|
Log-Analyse und Auswertung: Systray .exe stub - Virus?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.10.2011, 14:18 | #1 |
| Systray .exe stub - Virus? Grüßt euch. Beim letzten Start hat Windows richtig lang zum starten benötigt. Im Taskmanager befinden sich abgefahrene Einträge wie Systray .exe stub TSTheme.exe und 4 oder 5 rundll32.exe's Mein OTL-Log OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.10.2011 14:28:01 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Marv\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,40% Memory free 6,00 Gb Paging File | 4,61 Gb Available in Paging File | 76,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 457,64 Gb Total Space | 13,15 Gb Free Space | 2,87% Space Free | Partition Type: NTFS Drive D: | 8,12 Gb Total Space | 1,01 Gb Free Space | 12,44% Space Free | Partition Type: NTFS Drive E: | 319,11 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MARV-PC | User Name: Marv | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.10.09 14:18:49 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Users\Marv\AppData\Local\Temp\zB81959.exe PRC - [2011.10.09 14:03:28 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Marv\Desktop\OTL.exe PRC - [2011.08.23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011.04.21 07:52:36 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Tools\TeamViewer\TeamViewer_Service.exe PRC - [2010.09.01 06:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2010.06.23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe PRC - [2010.06.23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2010.05.14 10:32:30 | 001,479,680 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe PRC - [2010.05.11 11:51:52 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsTray.exe PRC - [2010.04.10 21:01:20 | 000,623,984 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe PRC - [2010.03.26 21:00:32 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.01.22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe PRC - [2010.01.11 22:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.01.10 14:39:30 | 001,212,592 | ---- | M] (FSPro Labs) -- C:\Tools\My Lockbox\mylbx.exe PRC - [2010.01.06 17:23:32 | 000,142,648 | ---- | M] (FSPro Labs) -- C:\Windows\SysWOW64\fsproflt.exe PRC - [2009.10.27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2009.07.14 03:14:42 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\TSTheme.exe ========== Modules (No Company Name) ========== MOD - [2008.08.12 11:16:16 | 002,023,424 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll MOD - [2008.07.29 14:47:56 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll MOD - [2008.07.29 14:47:38 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll MOD - [2008.07.29 14:11:18 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll MOD - [2008.07.29 14:01:12 | 007,331,840 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll MOD - [2008.07.29 13:50:26 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.08.22 23:30:40 | 000,030,208 | ---- | M] (SoftwareForMe Inc) [Auto | Running] -- C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe -- (PhoneMyPC_Helper) SRV:64bit: - [2010.02.10 17:24:54 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.10.07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.08.04 14:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.08.02 14:02:17 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.04.21 07:52:36 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Tools\TeamViewer\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.06.23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.04.10 21:01:20 | 000,623,984 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2010.03.26 21:00:32 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService) SRV - [2010.03.11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService) SRV - [2010.01.22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2010.01.11 22:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.01.06 17:23:32 | 000,142,648 | ---- | M] (FSPro Labs) [Auto | Running] -- C:\Windows\SysWOW64\fsproflt.exe -- (fsproflt) SRV - [2009.12.23 23:58:57 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.07.26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.06.17 12:35:49 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.06.17 12:35:49 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.30 18:07:06 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2010.05.15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2010.04.19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.04.10 20:47:36 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV:64bit: - [2010.03.29 10:06:06 | 000,233,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore) DRV:64bit: - [2010.02.26 14:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt) DRV:64bit: - [2010.02.26 14:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2010.02.26 14:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64) DRV:64bit: - [2010.02.26 14:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2010.02.10 17:47:56 | 006,377,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.02.10 16:31:26 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.01.28 09:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.01.02 23:25:34 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.01.02 23:25:33 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2009.12.16 19:25:00 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.11.23 18:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.10.07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2009.10.07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2009.09.23 10:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2009.06.10 22:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Intel(R) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.01 01:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2009.05.01 00:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI) DRV:64bit: - [2009.05.01 00:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64) DRV:64bit: - [2009.01.08 00:38:18 | 000,024,840 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus) DRV:64bit: - [2008.12.07 13:44:56 | 000,035,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs) DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2008.07.02 15:58:50 | 000,031,624 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs) DRV:64bit: - [2008.06.06 15:35:46 | 000,055,440 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd.sys -- (FSProFilter) DRV - [2010.05.15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\vsdatant.sys -- (Vsdatant) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.t-online.de/cpm-redir/ie-8.html IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.selectedEngine: "Facemoods Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de" FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.18107 FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.6.1 FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0 FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.733 FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {0489727F-380F-4272-B6A3-9FAD92A8A9CC}:1.9.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.15: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.15: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.08.05 21:21:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.05 22:53:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.05 22:53:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Marv\AppData\Roaming\5031 [2011.10.09 14:03:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{0489727F-380F-4272-B6A3-9FAD92A8A9CC}: C:\Users\Marv\AppData\Local\{0489727F-380F-4272-B6A3-9FAD92A8A9CC} [2011.09.05 22:33:16 | 000,000,000 | ---D | M] [2010.02.24 08:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marv\AppData\Roaming\mozilla\Extensions [2009.12.16 16:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marv\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable [2009.12.16 16:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marv\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011.10.05 21:53:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\vqec3v9z.default\extensions [2010.03.08 17:53:38 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\vqec3v9z.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} [2010.12.18 16:17:44 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\vqec3v9z.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.01.17 18:34:33 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\vqec3v9z.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42} [2010.08.05 20:12:17 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\vqec3v9z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.03.23 00:25:54 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\vqec3v9z.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2010.12.18 16:17:44 | 000,000,000 | ---D | M] (Autofill Forms) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\vqec3v9z.default\extensions\autofillForms@blueimp.net [2011.07.14 15:28:15 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\vqec3v9z.default\extensions\ffxtlbr@Facemoods.com [2010.09.05 22:09:40 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\vqec3v9z.default\extensions\illimitux@illimitux.net [2011.10.03 23:05:23 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\vqec3v9z.default\extensions\toolbar@ask.com [2011.10.03 11:07:47 | 000,000,961 | ---- | M] () -- C:\Users\Marv\AppData\Roaming\Mozilla\Firefox\Profiles\vqec3v9z.default\searchplugins\icqplugin-1.xml [2010.12.15 11:56:49 | 000,001,069 | ---- | M] () -- C:\Users\Marv\AppData\Roaming\Mozilla\Firefox\Profiles\vqec3v9z.default\searchplugins\icqplugin.xml [2009.12.16 17:23:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.08.05 21:21:39 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES (X86)\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC [2009.12.17 18:50:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2011.09.05 22:33:16 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\MARV\APPDATA\LOCAL\{0489727F-380F-4272-B6A3-9FAD92A8A9CC} [2011.10.09 14:03:28 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\MARV\APPDATA\ROAMING\5031 [2011.07.14 15:28:19 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml O1 HOSTS File: ([2011.03.04 18:00:08 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com) O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [mylbx] C:\Tools\My Lockbox\mylbx.exe (FSPro Labs) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [4Y3Y0C3AYF7XXW6WWCDNXF] C:\Recycle.Bin\B6232F3A346.exe (©mY systems) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Miranda Fusion] C:\Program Files (x86)\MirandaFusion\mfstart.exe (Miranda Fusion Team) O4 - HKCU..\Run: [Oduhosowuw] C:\Users\Marv\AppData\Local\ibizebazob.dll (Realtek Semiconductor Corp.) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [Ttinalosupuk] C:\Users\Marv\AppData\Local\Snhclsf.dll (PCtel Inc.) O4 - HKCU..