippe auf ein Fehlalarm. Ich würde vorschlagen, Du beobachtest das Ganze eine Zeit lang, eine Woche oder so, und falls noch mal was auftaucht, graben wir etwas tiefer. Falls nicht, ist alles gut ;)

Gruß,
gangren
Seitenanfang Seitenende
14.10.2010, 16:18
Wolfseye
...neu hier

Themenstarter

Beiträge: 7
#10

Zitat

gangren postete
In den Logs ist wie gesagt nichts zu entdecken, ich tippe auf ein Fehlalarm. Ich würde vorschlagen, Du beobachtest das Ganze eine Zeit lang, eine Woche oder so, und falls noch mal was auftaucht, graben wir etwas tiefer. Falls nicht, ist alles gut ;)

Gruß,
gangren
Hab gerade nochmal den SuperAntiSpyware durchlaufen lassen, auf dem L Laufwerk. Und er findet da wohl wieder den Trojaner im Restore. Aber in der derzeitigen Installation von WIN7 hatte ich auf dem Laufwerk garkein Systemrestore an. Wie kann der nun also da drin sein und vor allem, wie krieg ich ihn raus ?

Hab schon alle aktuellen Systemwiederherstellungspunkte wieder gelöscht, und das war nur auf C an.
Seitenanfang Seitenende
14.10.2010, 16:40
Wolfseye
...neu hier

Themenstarter

Beiträge: 7
#11 So, habe es mit einem kleine Trick geschafft Zugang zu dem geschützen Systemordner zu bekommen und dann nochmal SAS laufen lassen. Er hat den dann wieder gefunden und sagt das er es löscht. Danach wollte er nen Reboot. So, dann wieder drin, hab ich den Scan wieder da laufen lassen, und diesmal hat er ihn nicht wieder gefunden.

Jetzt scheints aus dem ollen System Volume Restore Ordner raus gelöscht zu sein. Werd das mal weiter beobachten und wenn noch was mehr ist, mich wieder hier melden.

@gangren:

Vielen Dank für deine Hilfe !!! ;)
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1