[IMPORTANT] Bzgl. aktueller Virenverseuchung durch Aless[HELP]

Page 2 of 3

07/18/2011 20:09 BlackLegend�#16

Alle Clean die schritte @ Topic befolgen dann wird alles gut :P

07/18/2011 20:19 Grape�#17

Noch ein kleiner Tipp :

Editiert in euren Scans eure pers�nlichen Daten wie Computername etc.

07/18/2011 20:32 killah7x#18

OTL logfile created on: 18.07.2011 20:25:44 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Marek\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,75 Gb Total Physical Memory | 3,43 Gb Available Physical Memory | 44,28% Memory free
15,50 Gb Paging File | 12,16 Gb Available in Paging File | 78,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290,78 Gb Total Space | 69,99 Gb Free Space | 24,07% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 596,06 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive E: | 290,74 Gb Total Space | 290,64 Gb Free Space | 99,97% Space Free | Partition Type: NTFS

Computer Name: MAREK-PC | User Name: Marek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Marek\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe (IObit)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe ()
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-unity-helper.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmplayer.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

========== Modules (SafeList) ==========

MOD - C:\Users\Marek\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420f e3fa2b8113bd\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AdvancedSystemCareService) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe (IObit)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (D-Link Wireless N DWA-140_WPS) -- C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe ()
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\Dnetr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (RTL85n64) -- C:\Windows\SysNative\drivers\RTL85n64.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (Ph3xIB64) -- C:\Windows\SysNative\drivers\Ph3xIB64.sys (NXP Semiconductors)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (anodlwf) -- C:\Windows\SysNative\drivers\anodlwfx.sys ()
DRV:64bit: - (skfiltv) -- C:\Windows\SysNative\drivers\skfiltv.sys (Creative Technology Ltd.)
DRV:64bit: - (s217mdm) -- C:\Windows\SysNative\drivers\s217mdm.sys (MCCI Corporation)
DRV:64bit: - (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) -- C:\Windows\SysNative\drivers\s217unic.sys (MCCI)
DRV:64bit: - (s217obex) -- C:\Windows\SysNative\drivers\s217obex.sys (MCCI Corporation)
DRV:64bit: - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\Windows\SysNative\drivers\s217bus.sys (MCCI Corporation)
DRV:64bit: - (s217mdfl) -- C:\Windows\SysNative\drivers\s217mdfl.sys (MCCI Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Only registered and activated users can see links. Click Here To Register...]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Only registered and activated users can see links. Click Here To Register...]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F 1A E0 EA DC 8F CB 01 [binary data]
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.23 08:32:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.17 02:37:20 | 000,000,000 | ---D | M]

