Anti-Malware Doctor

#0
20.04.2011, 21:21
...neu hier

Beiträge: 8
#1 Hallo,
ich habe mir irgendwie den A-M. D. zugezogen...
hab in durch ändern der exe (von zB arg70 nach fake.exe) erfolgreich entfernen können...
in der reg habe ich ihn auch gelöscht...(run,uninstall und software)
nun habe ich nurnoch folgendes problem...

Wenn ich malewarebytes ausführe startet der pc nach ner bestimmten zeit neu (100 pro wegen anti-maleware doctor)
auch r.kill,combofix.exe usw lässt mein pc nicht zu starte ich eins davon kommt ein bluescreen
das der pc aus sicherheitsgründen runtergefahren wurde usw...

hier die olttimer logs.
OTL logfile created on: 20.04.2011 20:59:20 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Downloads\Software
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450,06 Gb Total Space | 63,57 Gb Free Space | 14,13% Space Free | Partition Type: NTFS
Drive D: | 15,67 Gb Total Space | 5,02 Gb Free Space | 32,06% Space Free | Partition Type: FAT32

Computer Name: *** | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011.04.20 20:57:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Downloads\Software\OTL.exe
PRC - [2011.03.30 18:35:51 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.03.17 10:15:04 | 000,842,048 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Pro\DTAgent.exe
PRC - [2011.01.07 22:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.08.27 09:40:40 | 001,178,184 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2010.08.26 13:25:41 | 000,996,936 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\AVKTray\AVKTray.exe
PRC - [2010.08.26 13:25:20 | 001,538,120 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\Firewall\GDFirewallTray.exe
PRC - [2010.08.26 01:41:14 | 001,607,344 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\Firewall\GDFwSvc.exe
PRC - [2010.08.26 01:28:53 | 001,330,792 | ---- | M] () -- C:\Programme\G Data\TotalCare\AVK\AVKWCtl.exe
PRC - [2010.08.26 00:51:59 | 000,340,552 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G Data\GDScan\GDScan.exe
PRC - [2010.07.16 17:32:34 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Programme\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010.04.29 00:28:18 | 003,727,411 | ---- | M] (FreeDownloadManager.ORG) -- C:\Programme\Free Download Manager\fdm.exe
PRC - [2010.03.31 16:06:48 | 000,410,696 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalCare\AVK\AVKService.exe
PRC - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008.12.05 14:07:06 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008.12.05 14:06:42 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe
PRC - [2007.12.17 05:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007.08.03 12:51:18 | 001,422,632 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.08.03 12:51:06 | 000,202,024 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007.01.30 11:37:40 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbmcoms.exe
PRC - [2007.01.11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011.04.20 20:57:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Downloads\Software\OTL.exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- -- (VPRVLD)
SRV - [2011.03.31 14:14:40 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.08.27 09:40:40 | 001,178,184 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2010.08.26 01:41:14 | 001,607,344 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\G Data\TotalCare\Firewall\GDFwSvc.exe -- (GDFwSvc)
SRV - [2010.08.26 01:28:53 | 001,330,792 | ---- | M] () [Auto | Running] -- C:\Programme\G Data\TotalCare\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2010.08.26 00:51:59 | 000,340,552 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2010.05.05 08:26:22 | 000,901,192 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Programme\G Data\TotalCare\AVKBackup\AVKBackupService.exe -- (GDBackupSvc)
SRV - [2010.03.31 16:06:48 | 000,410,696 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\TotalCare\AVK\AVKService.exe -- (AVKService)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.08 02:17:54 | 000,934,984 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Programme\G Data\TotalCare\AVKTuner\AVKTunerService.exe -- (GDTunerSvc)
SRV - [2010.01.12 16:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.12.05 14:07:06 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.12.05 14:06:42 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2007.12.17 05:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007.01.30 11:37:40 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbmcoms.exe -- (lxbm_device)
SRV - [2007.01.11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011.04.19 20:07:32 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.04.15 23:54:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.04.15 23:54:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.01.08 05:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010.11.20 20:46:07 | 000,047,560 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV - [2010.11.18 22:56:15 | 000,062,024 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2010.11.18 22:56:15 | 000,038,856 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2010.11.18 22:56:15 | 000,033,480 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2010.11.12 01:10:50 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.07.31 20:05:33 | 000,029,992 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\GRD.sys -- (GRD)
DRV - [2010.07.31 19:55:59 | 000,040,904 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd)
DRV - [2010.01.18 01:17:17 | 000,081,408 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV86.sys -- (SSHDRV86)
DRV - [2009.12.22 02:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009.08.24 00:55:32 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009.08.13 08:23:02 | 000,022,528 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2008.09.04 07:28:22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.09.04 07:27:54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.09.04 07:27:28 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008.07.28 14:52:06 | 000,272,384 | ---- | M] (1&1 Internet AG) [File_System | System | Running] -- C:\Windows\System32\drivers\ui11rdr.SYS -- (ui11rdr)
DRV - [2007.04.20 19:51:56 | 010,253,056 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp325.sys -- (SNP325) USB PC Camera (SNPSTD325)
DRV - [2005.12.18 14:33:48 | 000,044,416 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dptrackerd.sys -- (dptrackerd)
DRV - [2005.10.13 18:19:12 | 008,701,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2005.01.14 18:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004.12.03 12:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004.10.28 12:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F EA 49 AB F0 96 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: RAWThumbnailViewer@arcsoft.com.cn:2.0.0.11
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.7
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:21.1.10084.997
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: YPlayer@yummy.net:1.0.0.15
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {E0B550C4-3A95-4ED1-B336-AE90E057967A}:1.9.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\RAWThumbnailViewer@arcsoft.com.cn: C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2010.02.11 15:43:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2010.02.11 15:44:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.30 18:35:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.30 18:35:54 | 000,000,000 | ---D | M]

