Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Systray .exe stub - Virus?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 09.10.2011, 14:18   #1
DasKochbuch
 
Systray .exe stub - Virus? - Standard

Systray .exe stub - Virus?



Grüßt euch.
Beim letzten Start hat Windows richtig lang zum starten benötigt.
Im Taskmanager befinden sich abgefahrene Einträge wie
Systray .exe stub
TSTheme.exe
und 4 oder 5 rundll32.exe's

Mein OTL-Log
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.10.2011 14:28:01 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Marv\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,40% Memory free
6,00 Gb Paging File | 4,61 Gb Available in Paging File | 76,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,64 Gb Total Space | 13,15 Gb Free Space | 2,87% Space Free | Partition Type: NTFS
Drive D: | 8,12 Gb Total Space | 1,01 Gb Free Space | 12,44% Space Free | Partition Type: NTFS
Drive E: | 319,11 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARV-PC | User Name: Marv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.09 14:18:49 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Users\Marv\AppData\Local\Temp\zB81959.exe
PRC - [2011.10.09 14:03:28 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Marv\Desktop\OTL.exe
PRC - [2011.08.23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011.04.21 07:52:36 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Tools\TeamViewer\TeamViewer_Service.exe
PRC - [2010.09.01 06:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.06.23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2010.06.23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.05.14 10:32:30 | 001,479,680 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2010.05.11 11:51:52 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
PRC - [2010.04.10 21:01:20 | 000,623,984 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2010.03.26 21:00:32 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.01.22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010.01.11 22:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.01.10 14:39:30 | 001,212,592 | ---- | M] (FSPro Labs) -- C:\Tools\My Lockbox\mylbx.exe
PRC - [2010.01.06 17:23:32 | 000,142,648 | ---- | M] (FSPro Labs) -- C:\Windows\SysWOW64\fsproflt.exe
PRC - [2009.10.27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.07.14 03:14:42 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\TSTheme.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008.08.12 11:16:16 | 002,023,424 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2008.07.29 14:47:56 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2008.07.29 14:47:38 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2008.07.29 14:11:18 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2008.07.29 14:01:12 | 007,331,840 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll
MOD - [2008.07.29 13:50:26 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.08.22 23:30:40 | 000,030,208 | ---- | M] (SoftwareForMe Inc) [Auto | Running] -- C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe -- (PhoneMyPC_Helper)
SRV:64bit: - [2010.02.10 17:24:54 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.10.07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.08.04 14:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.08.02 14:02:17 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.21 07:52:36 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Tools\TeamViewer\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.06.23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.04.10 21:01:20 | 000,623,984 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010.03.26 21:00:32 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010.03.11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010.01.22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010.01.11 22:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.01.06 17:23:32 | 000,142,648 | ---- | M] (FSPro Labs) [Auto | Running] -- C:\Windows\SysWOW64\fsproflt.exe -- (fsproflt)
SRV - [2009.12.23 23:58:57 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.07.26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.06.17 12:35:49 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.17 12:35:49 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.30 18:07:06 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010.05.15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010.04.19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.04.10 20:47:36 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2010.03.29 10:06:06 | 000,233,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010.02.26 14:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010.02.26 14:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010.02.26 14:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010.02.26 14:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2010.02.10 17:47:56 | 006,377,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.02.10 16:31:26 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.01.28 09:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.01.02 23:25:34 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.01.02 23:25:33 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.12.16 19:25:00 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.11.23 18:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.10.07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009.10.07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009.09.23 10:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009.06.10 22:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.01 01:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009.05.01 00:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2009.05.01 00:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2009.01.08 00:38:18 | 000,024,840 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2008.12.07 13:44:56 | 000,035,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.07.02 15:58:50 | 000,031,624 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2008.06.06 15:35:46 | 000,055,440 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd.sys -- (FSProFilter)
DRV - [2010.05.15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.t-online.de/cpm-redir/ie-8.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de"
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.18107
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.6.1
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.733
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {0489727F-380F-4272-B6A3-9FAD92A8A9CC}:1.9.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.15: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.15: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.08.05 21:21:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.05 22:53:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.05 22:53:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Marv\AppData\Roaming\5031 [2011.10.09 14:03:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{0489727F-380F-4272-B6A3-9FAD92A8A9CC}: C:\Users\Marv\AppData\Local\{0489727F-380F-4272-B6A3-9FAD92A8A9CC} [2011.09.05 22:33:16 | 000,000,000 | ---D | M]
 