[2010.11.20 20:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marek\AppData\Roaming\mozilla\Extensions
[2011.06.05 10:14:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marek\AppData\Roaming\mozilla\Firefox\Pro files\sfsvm14y.default\extensions
[2010.12.22 18:26:54 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\Marek\AppData\Roaming\mozilla\Firefox\Pro files\sfsvm14y.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2011.07.18 00:08:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\MAREK\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\SFSVM14Y.DEFAULT\EXTENSIONS\[Only registered and activated users can see links. Click Here To Register...].X PI
[2011.06.23 08:32:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.07.17 02:37:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.08 20:35:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.08 20:35:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.05.08 20:35:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.08 20:35:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.08 20:35:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.08 20:35:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [Microsoft � Coperation 2007] C:\Users\Administrator\AppData\Roaming\Microsoft\W indows\Templates\explorer.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Microsoft � Coperation 2007] C:\Users\Marek\AppData\Roaming\Microsoft\Windows\T emplates\explorer.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Only registered and activated users can see links. Click Here To Register...] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3d42b84d-73e2-11e0-b12c-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{3d42b84d-73e2-11e0-b12c-005056c00008}\Shell\AutoRun\command - "" = K:\pushinst.exe
O33 - MountPoints2\{60990997-476f-11e0-8960-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{60990997-476f-11e0-8960-005056c00008}\Shell\AutoRun\command - "" = K:\Install.exe
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.07.18 20:24:19 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Marek\Desktop\OTL.exe
[2011.07.18 20:23:27 | 000,000,000 | ---D | C] -- C:\Users\Marek\AppData\Roaming\Malwarebytes
[2011.07.18 20:23:05 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.07.18 20:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.18 20:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.18 20:23:01 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.07.18 20:23:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.07.18 20:22:43 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Marek\Desktop\mbam-setup-1.51.1.1800.exe
[2011.07.17 23:09:18 | 000,106,488 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2011.07.17 23:00:42 | 000,058,584 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2011.07.17 23:00:10 | 000,110,456 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2011.07.17 23:00:10 | 000,050,040 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2011.07.17 23:00:09 | 000,063,864 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2011.07.17 22:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2011.07.17 22:20:16 | 000,152,064 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\explorer.exe
[2011.07.17 22:19:43 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\taskshow.exe
[2011.07.17 02:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.07.17 02:37:20 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.07.17 01:39:37 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011.07.17 01:39:37 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011.07.17 01:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster
[2011.07.17 01:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011.07.17 01:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4
[2011.07.17 01:19:15 | 000,000,000 | ---D | C] -- C:\Users\Marek\AppData\Roaming\IObit
[2011.07.17 01:19:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2011.07.13 16:30:06 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011.07.13 16:30:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.13 16:30:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.13 16:30:04 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011.07.13 16:30:04 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011.07.13 16:30:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011.07.13 16:30:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011.07.13 16:30:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011.07.13 16:30:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011.07.13 16:30:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011.07.13 16:30:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011.07.13 16:30:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.07.13 16:30:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.07.13 16:30:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011.07.13 16:30:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011.07.13 16:30:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011.07.13 16:30:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011.07.13 16:30:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011.07.13 16:30:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011.07.13 16:30:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011.07.13 16:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011.07.13 16:29:58 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011.07.13 16:29:58 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011.07.13 16:29:58 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011.07.13 16:29:58 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.07.13 16:29:57 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011.07.13 16:29:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011.07.13 16:29:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011.07.13 16:29:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011.07.13 16:29:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011.07.13 16:29:56 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011.07.13 16:29:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011.07.13 16:29:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011.07.10 13:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.07.10 13:03:00 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2011.07.10 13:03:00 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2011.07.10 13:03:00 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011.07.10 13:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.07.10 13:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.07.10 13:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011.07.10 13:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.07.10 13:01:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011.07.10 13:01:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011.07.10 13:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011.07.10 13:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.07.10 13:01:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011.07.05 21:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.07.05 21:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011.07.05 21:41:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011.07.05 21:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.07.05 21:40:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011.07.05 21:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011.07.05 21:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011.07.05 21:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
[2011.07.05 21:05:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2011.07.05 21:04:26 | 000,000,000 | ---D | C] -- C:\Users\Marek\AppData\Local\Downloaded Installations
[2011.07.05 19:38:07 | 000,000,000 | ---D | C] -- C:\Users\Marek\AppData\Local\{D6533A39-3063-4C0F-8FFC-622E2F79DC30}
[2011.06.29 16:19:48 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011.06.29 16:19:48 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011.06.29 16:19:42 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011.06.29 16:19:42 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011.06.29 16:19:42 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011.06.29 16:19:41 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011.06.29 16:19:41 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011.06.29 16:19:41 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011.06.29 16:19:41 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011.06.29 16:19:41 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011.06.29 16:19:41 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011.06.29 16:19:41 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011.06.29 16:19:41 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2011.06.29 16:19:41 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011.06.29 16:19:41 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011.06.29 16:19:41 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011.06.27 11:29:55 | 000,000,000 | ---D | C] -- C:\Users\Marek\AppData\Local\{071B6C9D-399F-4D90-87EB-6B9945578A54}
[2011.06.26 21:37:35 | 000,000,000 | ---D | C] -- C:\Users\Marek\AppData\Local\{E1D4AAE1-0BD4-4C06-A935-6841126D69AC}
[2011.06.26 13:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link
[2011.06.26 13:42:47 | 001,119,072 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\Dnetr28ux.sys
[2011.06.26 13:42:47 | 000,326,432 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2011.06.26 13:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\D-Link
[2011.06.26 13:42:37 | 000,000,000 | ---D | C] -- C:\Users\Marek\AppData\Roaming\InstallShield
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.07.18 20:24:20 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Marek\Desktop\OTL.exe
[2011.07.18 20:23:05 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.18 20:22:47 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Marek\Desktop\mbam-setup-1.51.1.1800.exe
[2011.07.18 19:48:49 | 000,000,680 | RHS- | M] () -- C:\Users\Marek\ntuser.pol
[2011.07.18 19:39:24 | 000,025,328 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.18 19:39:24 | 000,025,328 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.18 19:34:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.18 19:34:08 | 1945,509,887 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.17 23:09:18 | 000,106,488 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2011.07.17 23:07:43 | 000,110,456 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2011.07.17 23:07:43 | 000,063,864 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2011.07.17 23:07:43 | 000,050,040 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2011.07.17 23:00:42 | 000,058,584 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2011.07.17 22:20:15 | 000,152,064 | -H-- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\explorer.exe
[2011.07.17 22:20:15 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\taskshow.exe
[2011.07.17 14:15:52 | 001,650,634 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.07.17 14:15:52 | 000,710,076 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.07.17 14:15:52 | 000,663,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.07.17 14:15:52 | 000,154,194 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.07.17 14:15:52 | 000,126,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.07.17 03:23:35 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.07.17 03:21:23 | 000,001,649 | ---- | M] () -- C:\Users\Marek\Desktop\War Rock.lnk
[2011.07.17 02:37:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.07.17 01:39:37 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011.07.17 01:39:37 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011.07.17 01:19:18 | 000,001,230 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 4.lnk
[2011.07.13 16:44:12 | 000,289,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.07.11 22:15:05 | 000,000,770 | ---- | M] () -- C:\Users\Marek\SciTE.session
[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.07.06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.07.02 13:48:14 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.07.02 13:48:14 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.07.01 21:04:14 | 001,940,056 | ---- | M] () -- C:\Users\Marek\Documents\items.bin
[2011.06.27 22:38:02 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.06.27 14:09:33 | 000,004,049 | ---- | M] () -- C:\Users\Marek\Documents\n1x.wlmp
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.07.18 20:23:05 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.17 03:23:35 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.07.17 03:21:23 | 000,001,649 | ---- | C] () -- C:\Users\Marek\Desktop\War Rock.lnk
[2011.07.17 01:19:18 | 000,001,230 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 4.lnk
[2011.07.10 13:01:40 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.07.02 23:05:49 | 001,940,056 | ---- | C] () -- C:\Users\Marek\Documents\items.bin
[2011.06.27 14:09:33 | 000,004,049 | ---- | C] () -- C:\Users\Marek\Documents\n1x.wlmp
[2011.06.26 13:43:40 | 000,302,080 | ---- | C] () -- C:\Windows\lwd.exe
[2011.06.26 13:42:47 | 000,015,872 | ---- | C] () -- C:\Windows\SysNative\drivers\anodlwfx.sys
[2011.06.26 13:42:47 | 000,014,051 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.04.08 13:28:58 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.03.06 01:18:02 | 000,007,679 | ---- | C] () -- C:\Users\Marek\AppData\Local\Resmon.ResmonCfg
[2011.01.29 20:41:20 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.12.05 21:41:44 | 000,000,520 | ---- | C] () -- C:\Windows\SysWow64\drivers\RTEQEX0.DAT
[2010.12.05 21:41:44 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\drivers\RTKHDAUD.DAT
[2010.11.20 22:21:02 | 001,662,682 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.20 19:51:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.09.17 20:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.09.19 03:49:26 | 000,001,209 | R--- | C] () -- C:\Windows\skSPcfg.ini
[2008.09.19 02:49:24 | 000,000,381 | R--- | C] () -- C:\Windows\skMCcfg.ini