[2010.01.16 23:16:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shorty\AppData\Roaming\mozilla\Extensions
[2011.04.19 20:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shorty\AppData\Roaming\mozilla\Firefox\Profiles\1zieu2wt.default\extensions
[2010.10.26 17:18:18 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Shorty\AppData\Roaming\mozilla\Firefox\Profiles\1zieu2wt.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.01.22 22:03:52 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Shorty\AppData\Roaming\mozilla\Firefox\Profiles\1zieu2wt.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010.05.21 06:09:16 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Shorty\AppData\Roaming\mozilla\Firefox\Profiles\1zieu2wt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.24 10:02:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Shorty\AppData\Roaming\mozilla\Firefox\Profiles\1zieu2wt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.05.31 11:18:10 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Shorty\AppData\Roaming\mozilla\Firefox\Profiles\1zieu2wt.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.09.16 19:00:46 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Shorty\AppData\Roaming\mozilla\Firefox\Profiles\1zieu2wt.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.03.30 19:00:07 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Shorty\AppData\Roaming\mozilla\Firefox\Profiles\1zieu2wt.default\extensions\personas@christopher.beard
[2010.09.16 19:00:42 | 000,003,915 | ---- | M] () -- C:\Users\Shorty\AppData\Roaming\Mozilla\Firefox\Profiles\1zieu2wt.default\searchplugins\sweetim.xml
[2011.03.31 20:07:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.31 19:56:12 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2010.07.25 15:53:08 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.07.26 20:13:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.25 20:11:15 | 000,000,000 | ---D | M] (Yummy Games Player) -- C:\Programme\Mozilla Firefox\extensions\YPlayer@yummy.net
[2010.02.11 15:43:38 | 000,000,000 | ---D | M] ("RAW Thumbnail Viewer") -- C:\PROGRAM FILES\ARCSOFT\RAW THUMBNAIL VIEWER\FIREFOX EXTENSION
[2011.01.22 17:41:27 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION
[2010.07.31 19:56:12 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170633FE}
[2010.07.25 15:53:08 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2010.01.17 15:01:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.07.26 20:13:47 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.25 20:11:15 | 000,000,000 | ---D | M] (Yummy Games Player) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\YPLAYER@YUMMY.NET
[2011.03.30 18:54:54 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\SHORTY\APPDATA\LOCAL\{E0B550C4-3A95-4ED1-B336-AE90E057967A}
[2010.06.22 04:36:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2006.08.09 12:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npWebLaunch.dll
[2011.03.08 17:27:28 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.08 17:27:28 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.08 17:27:28 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.08 17:27:28 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.08 17:27:28 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.04.20 18:58:24 | 000,000,000 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Programme\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (ToolbarBHO Class) - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\Programme\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\TotalCare\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\TotalCare\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKCU..\Run: [Bceyosa] File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON Stylus SX400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: EXIF lesen - C:\Programme\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Shorty\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Shorty\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{177ce340-5b65-11e0-9cc9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{177ce340-5b65-11e0-9cc9-806e6f6e6963}\Shell\AutoRun\command - "" = K:\Setupx.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011.04.20 19:28:52 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011.04.20 18:58:07 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group
[2011.04.20 18:36:23 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.04.20 17:57:00 | 000,000,000 | ---D | C] -- C:\Users\Shorty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