[2010.02.24 08:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marv\AppData\Roaming\mozilla\Extensions
[2009.12.16 16:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marv\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable
[2009.12.16 16:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marv\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011.10.05 21:53:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\vqec3v9z.default\extensions
[2010.03.08 17:53:38 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\vqec3v9z.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2010.12.18 16:17:44 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\vqec3v9z.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.01.17 18:34:33 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\vqec3v9z.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010.08.05 20:12:17 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\vqec3v9z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.03.23 00:25:54 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\vqec3v9z.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010.12.18 16:17:44 | 000,000,000 | ---D | M] (Autofill Forms) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\vqec3v9z.default\extensions\autofillForms@blueimp.net
[2011.07.14 15:28:15 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\vqec3v9z.default\extensions\ffxtlbr@Facemoods.com
[2010.09.05 22:09:40 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\vqec3v9z.default\extensions\illimitux@illimitux.net
[2011.10.03 23:05:23 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Marv\AppData\Roaming\mozilla\Firefox\Profiles\vqec3v9z.default\extensions\toolbar@ask.com
[2011.10.03 11:07:47 | 000,000,961 | ---- | M] () -- C:\Users\Marv\AppData\Roaming\Mozilla\Firefox\Profiles\vqec3v9z.default\searchplugins\icqplugin-1.xml
[2010.12.15 11:56:49 | 000,001,069 | ---- | M] () -- C:\Users\Marv\AppData\Roaming\Mozilla\Firefox\Profiles\vqec3v9z.default\searchplugins\icqplugin.xml
[2009.12.16 17:23:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.08.05 21:21:39 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES (X86)\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
[2009.12.17 18:50:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2011.09.05 22:33:16 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\MARV\APPDATA\LOCAL\{0489727F-380F-4272-B6A3-9FAD92A8A9CC}
[2011.10.09 14:03:28 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\MARV\APPDATA\ROAMING\5031
[2011.07.14 15:28:19 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
 