\Run: [Userinit] C:\Users\Marv\AppData\Roaming\appconf32.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marv\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marv\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36589697-63BC-48D0-8941-CDD20736609E}: NameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\belarc - No CLSID value found O18:64bit: - Protocol\Handler\gopher - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found O29 - HKLM SecurityProviders - (credssp.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{330c6c73-ea68-11de-8399-001bfcc4f6ce}\Shell - "" = AutoRun O33 - MountPoints2\{330c6c73-ea68-11de-8399-001bfcc4f6ce}\Shell\AutoRun\command - "" = K:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX:64bit: >{CED6C643-AA83-4FDB-A9FC-5CD0160840C0} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Launch LCDMon - hkey= - key= - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) MsConfig:64bit - StartUpReg: Launch LGDCore - hkey= - key= - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) MsConfig:64bit - StartUpReg: Launch LgDeviceAgent - hkey= - key= - C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) MsConfig:64bit - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () MsConfig:64bit - StartUpReg: NokiaOviSuite2 - hkey= - key= - File not found MsConfig:64bit - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "bootini" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.10.09 14:03:27 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\5031 [2011.10.09 14:03:26 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Marv\Desktop\OTL.exe [2011.10.04 00:28:44 | 000,000,000 | ---D | C] -- C:\Users\Marv\Desktop\backups [2011.10.04 00:23:14 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Marv\Desktop\HiJackThis204.exe [2011.10.03 12:37:22 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\5030 [2011.10.03 11:12:02 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\5029 [2011.09.24 01:06:05 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\5027 [2011.09.18 02:15:52 | 000,277,456 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Marv\AppData\Roaming\AcroIEHelpe042.dll [2011.09.18 02:15:51 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\5026 [2011.09.09 20:49:55 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\5025 [2009.07.14 01:24:58 | 000,374,784 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Users\Marv\AppData\Local\ibizebazob.dll [2009.07.14 01:24:58 | 000,110,080 | ---- | C] (PCtel Inc.) -- C:\Users\Marv\AppData\Local\Snhclsf.dll [2008.10.30 01:00:00 | 462,437,040 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\ADBEPHSPCS3_DE.exe [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Users\Marv\Desktop\*.tmp files -> C:\Users\Marv\Desktop\*.tmp -> ] [1 C:\Users\Marv\AppData\Roaming\*.tmp files -> C:\Users\Marv\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.10.09 14:19:54 | 000,016,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.09 14:19:54 | 000,016,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.09 14:18:13 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.10.09 14:14:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.09 14:14:34 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys [2011.10.09 14:12:17 | 000,000,188 | ---- | M] () -- C:\Users\Marv\defogger_reenable [2011.10.09 14:03:28 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Marv\Desktop\OTL.exe [2011.10.08 08:45:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.10.06 14:45:28 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\ujicedofibujidi.dll [2011.10.06 12:43:28 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\ododurex.dll [2011.10.06 10:41:28 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\utusarevegub.dll [2011.10.06 08:39:28 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\opunahuko.dll [2011.10.06 06:37:28 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\ahabikixezibece.dll [2011.10.06 04:35:28 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\ebuhiheha.dll [2011.10.06 02:33:28 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\uhilahacafof.dll [2011.10.06 00:31:28 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\adafecujofuloh.dll [2011.10.05 22:52:31 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\Stoqinasow.dat [2011.10.05 22:29:30 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\oqenuhogajim.dll [2011.10.05 20:27:28 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\ujosagub.dll [2011.10.04 18:19:28 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\agepofuyipidu.dll [2011.10.04 16:17:27 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\igugesifefe.dll [2011.10.04 14:15:27 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\ilawomew.dll [2011.10.04 11:20:10 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\elububukuk.dll [2011.10.04 09:18:12 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\uwifaniv.dll [2011.10.04 07:16:10 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\uneyocad.dll [2011.10.04 05:14:10 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\ufuqetetabej.dll [2011.10.04 03:12:10 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\ufunuzehob.dll [2011.10.04 01:10:10 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\ogizikeq.dll [2011.10.04 00:23:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Marv\Desktop\HiJackThis204.exe [2011.10.04 00:09:46 | 000,005,632 | -HS- | M] () -- C:\Users\Marv\wevtapi.dll [2011.10.03 23:08:10 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\evulowunikazubi.dll [2011.10.03 22:18:47 | 000,000,000 | ---- | M] () -- C:\Users\Marv\AppData\Local\Qjekabobituyih.bin [2011.10.03 21:06:10 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\oqitegig.dll [2011.10.03 19:04:10 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\upubemobel.dll [2011.10.03 17:02:10 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\ovocigitulobomag.dll [2011.10.03 15:00:10 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\egugesif.dll [2011.09.24 01:10:26 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\oqasoqegepazope.dll [2011.09.21 23:04:27 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\ojeqafar.dll [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Users\Marv\Desktop\*.tmp files -> C:\Users\Marv\Desktop\*.tmp -> ] [1 C:\Users\Marv\AppData\Roaming\*.tmp files -> C:\Users\Marv\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.10.09 14:12:17 | 000,000,188 | ---- | C] () -- C:\Users\Marv\defogger_reenable [2011.10.06 14:45:28 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\ujicedofibujidi.dll [2011.10.06 12:43:28 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\ododurex.dll [2011.10.06 10:41:28 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\utusarevegub.dll [2011.10.06 08:39:28 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\opunahuko.dll [2011.10.06 06:37:28 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\ahabikixezibece.dll [2011.10.06 04:35:28 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\ebuhiheha.dll [2011.10.06 02:33:28 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\uhilahacafof.dll [2011.10.06 00:31:28 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\adafecujofuloh.dll [2011.10.05 22:29:30 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\oqenuhogajim.dll [2011.10.05 20:27:28 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\ujosagub.dll [2011.10.04 18:19:28 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\agepofuyipidu.dll [2011.10.04 16:17:27 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\igugesifefe.dll [2011.10.04 11:20:10 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\elububukuk.dll [2011.10.04 09:18:12 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\uwifaniv.dll [2011.10.04 07:16:10 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\uneyocad.dll [2011.10.04 05:14:10 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\ufuqetetabej.dll [2011.10.04 03:12:10 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\ufunuzehob.dll [2011.10.04 01:10:10 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\ogizikeq.dll [2011.10.04 00:09:46 | 000,005,632 | -HS- | C] () -- C:\Users\Marv\wevtapi.dll [2011.10.03 23:08:10 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\evulowunikazubi.dll [2011.10.03 21:06:10 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\oqitegig.dll [2011.10.03 19:04:10 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\upubemobel.dll [2011.10.03 17:02:10 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\ovocigitulobomag.dll [2011.10.03 15:00:10 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\egugesif.dll [2011.10.03 12:58:10 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\ilawomew.dll [2011.09.24 01:10:26 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\oqasoqegepazope.dll [2011.09.21 23:04:27 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\ojeqafar.dll [2011.09.05 22:33:18 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\Stoqinasow.dat [2011.09.05 22:33:18 | 000,000,000 | ---- | C] () -- C:\Users\Marv\AppData\Local\Qjekabobituyih.bin [2011.04.04 20:39:13 | 000,000,613 | ---- | C] () -- C:\Windows\eReg.dat [2010.09.28 11:52:40 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe [2010.08.30 23:45:07 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2010.05.04 17:40:55 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll [2010.04.10 12:34:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.04.10 12:28:55 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.03.27 15:25:40 | 000,073,331 | ---- | C] () -- C:\Windows\War3Unin.dat [2010.03.26 21:00:54 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.03.26 21:00:32 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.03.11 08:30:31 | 000,007,605 | ---- | C] () -- C:\Users\Marv\AppData\Local\Resmon.ResmonCfg [2010.02.28 22:13:41 | 000,006,656 | ---- | C] () -- C:\Users\Marv\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.03 20:10:15 | 001,201,206 | ---- | C] () -- C:\Windows\SysWow64\KART24GF.DLL [2010.02.03 20:10:15 | 001,201,206 | ---- | C] () -- C:\Windows\SysWow64\Kart24gd.dll [2010.02.03 20:10:15 | 000,038,614 | ---- | C] () -- C:\Windows\SysWow64\Kart_doj.dll [2010.02.03 20:10:15 | 000,028,958 | ---- | C] () -- C:\Windows\SysWow64\kart_dbl.dll [2010.01.14 18:43:52 | 000,000,600 | ---- | C] () -- C:\Users\Marv\AppData\Local\PUTTY.RND [2009.12.16 17:24:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.12.09 17:23:13 | 000,053,024 | RHS- | C] () -- C:\Users\Marv\AppData\Roaming\appconf32.exe ========== LOP Check ========== [2011.09.05 22:20:03 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\5024 [2011.09.09 20:49:55 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\5025 [2011.09.18 02:15:51 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\5026 [2011.09.24 01:06:05 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\5027 [2011.10.03 11:12:02 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\5029 [2011.10.03 12:37:22 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\5030 [2011.10.09 14:03:28 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\5031 [2010.03.23 08:56:15 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Azureus [2011.09.05 00:12:18 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2009.12.16 19:36:32 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\DAEMON Tools Lite [2010.12.10 13:10:50 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\DVDVideoSoft [2011.04.02 12:42:18 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.07 22:25:33 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\FileZilla [2010.12.01 23:51:47 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Foxit Software [2010.12.01 19:42:25 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\FreeFileSync [2009.12.27 23:35:53 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\GetRight [2009.12.16 18:55:58 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\GetRightToGo [2011.10.09 14:27:42 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\ICQ [2011.03.04 17:59:33 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Juniper Networks [2011.09.05 22:19:30 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\kock [2010.01.17 18:45:15 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Leadertech [2009.12.28 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2010.05.20 15:40:02 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Miranda Fusion [2010.05.31 20:48:48 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Mount&Blade Warband [2010.03.01 13:19:28 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Nokia [2011.06.06 20:15:25 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Opera [2010.03.08 21:56:48 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\PC Suite [2010.09.21 09:52:39 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\ProtectDISC [2011.09.05 22:49:22 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\SWiSH Max3 [2011.02.02 20:34:43 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\TeamViewer [2011.10.03 22:18:11 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\UAs [2010.03.22 23:21:49 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Ubisoft [2010.12.06 23:12:28 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\UDC Profiles [2011.06.29 23:15:27 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Unified Remote [2010.10.22 15:24:42 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\WindSolutions [2010.06.09 18:57:25 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\www.pro-evo.xooit.fr [2010.09.10 18:41:52 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Xilisoft [2011.10.03 22:18:31 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\xmldm [2010.08.05 21:34:26 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.12.16 15:46:38 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.04.10 11:10:36 | 000,000,000 | ---D | M] -- C:\ATI [2009.12.16 15:23:03 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.12.16 15:46:29 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.12.16 19:05:08 | 000,000,000 | ---D | M] -- C:\Downloads [2010.02.28 22:45:17 | 000,000,000 | ---D | M] -- C:\hama [2009.12.16 19:39:06 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.12.18 17:50:51 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2009.12.23 23:57:46 | 000,000,000 | ---D | M] -- C:\Photoshop [2011.02.15 21:51:24 | 000,000,000 | R--D | M] -- C:\Program Files [2011.09.05 22:17:18 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.09.04 20:30:49 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.12.16 15:46:29 | 000,000,000 | -HSD | M] -- C:\Programme [2009.12.16 15:46:29 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.10.05 20:41:53 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin [2011.07.17 11:23:38 | 000,000,000 | ---D | M] -- C:\Spiele [2010.01.15 20:03:53 | 000,000,000 | ---D | M] -- C:\Spiele) [2011.10.09 14:30:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.07.12 22:32:10 | 000,000,000 | ---D | M] -- C:\Tools [2010.05.18 15:08:06 | 000,000,000 | ---D | M] -- C:\Tools) [2010.12.06 18:58:00 | 000,000,000 | R--D | M] -- C:\UDC Output Files [2010.03.23 00:25:50 | 000,000,000 | R--D | M] -- C:\Users [2010.04.10 11:20:05 | 000,000,000 | ---D | M] -- C:\VideoSec [2011.09.04 20:29:57 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > [2008.10.30 01:00:00 | 462,437,040 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\ADBEPHSPCS3_DE.exe < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > Ich hoffe ihr könnt mir helfen :-) Im Anhang befindet sich die Extras.txt |
10.10.2011, 13:56 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Systray .exe stub - Virus? Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
__________________ |
11.10.2011, 12:48 | #3 |
| Systray .exe stub - Virus? Grüß dich,
__________________da nach dem durchlaufen von Malewarebyte(oder so :-) ) bei mir garnichts mehr lief, hab ich den PC nun formatiert. Danke trotzdem für deine Hilfe! |
Themen zu Systray .exe stub - Virus? |
acroiehelpe, alternate, antivir, application/pdf, application/pdf:, autorun, avira, bho, bonjour, browser, c:\windows\system32\rundll32.exe, conduit, converter, error, firefox, google earth, helper.exe, hijack, hijackthis, langs, launch, logfile, lws.exe, mp3, object, plug-in, realtek, recycle.bin, registry, rundll, scan, sched.exe, server, software, spyware, starten, taskmanager, version=1.0, virus, webcheck, windows |