[2011.04.20 17:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[2011.04.20 17:56:58 | 000,000,000 | ---D | C] -- C:\Programme\MagicISO
[2011.04.20 17:49:08 | 000,000,000 | ---D | C] -- C:\Users\Shorty\Desktop\backupwii
[2011.04.19 20:14:20 | 000,000,000 | ---D | C] -- C:\Users\Shorty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2011.04.19 20:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2011.04.19 08:51:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.04.15 23:55:27 | 000,000,000 | ---D | C] -- C:\Users\Shorty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Ericsson
[2011.04.15 23:54:52 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll
[2011.04.15 23:54:52 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2011.04.15 23:54:52 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2011.04.15 23:54:11 | 000,000,000 | ---D | C] -- C:\Programme\Sony Ericsson
[2011.04.13 17:40:51 | 000,000,000 | ---D | C] -- C:\Users\Shorty\Desktop\Liiisaaaas
[2011.04.13 13:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4
[2011.04.13 13:29:56 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.4
[2011.04.11 19:24:31 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2011.04.11 19:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.04.11 17:57:42 | 000,000,000 | ---D | C] -- C:\Users\Shorty\Desktop\SUiKODEN - Komplettlösung
[2011.04.10 18:55:43 | 000,000,000 | ---D | C] -- C:\Users\Shorty\Desktop\Birgit Bewerbungen
[2011.04.10 12:28:03 | 000,000,000 | ---D | C] -- C:\Users\Shorty\Desktop\ff9
[2011.04.08 17:24:55 | 000,000,000 | ---D | C] -- C:\Users\Shorty\Documents\Mein Steuer-Sparbuch Heute
[2011.04.08 17:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2011
[2011.04.08 17:23:43 | 000,000,000 | ---D | C] -- C:\Users\Shorty\AppData\Local\Buhl
[2011.04.08 17:21:04 | 000,000,000 | ---D | C] -- C:\Programme\WISO
[2011.04.08 17:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH
[2011.04.08 17:20:28 | 000,000,000 | ---D | C] -- C:\Users\Shorty\AppData\Local\Buhl Data Service
[2011.04.07 22:44:11 | 000,106,496 | ---- | C] (-) -- C:\Users\Shorty\Desktop\7Sins-v1.0-Plus6-Trainer.exe
[2011.04.07 15:29:44 | 000,000,000 | ---D | C] -- C:\Users\Shorty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Monte Cristo
[2011.04.07 15:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Monte Cristo
[2011.04.07 15:25:41 | 000,000,000 | ---D | C] -- C:\Programme\Monte Cristo
[2011.04.07 14:30:41 | 000,000,000 | ---D | C] -- C:\Users\Shorty\Desktop\wiibackup
[2011.04.07 13:31:28 | 000,000,000 | R--D | C] -- C:\Users\Shorty\Documents\Notes
[2011.04.07 13:27:36 | 000,000,000 | ---D | C] -- C:\Users\Shorty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RapidShare AG
[2011.04.06 23:25:11 | 000,000,000 | ---D | C] -- C:\Users\Shorty\AppData\Local\Ahead
[2011.04.06 23:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8
[2011.04.06 23:24:25 | 000,000,000 | ---D | C] -- C:\Users\Shorty\AppData\Roaming\Nero
[2011.04.06 23:16:06 | 000,000,000 | ---D | C] -- C:\Users\Shorty\Documents\Alcohol 120%
[2011.04.06 22:50:33 | 000,000,000 | ---D | C] -- C:\Users\Shorty\Desktop\ps2
[2011.04.06 19:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader
[2011.04.06 19:57:55 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader
[2011.04.01 20:34:30 | 000,000,000 | -HSD | C] -- C:\#GDATA.Trash.Store#
[2011.04.01 11:54:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011.03.31 20:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.03.31 09:05:41 | 000,000,000 | ---D | C] -- C:\Programme\Alcohol Soft
[2011.03.30 18:54:54 | 000,000,000 | ---D | C] -- C:\Users\Shorty\AppData\Local\{E0B550C4-3A95-4ED1-B336-AE90E057967A}
[2010.02.05 00:48:33 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\rsnp325.dll
[2010.02.05 00:48:33 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnp325.dll
[2010.02.05 00:48:33 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll
[2007.01.30 13:37:44 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbmih.exe
[2007.01.30 13:37:40 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbmcoms.exe
[2007.01.30 13:37:38 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbmcfg.exe
[2006.12.20 20:08:22 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbmpmui.dll
[2006.12.20 20:06:56 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbmserv.dll
[2006.12.20 20:01:02 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbmcomm.dll
[2006.12.20 19:59:22 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbmlmpm.dll
[2006.12.20 19:58:02 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbmiesc.dll