O1 HOSTS File: ([2011.03.04 18:00:08 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [mylbx] C:\Tools\My Lockbox\mylbx.exe (FSPro Labs)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [4Y3Y0C3AYF7XXW6WWCDNXF] C:\Recycle.Bin\B6232F3A346.exe (©mY systems)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Miranda Fusion] C:\Program Files (x86)\MirandaFusion\mfstart.exe (Miranda Fusion Team)
O4 - HKCU..\Run: [Oduhosowuw] C:\Users\Marv\AppData\Local\ibizebazob.dll (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [Ttinalosupuk] C:\Users\Marv\AppData\Local\Snhclsf.dll (PCtel Inc.)
O4 - HKCU..\Run: [Userinit] C:\Users\Marv\AppData\Roaming\appconf32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marv\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marv\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36589697-63BC-48D0-8941-CDD20736609E}: NameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{330c6c73-ea68-11de-8399-001bfcc4f6ce}\Shell - "" = AutoRun
O33 - MountPoints2\{330c6c73-ea68-11de-8399-001bfcc4f6ce}\Shell\AutoRun\command - "" = K:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX:64bit: >{CED6C643-AA83-4FDB-A9FC-5CD0160840C0} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Launch LCDMon - hkey= - key= - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: Launch LGDCore - hkey= - key= - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: Launch LgDeviceAgent - hkey= - key= - C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MsConfig:64bit - StartUpReg: NokiaOviSuite2 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.09 14:03:27 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\5031
[2011.10.09 14:03:26 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Marv\Desktop\OTL.exe
[2011.10.04 00:28:44 | 000,000,000 | ---D | C] -- C:\Users\Marv\Desktop\backups
[2011.10.04 00:23:14 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Marv\Desktop\HiJackThis204.exe
[2011.10.03 12:37:22 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\5030
[2011.10.03 11:12:02 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\5029
[2011.09.24 01:06:05 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\5027
[2011.09.18 02:15:52 | 000,277,456 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Marv\AppData\Roaming\AcroIEHelpe042.dll
[2011.09.18 02:15:51 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\5026
[2011.09.09 20:49:55 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\5025
[2009.07.14 01:24:58 | 000,374,784 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Users\Marv\AppData\Local\ibizebazob.dll
[2009.07.14 01:24:58 | 000,110,080 | ---- | C] (PCtel Inc.) -- C:\Users\Marv\AppData\Local\Snhclsf.dll
[2008.10.30 01:00:00 | 462,437,040 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\ADBEPHSPCS3_DE.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Marv\Desktop\*.tmp files -> C:\Users\Marv\Desktop\*.tmp -> ]
[1 C:\Users\Marv\AppData\Roaming\*.tmp files -> C:\Users\Marv\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.09 14:19:54 | 000,016,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.09 14:19:54 | 000,016,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.09 14:18:13 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.09 14:14:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.09 14:14:34 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.09 14:12:17 | 000,000,188 | ---- | M] () -- C:\Users\Marv\defogger_reenable
[2011.10.09 14:03:28 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Marv\Desktop\OTL.exe
[2011.10.08 08:45:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.06 14:45:28 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\ujicedofibujidi.dll
[2011.10.06 12:43:28 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\ododurex.dll
[2011.10.06 10:41:28 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\utusarevegub.dll
[2011.10.06 08:39:28 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\opunahuko.dll
[2011.10.06 06:37:28 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\ahabikixezibece.dll
[2011.10.06 04:35:28 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\ebuhiheha.dll
[2011.10.06 02:33:28 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\uhilahacafof.dll
[2011.10.06 00:31:28 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\adafecujofuloh.dll
[2011.10.05 22:52:31 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\Stoqinasow.dat
[2011.10.05 22:29:30 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\oqenuhogajim.dll
[2011.10.05 20:27:28 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\ujosagub.dll
[2011.10.04 18:19:28 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\agepofuyipidu.dll
[2011.10.04 16:17:27 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\igugesifefe.dll
[2011.10.04 14:15:27 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\ilawomew.dll
[2011.10.04 11:20:10 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\elububukuk.dll
[2011.10.04 09:18:12 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\uwifaniv.dll
[2011.10.04 07:16:10 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\uneyocad.dll
[2011.10.04 05:14:10 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\ufuqetetabej.dll
[2011.10.04 03:12:10 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\ufunuzehob.dll