< End of report >

07/18/2011 20:50 bares#19

hey,

wie weis ich ob ich betroffen bin? bzw. was hat den virus verbreitet?

thx schonmal

07/18/2011 20:53 ghost�#20

blacklegend nixs gegen dich aber im der shoutbox vom sirosix vip hack schreibst du kiddyepvp und scheis flamer epvp etc
wieso hilfst du uns dann ???

07/18/2011 20:53 .noname'#21

Quote:

Originally Posted by bares

hey,

wie weis ich ob ich betroffen bin? bzw. was hat den virus verbreitet?

thx schonmal

befolge das was blacklegend gemacht und "Aless" hat den Virus verbreitet

07/18/2011 21:09 ☞☢Atomic☢☜#22

Betroffen ? [IMG][Only registered and activated users can see links. Click Here To Register...]

OTL.txt

Spoiler

Ist da was Falsch ?

Bin ich Infiziert ?

07/18/2011 21:09 bares#23

hab noch nie was von diesem Aless geh�rt. hab aber einige hacks die letzen tage runtergeladen, auch von denen, die betroffen sein sollen. sprich: ich hab den virus?

07/18/2011 21:13 Diablo_#24

Hi an alle,

es ist sch�n, dass es jetzt solche Threads gibt aber alle die infiziert sind sollten neu aufsetzen.

Alles andere hat in diesem Fall keinen Sinn, glaubt mir.

Gr��e

07/18/2011 21:13 ☞☢Atomic☢☜#25

Quote:

Originally Posted by bares

hab noch nie was von diesem Aless geh�rt. hab aber einige hacks die letzen tage runtergeladen, auch von denen, die betroffen sein sollen. sprich: ich hab den virus?

Ja man die ganze scheiss WarRock Sektion.

07/18/2011 21:18 bares#26

@Diablo
was meinst mit neu aufsetzen?

07/18/2011 21:23 ☞☢Atomic☢☜#27

Quote:

Originally Posted by bares

@Diablo
was meinst mit neu aufsetzen?

Windows Neu instalieren , schreibt er mir in Skype.

07/18/2011 21:29 IceVisionzX#28

Wieder und wieder und wieder, alees wird nie aush�ren und geh�rt gebannt.
es ist wahr und black w�rde keine viren verbreiten

07/18/2011 21:43 ☞☢Atomic☢☜#29

AN alle die Windows 7 Home Premium haben ( Da gehts ganz Sicher ) Unter Systemeinstellungen -> Kategorie : Gro�e/Kleine Symbole -> Wiederherstellung -> Erweiterte Wiederherstellungsm�glichkeiten -> w�hlt aus " Auf Werkseinstellungen zur�cksetzen ". Das wird helfen.

07/18/2011 21:50 Bonrax#30

Nein!

Dort wird nur das system auf "Werkeinstellungen" gestelt! Der Virus auf der Festplatte bleibt!

Page 2 of 3