[2006.12.20 19:55:40 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbmpplc.dll
[2006.12.20 19:54:52 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbmcomc.dll
[2006.12.20 19:54:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbmprox.dll
[2006.12.20 19:47:30 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbminpa.dll
[2006.12.20 19:46:50 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbmusb1.dll
[2006.12.20 19:42:34 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbmhbn3.dll
[2005.09.13 01:45:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2004.02.16 21:59:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011.04.20 21:00:41 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.20 21:00:41 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.20 20:53:23 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.20 20:53:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.20 20:53:05 | 344,522,623 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.20 20:53:04 | 2414,485,504 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.20 20:44:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.20 20:43:01 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3247729353-18491574-2113395355-1001UA.job
[2011.04.20 19:26:31 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.20 18:58:24 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.04.20 17:57:01 | 000,001,769 | ---- | M] () -- C:\Users\Shorty\Desktop\MagicISO.lnk
[2011.04.20 17:54:01 | 000,001,050 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2011.04.20 17:48:20 | 000,000,120 | ---- | M] () -- C:\Users\Shorty\AppData\Local\Qsehagiqini.dat
[2011.04.20 15:01:44 | 000,000,000 | ---- | M] () -- C:\Users\Shorty\AppData\Local\Ntewu.bin
[2011.04.19 23:25:13 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3247729353-18491574-2113395355-1001Core.job
[2011.04.19 20:28:24 | 000,001,604 | ---- | M] () -- C:\Users\Shorty\Desktop\Daemon Tools.lnk
[2011.04.19 20:10:00 | 000,001,586 | ---- | M] () -- C:\Users\Shorty\Desktop\WinSetupFromUSB.lnk
[2011.04.19 20:08:58 | 000,707,062 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.19 20:08:58 | 000,660,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.19 20:08:58 | 000,152,548 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.19 20:08:58 | 000,124,744 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.16 12:26:00 | 000,004,358 | ---- | M] () -- C:\Users\Shorty\Desktop\klingel001.png
[2011.04.15 23:59:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2011.04.15 23:59:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2011.04.15 23:55:27 | 000,001,219 | ---- | M] () -- C:\Users\Shorty\Desktop\Update Service.lnk
[2011.04.15 23:54:52 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll
[2011.04.15 23:54:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2011.04.15 23:54:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2011.04.15 12:03:40 | 000,262,144 | ---- | M] () -- C:\Windows\System32\€
[2011.04.13 19:53:17 | 000,000,600 | ---- | M] () -- C:\Users\Shorty\AppData\Roaming\winscp.rnd
[2011.04.13 17:41:40 | 000,113,604 | ---- | M] () -- C:\Users\Public\Documents\League of Legends spielen .lnk
[2011.04.13 13:30:37 | 000,001,770 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.4.lnk
[2011.04.12 11:26:34 | 000,001,720 | ---- | M] () -- C:\Users\Shorty\Desktop\League of Legends spielen .lnk
[2011.04.10 13:07:02 | 000,000,625 | ---- | M] () -- C:\Users\Shorty\Desktop\Final Fantasy IX PCSX.lnk
[2011.04.08 17:24:33 | 000,000,080 | ---- | M] () -- C:\Windows\wiso.ini
[2011.04.08 17:24:05 | 000,002,085 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2011.04.08 17:24:04 | 000,002,051 | ---- | M] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2011.lnk
[2011.04.07 15:32:29 | 000,001,153 | ---- | M] () -- C:\Users\Shorty\Desktop\7 Sins.lnk
[2011.04.07 13:27:40 | 000,002,862 | ---- | M] () -- C:\Users\Shorty\Desktop\RapidShare Manager.lnk
[2011.04.07 11:10:47 | 000,066,353 | ---- | M] () -- C:\Users\Shorty\Desktop\test.rpc
[2011.04.06 23:24:59 | 000,002,721 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2011.04.06 23:24:59 | 000,002,623 | ---- | M] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2011.04.06 23:22:23 | 000,000,292 | ---- | M] () -- C:\Users\Shorty\Documents\ax_files.xml
[2011.04.06 22:50:22 | 000,004,544 | ---- | M] () -- C:\Users\Shorty\Desktop\d.jnt
[2011.04.06 19:58:08 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2011.04.01 20:34:08 | 000,524,288 | -HS- | M] () -- C:\Windows\System32\€{33c7710a-5c8c-11e0-af96-001d92b5bb91}.TMContainer00000000000000000002.regtrans-ms