[2011.10.04 01:10:10 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\ogizikeq.dll
[2011.10.04 00:23:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Marv\Desktop\HiJackThis204.exe
[2011.10.04 00:09:46 | 000,005,632 | -HS- | M] () -- C:\Users\Marv\wevtapi.dll
[2011.10.03 23:08:10 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\evulowunikazubi.dll
[2011.10.03 22:18:47 | 000,000,000 | ---- | M] () -- C:\Users\Marv\AppData\Local\Qjekabobituyih.bin
[2011.10.03 21:06:10 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\oqitegig.dll
[2011.10.03 19:04:10 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\upubemobel.dll
[2011.10.03 17:02:10 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\ovocigitulobomag.dll
[2011.10.03 15:00:10 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\egugesif.dll
[2011.09.24 01:10:26 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\oqasoqegepazope.dll
[2011.09.21 23:04:27 | 000,000,181 | ---- | M] () -- C:\Users\Marv\AppData\Local\ojeqafar.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Marv\Desktop\*.tmp files -> C:\Users\Marv\Desktop\*.tmp -> ]
[1 C:\Users\Marv\AppData\Roaming\*.tmp files -> C:\Users\Marv\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.09 14:12:17 | 000,000,188 | ---- | C] () -- C:\Users\Marv\defogger_reenable
[2011.10.06 14:45:28 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\ujicedofibujidi.dll
[2011.10.06 12:43:28 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\ododurex.dll
[2011.10.06 10:41:28 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\utusarevegub.dll
[2011.10.06 08:39:28 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\opunahuko.dll
[2011.10.06 06:37:28 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\ahabikixezibece.dll
[2011.10.06 04:35:28 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\ebuhiheha.dll
[2011.10.06 02:33:28 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\uhilahacafof.dll
[2011.10.06 00:31:28 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\adafecujofuloh.dll
[2011.10.05 22:29:30 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\oqenuhogajim.dll
[2011.10.05 20:27:28 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\ujosagub.dll
[2011.10.04 18:19:28 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\agepofuyipidu.dll
[2011.10.04 16:17:27 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\igugesifefe.dll
[2011.10.04 11:20:10 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\elububukuk.dll
[2011.10.04 09:18:12 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\uwifaniv.dll
[2011.10.04 07:16:10 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\uneyocad.dll
[2011.10.04 05:14:10 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\ufuqetetabej.dll
[2011.10.04 03:12:10 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\ufunuzehob.dll
[2011.10.04 01:10:10 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\ogizikeq.dll
[2011.10.04 00:09:46 | 000,005,632 | -HS- | C] () -- C:\Users\Marv\wevtapi.dll
[2011.10.03 23:08:10 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\evulowunikazubi.dll
[2011.10.03 21:06:10 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\oqitegig.dll
[2011.10.03 19:04:10 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\upubemobel.dll
[2011.10.03 17:02:10 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\ovocigitulobomag.dll
[2011.10.03 15:00:10 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\egugesif.dll
[2011.10.03 12:58:10 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\ilawomew.dll
[2011.09.24 01:10:26 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\oqasoqegepazope.dll
[2011.09.21 23:04:27 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\ojeqafar.dll
[2011.09.05 22:33:18 | 000,000,181 | ---- | C] () -- C:\Users\Marv\AppData\Local\Stoqinasow.dat
[2011.09.05 22:33:18 | 000,000,000 | ---- | C] () -- C:\Users\Marv\AppData\Local\Qjekabobituyih.bin
[2011.04.04 20:39:13 | 000,000,613 | ---- | C] () -- C:\Windows\eReg.dat
[2010.09.28 11:52:40 | 000,072,192 | ---- | C] () -- C:\Windows\unlite3.exe
[2010.08.30 23:45:07 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.05.04 17:40:55 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010.04.10 12:34:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.04.10 12:28:55 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.03.27 15:25:40 | 000,073,331 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.03.26 21:00:54 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.03.26 21:00:32 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.03.11 08:30:31 | 000,007,605 | ---- | C] () -- C:\Users\Marv\AppData\Local\Resmon.ResmonCfg
[2010.02.28 22:13:41 | 000,006,656 | ---- | C] () -- C:\Users\Marv\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.03 20:10:15 | 001,201,206 | ---- | C] () -- C:\Windows\SysWow64\KART24GF.DLL
[2010.02.03 20:10:15 | 001,201,206 | ---- | C] () -- C:\Windows\SysWow64\Kart24gd.dll
[2010.02.03 20:10:15 | 000,038,614 | ---- | C] () -- C:\Windows\SysWow64\Kart_doj.dll
[2010.02.03 20:10:15 | 000,028,958 | ---- | C] () -- C:\Windows\SysWow64\kart_dbl.dll
[2010.01.14 18:43:52 | 000,000,600 | ---- | C] () -- C:\Users\Marv\AppData\Local\PUTTY.RND
[2009.12.16 17:24:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.12.09 17:23:13 | 000,053,024 | RHS- | C] () -- C:\Users\Marv\AppData\Roaming\appconf32.exe
 