[2011.04.01 20:34:08 | 000,524,288 | -HS- | M] () -- C:\Windows\System32\€{33c7710a-5c8c-11e0-af96-001d92b5bb91}.TMContainer00000000000000000001.regtrans-ms
[2011.04.01 20:34:08 | 000,065,536 | -HS- | M] () -- C:\Windows\System32\€{33c7710a-5c8c-11e0-af96-001d92b5bb91}.TM.blf
[2011.04.01 20:34:07 | 000,524,288 | -HS- | M] () -- C:\Windows\System32\€{33c77106-5c8c-11e0-af96-001d92b5bb91}.TMContainer00000000000000000002.regtrans-ms
[2011.04.01 20:34:07 | 000,524,288 | -HS- | M] () -- C:\Windows\System32\€{33c77106-5c8c-11e0-af96-001d92b5bb91}.TMContainer00000000000000000001.regtrans-ms
[2011.04.01 20:34:07 | 000,065,536 | -HS- | M] () -- C:\Windows\System32\€{33c77106-5c8c-11e0-af96-001d92b5bb91}.TM.blf
[2011.04.01 12:46:07 | 000,415,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.01 11:55:38 | 000,002,057 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2011.04.01 11:55:03 | 000,000,020 | ---- | M] () -- C:\Windows\ ø˜
[2011.03.31 20:29:18 | 000,023,452 | ---- | M] () -- C:\Users\Public\Documents\cc_20110331_202903.reg
[2011.03.31 20:21:31 | 000,000,022 | -HS- | M] () -- C:\Windows\System5537 Data.Repository
[2011.03.31 20:21:31 | 000,000,022 | -HS- | M] () -- C:\Users\Shorty\AppData\Roaming\Sys2662.Config.Repository.bin
[2011.03.31 08:53:37 | 000,497,047 | ---- | M] () -- C:\Users\Shorty\Desktop\cnc.generals.zh.mini-image.by.schluepfer.rar
[2011.03.28 12:39:16 | 000,001,916 | ---- | M] () -- C:\Windows\eReg.dat
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011.04.20 19:30:04 | 344,522,623 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.04.20 17:57:00 | 000,001,769 | ---- | C] () -- C:\Users\Shorty\Desktop\MagicISO.lnk
[2011.04.19 20:28:24 | 000,001,604 | ---- | C] () -- C:\Users\Shorty\Desktop\Daemon Tools.lnk
[2011.04.19 20:10:00 | 000,001,586 | ---- | C] () -- C:\Users\Shorty\Desktop\WinSetupFromUSB.lnk
[2011.04.19 20:07:33 | 000,001,050 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2011.04.16 12:25:59 | 000,004,358 | ---- | C] () -- C:\Users\Shorty\Desktop\klingel001.png
[2011.04.15 23:59:31 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2011.04.15 23:59:31 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2011.04.15 23:55:27 | 000,001,219 | ---- | C] () -- C:\Users\Shorty\Desktop\Update Service.lnk
[2011.04.13 17:41:39 | 000,113,604 | ---- | C] () -- C:\Users\Public\Documents\League of Legends spielen .lnk
[2011.04.13 13:30:37 | 000,001,770 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.4.lnk
[2011.04.12 11:26:34 | 000,001,720 | ---- | C] () -- C:\Users\Shorty\Desktop\League of Legends spielen .lnk
[2011.04.10 10:37:26 | 000,000,625 | ---- | C] () -- C:\Users\Shorty\Desktop\Final Fantasy IX PCSX.lnk
[2011.04.08 17:24:30 | 000,000,080 | ---- | C] () -- C:\Windows\wiso.ini
[2011.04.08 17:24:04 | 000,002,085 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2011.04.08 17:24:04 | 000,002,051 | ---- | C] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2011.lnk
[2011.04.07 15:32:29 | 000,001,153 | ---- | C] () -- C:\Users\Shorty\Desktop\7 Sins.lnk
[2011.04.07 13:27:40 | 000,002,862 | ---- | C] () -- C:\Users\Shorty\Desktop\RapidShare Manager.lnk
[2011.04.07 11:10:44 | 000,066,353 | ---- | C] () -- C:\Users\Shorty\Desktop\test.rpc
[2011.04.06 23:24:59 | 000,002,721 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2011.04.06 23:24:58 | 000,002,623 | ---- | C] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2011.04.06 23:22:23 | 000,000,292 | ---- | C] () -- C:\Users\Shorty\Documents\ax_files.xml
[2011.04.06 22:50:22 | 000,004,544 | ---- | C] () -- C:\Users\Shorty\Desktop\d.jnt
[2011.04.06 19:58:08 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2011.04.01 20:34:08 | 000,524,288 | -HS- | C] () -- C:\Windows\System32\€{33c7710a-5c8c-11e0-af96-001d92b5bb91}.TMContainer00000000000000000002.regtrans-ms
[2011.04.01 20:34:08 | 000,524,288 | -HS- | C] () -- C:\Windows\System32\€{33c7710a-5c8c-11e0-af96-001d92b5bb91}.TMContainer00000000000000000001.regtrans-ms
[2011.04.01 20:34:08 | 000,065,536 | -HS- | C] () -- C:\Windows\System32\€{33c7710a-5c8c-11e0-af96-001d92b5bb91}.TM.blf
[2011.04.01 20:34:07 | 000,524,288 | -HS- | C] () -- C:\Windows\System32\€{33c77106-5c8c-11e0-af96-001d92b5bb91}.TMContainer00000000000000000002.regtrans-ms
[2011.04.01 20:34:07 | 000,524,288 | -HS- | C] () -- C:\Windows\System32\€{33c77106-5c8c-11e0-af96-001d92b5bb91}.TMContainer00000000000000000001.regtrans-ms
[2011.04.01 20:34:07 | 000,262,144 | ---- | C] () -- C:\Windows\System32\€
[2011.04.01 20:34:07 | 000,065,536 | -HS- | C] () -- C:\Windows\System32\€{33c77106-5c8c-11e0-af96-001d92b5bb91}.TM.blf
[2011.04.01 11:55:02 | 000,000,020 | ---- | C] () -- C:\Windows\ ø˜
[2011.03.31 20:29:06 | 000,023,452 | ---- | C] () -- C:\Users\Public\Documents\cc_20110331_202903.reg
[2011.03.31 20:21:31 | 000,000,022 | -HS- | C] () -- C:\Windows\System5537 Data.Repository
[2011.03.31 20:21:31 | 000,000,022 | -HS- | C] () -- C:\Users\Shorty\AppData\Roaming\Sys2662.Config.Repository.bin
[2011.03.31 20:19:51 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.03.31 08:58:40 | 001,919,232 | ---- | C] () -- C:\Users\Shorty\Desktop\c&c.generals.zh.mini-image.by.schluepfer.mdf
[2011.03.31 08:58:40 | 000,000,486 | ---- | C] () -- C:\Users\Shorty\Desktop\c&c.generals.zh.mini-image.by.schluepfer.mds
[2011.03.31 08:58:40 | 000,000,454 | ---- | C] () -- C:\Users\Shorty\Desktop\instructions.by.schluepfer.nfo
[2011.03.31 08:53:37 | 000,497,047 | ---- | C] () -- C:\Users\Shorty\Desktop\cnc.generals.zh.mini-image.by.schluepfer.rar
[2011.03.30 18:54:55 | 000,000,120 | ---- | C] () -- C:\Users\Shorty\AppData\Local\Qsehagiqini.dat
[2011.03.30 18:54:55 | 000,000,000 | ---- | C] () -- C:\Users\Shorty\AppData\Local\Ntewu.bin
[2011.03.10 15:45:56 | 000,138,056 | ---- | C] () -- C:\Users\Shorty\AppData\Roaming\PnkBstrK.sys
[2011.03.10 15:37:35 | 003,360,624 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010.11.25 20:11:05 | 000,352,648 | ---- | C] () -- C:\Windows\System32\SysCheck2.dll
[2010.08.24 23:37:40 | 000,000,055 | ---- | C] () -- C:\Windows\cryavitompeg.ini
[2010.08.24 23:35:10 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySavitompeg.dat
[2010.08.13 00:20:26 | 000,083,968 | ---- | C] () -- C:\Windows\UnGins.exe
[2010.08.13 00:19:32 | 000,237,568 | ---- | C] () -- C:\Windows\System32\Unlha32.dll
[2010.08.13 00:19:31 | 000,473,600 | ---- | C] () -- C:\Windows\System32\Harmony.dll
[2010.08.04 22:34:02 | 000,000,600 | ---- | C] () -- C:\Users\Shorty\AppData\Local\PUTTY.RND
[2010.07.29 23:56:51 | 000,000,600 | ---- | C] () -- C:\Users\Shorty\AppData\Roaming\winscp.rnd
[2010.07.25 15:54:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.23 14:21:19 | 000,983,352 | ---- | C] () -- C:\Windows\Border Defense Uninstaller.exe
[2010.05.13 23:17:24 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2010.04.21 17:19:59 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2010.04.14 13:51:00 | 000,007,597 | ---- | C] () -- C:\Users\Shorty\AppData\Local\Resmon.ResmonCfg
[2010.03.23 21:58:50 | 000,000,119 | ---- | C] () -- C:\Windows\bfe_prog.ini
[2010.02.22 19:19:07 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.02.22 19:19:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.02.22 19:19:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.02.22 19:19:07 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.02.22 19:19:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.02.07 03:38:46 | 000,001,916 | ---- | C] () -- C:\Windows\eReg.dat
[2010.02.06 20:45:19 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.02.06 20:24:02 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.02.06 20:23:42 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.02.06 16:51:25 | 000,000,094 | ---- | C] () -- C:\Users\Shorty\AppData\Local\fusioncache.dat
[2010.02.05 01:15:08 | 001,053,056 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys
[2010.02.05 00:48:35 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2010.02.05 00:48:34 | 000,827,392 | ---- | C] () -- C:\Windows\vsnp325.exe
[2010.02.05 00:48:34 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe
[2010.02.05 00:48:34 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini
[2010.01.19 17:13:36 | 000,000,092 | ---- | C] () -- C:\Windows\Lexstat.ini
[2010.01.18 01:17:17 | 000,081,408 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV86.sys
[2009.07.14 10:47:43 | 000,707,062 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,152,548 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,415,208 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,660,658 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,124,744 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.14 00:09:20 | 002,342,400 | ---- | C] () -- C:\Windows\System32\atidxx32.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.01.29 08:16:20 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbmutil.dll
[2007.01.22 11:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbmcoin.dll
[2005.10.25 16:51:16 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbmvs.dll
[2005.10.13 18:19:12 | 008,701,824 | ---- | C] () -- C:\Windows\System32\drivers\snpstd3.sys
[2005.09.05 23:55:08 | 000,339,968 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2004.02.28 01:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini

[color=#E56717]========== LOP Check ==========[/color]

[2010.06.11 21:15:56 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\1&1
[2010.08.24 23:38:42 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\4Media
[2011.03.15 15:41:49 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\AtomZombieDemoData
[2010.02.05 03:13:06 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\CamTrack
[2010.01.17 13:48:09 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\DAEMON Tools
[2011.04.19 20:31:21 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\DAEMON Tools Pro
[2010.05.21 06:09:16 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.12 19:03:40 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\EA
[2010.07.08 21:13:26 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Eqoww
[2011.04.20 21:10:09 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Free Download Manager
[2010.11.15 15:39:15 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\geany
[2010.11.15 15:39:10 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\gtk-2.0
[2011.04.18 13:37:04 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\ICQ
[2010.01.27 14:00:49 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\LG Electronics
[2011.03.11 17:24:08 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\LolClient
[2010.04.27 18:52:05 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\MySQL
[2011.04.01 20:34:32 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Nivoa
[2011.03.08 18:01:46 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\PCFix
[2011.01.02 14:38:25 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\PhotoScape
[2010.08.25 23:49:50 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\PMS
[2010.07.28 18:50:00 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Subversion
[2010.07.15 17:21:11 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\TeamViewer
[2011.03.31 20:27:57 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\TS3Client
[2011.03.13 15:57:38 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\TuneUp Software
[2010.12.12 16:22:45 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Turbine
[2011.03.08 17:59:15 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Uniblue
[2011.01.09 21:57:12 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\Utherverse
[2010.06.23 14:24:25 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\ValuSoft
[2010.02.05 01:15:45 | 000,000,000 | ---D | M] -- C:\Users\Shorty\AppData\Roaming\WebcamMax
[2011.04.20 21:03:58 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP;)FC5A2B2