========== LOP Check ==========
 
[2011.09.05 22:20:03 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\5024
[2011.09.09 20:49:55 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\5025
[2011.09.18 02:15:51 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\5026
[2011.09.24 01:06:05 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\5027
[2011.10.03 11:12:02 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\5029
[2011.10.03 12:37:22 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\5030
[2011.10.09 14:03:28 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\5031
[2010.03.23 08:56:15 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Azureus
[2011.09.05 00:12:18 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.12.16 19:36:32 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\DAEMON Tools Lite
[2010.12.10 13:10:50 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\DVDVideoSoft
[2011.04.02 12:42:18 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.07 22:25:33 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\FileZilla
[2010.12.01 23:51:47 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Foxit Software
[2010.12.01 19:42:25 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\FreeFileSync
[2009.12.27 23:35:53 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\GetRight
[2009.12.16 18:55:58 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\GetRightToGo
[2011.10.09 14:27:42 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\ICQ
[2011.03.04 17:59:33 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Juniper Networks
[2011.09.05 22:19:30 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\kock
[2010.01.17 18:45:15 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Leadertech
[2009.12.28 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2010.05.20 15:40:02 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Miranda Fusion
[2010.05.31 20:48:48 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Mount&Blade Warband
[2010.03.01 13:19:28 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Nokia
[2011.06.06 20:15:25 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Opera
[2010.03.08 21:56:48 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\PC Suite
[2010.09.21 09:52:39 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\ProtectDISC
[2011.09.05 22:49:22 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\SWiSH Max3
[2011.02.02 20:34:43 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\TeamViewer
[2011.10.03 22:18:11 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\UAs
[2010.03.22 23:21:49 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Ubisoft
[2010.12.06 23:12:28 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\UDC Profiles
[2011.06.29 23:15:27 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Unified Remote
[2010.10.22 15:24:42 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\WindSolutions
[2010.06.09 18:57:25 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\www.pro-evo.xooit.fr
[2010.09.10 18:41:52 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\Xilisoft
[2011.10.03 22:18:31 | 000,000,000 | ---D | M] -- C:\Users\Marv\AppData\Roaming\xmldm
[2010.08.05 21:34:26 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.12.16 15:46:38 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.04.10 11:10:36 | 000,000,000 | ---D | M] -- C:\ATI
[2009.12.16 15:23:03 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.12.16 15:46:29 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.12.16 19:05:08 | 000,000,000 | ---D | M] -- C:\Downloads
[2010.02.28 22:45:17 | 000,000,000 | ---D | M] -- C:\hama
[2009.12.16 19:39:06 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.12.18 17:50:51 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2009.12.23 23:57:46 | 000,000,000 | ---D | M] -- C:\Photoshop
[2011.02.15 21:51:24 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.09.05 22:17:18 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.09.04 20:30:49 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.12.16 15:46:29 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.12.16 15:46:29 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.10.05 20:41:53 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin
[2011.07.17 11:23:38 | 000,000,000 | ---D | M] -- C:\Spiele
[2010.01.15 20:03:53 | 000,000,000 | ---D | M] -- C:\Spiele)
[2011.10.09 14:30:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.12 22:32:10 | 000,000,000 | ---D | M] -- C:\Tools
[2010.05.18 15:08:06 | 000,000,000 | ---D | M] -- C:\Tools)
[2010.12.06 18:58:00 | 000,000,000 | R--D | M] -- C:\UDC Output Files
[2010.03.23 00:25:50 | 000,000,000 | R--D | M] -- C:\Users
[2010.04.10 11:20:05 | 000,000,000 | ---D | M] -- C:\VideoSec
[2011.09.04 20:29:57 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
[2008.10.30 01:00:00 | 462,437,040 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\ADBEPHSPCS3_DE.exe
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
         
--- --- ---


Ich hoffe ihr könnt mir helfen :-)

Im Anhang befindet sich die Extras.txt

Alt 10.10.2011, 13:56   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Systray .exe stub - Virus? - Standard

Systray .exe stub - Virus?



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 11.10.2011, 12:48   #3
DasKochbuch
 
Systray .exe stub - Virus? - Standard

Systray .exe stub - Virus?



Grüß dich,

da nach dem durchlaufen von Malewarebyte(oder so :-) ) bei mir garnichts mehr lief, hab ich den PC nun formatiert.

Danke trotzdem für deine Hilfe!
__________________

Antwort

Themen zu Systray .exe stub - Virus?
acroiehelpe, alternate, antivir, application/pdf, application/pdf:, autorun, avira, bho, bonjour, browser, c:\windows\system32\rundll32.exe, conduit, converter, error, firefox, google earth, helper.exe, hijack, hijackthis, langs, launch, logfile, lws.exe, mp3, object, plug-in, realtek, recycle.bin, registry, rundll, scan, sched.exe, server, software, spyware, starten, taskmanager, version=1.0, virus, webcheck, windows




Ähnliche Themen: Systray .exe stub - Virus?


  1. Verdächtiges unbekanntes Icon im Systray
    Plagegeister aller Art und deren Bekämpfung - 15.08.2015 (5)
  2. Win7 - WinPatrol meldet: "systray .exe stub"
    Plagegeister aller Art und deren Bekämpfung - 17.12.2013 (49)
  3. Systray.exe stub Windows 7
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (5)
  4. Systray.exe stub
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (1)
  5. 0PZ43B4 Systray .exe sub
    Log-Analyse und Auswertung - 18.11.2011 (1)
  6. Systray .exe stub mit awaynet.bin.exe - Lösung wohl selbst gefunden.
    Log-Analyse und Auswertung - 08.06.2011 (3)
  7. Systray .exe stub
    Plagegeister aller Art und deren Bekämpfung - 26.05.2011 (15)
  8. Systray .exe stub - Neuer Virus?
    Plagegeister aller Art und deren Bekämpfung - 26.05.2011 (4)
  9. "Systray .exe stub" - Schädling
    Plagegeister aller Art und deren Bekämpfung - 24.05.2011 (2)
  10. Systray .exe stub - Keylogger?
    Plagegeister aller Art und deren Bekämpfung - 18.05.2011 (20)
  11. KeyLogger in Systray.exe stub
    Log-Analyse und Auswertung - 27.04.2011 (16)
  12. systray-symbole fehlen plötzlich!
    Plagegeister aller Art und deren Bekämpfung - 24.04.2010 (0)
  13. Windows XP kein CMD, REGEDIT und SYSTRAY
    Log-Analyse und Auswertung - 07.05.2009 (1)
  14. AntiSpyCheck noch im systray vorhanden
    Log-Analyse und Auswertung - 27.06.2008 (16)
  15. Assistant stub
    Plagegeister aller Art und deren Bekämpfung - 01.06.2006 (1)
  16. Inkompatible Version des RPC Stub
    Plagegeister aller Art und deren Bekämpfung - 07.01.2006 (2)
  17. systray.exe ???
    Log-Analyse und Auswertung - 05.12.2004 (2)

Zum Thema Systray .exe stub - Virus? - Grüßt euch. Beim letzten Start hat Windows richtig lang zum starten benötigt. Im Taskmanager befinden sich abgefahrene Einträge wie Systray .exe stub TSTheme.exe und 4 oder 5 rundll32.exe's Mein OTL-Log - Systray .exe stub - Virus?...
Archiv
Du betrachtest: Systray .exe stub - Virus? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.