< End of report >

Anhang: OTL.Txt
Seitenanfang Seitenende
20.04.2011, 21:23
...neu hier

Themenstarter

Beiträge: 8
#2 extra.exe
sry man kann ja nur 1. anhang angeben :p


Hoffe mir kann jemand helfen....

MFG
Timo ;)

Anhang: Extras.Txt
Seitenanfang Seitenende
22.04.2011, 22:55
Moderator

Beiträge: 5694
#3 Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.


• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.


Vista und Win7 User:

Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1


Schritt 1

Rkill anwenden


• Download rkill.com auf den Desktop Desktop.
• Starte per Doppelklick rkill.com und führe das Programm aus (kann etwas dauern)…
• Am Ende wird das schwarze Fenster von rkill.com automatisch geschlossen.
• Wenn eine Meldung von Deiner Sicherheitslösung kommt rkill.com sei Malware, erlaube rkill.com als „Ausnahme“.
• Bitte poste mir das Logfile.


Schritt 2

Malwarebytes Anti-Malware

Lade MBAM herunter, installiere es und wähle bei Reiter:

-> “Update“> “Suche nach Aktualisierungen“
-> “Einstellungen“> “Beende Internet Explorer während des Löschvorgangs“
-> “Scanner”> "Quickscan durchfuehren".

Wenn am Ende Infizierungen gefunden werden, diese anhaken und entfernen lassen. Starte dein Rechner neu
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: