| |
| |||||||
Log-Analyse und Auswertung: "TR/ATRAPS.Gen2 PC" Performance & Stability Analysis ReportWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.11.2011, 15:16
| #1 |
| |  "TR/ATRAPS.Gen2 PC" Performance & Stability Analysis Report Hallo liebes Trojaner-Board, noch ein weiteres Opfer des o.g. Trojaners  Seit heute morgen bekomme ich regelmäßig von einem angeblichen Virenscanprogramm die Info, das mein PC total ausgelastet wäre, die Performance bei 20% läge, meine Festplatte partiell total beschädigt wäre usw. Als ich danach gegoogelt habe, ist mir natürlich relativ schnell klar geworden, dass es sich hierbei um einen Trojaner oder ähnliche Malware handelt. In meinem Falle ist es inzwischen so, dass alle Ordner und Programme von meinem Desktop verschwunden sind, die Startleiste ist bis auf die Suchfunktion und den Button für das Herunterfahren komplett leer und auch sonst scheint von Zeit zu Zeit immer mehr zu verschwinden. Am Anfang konnte ich auch die Registry und den Task-Manager nicht mehr öffnen, das Problem konnte ich jetzt allerdings durch den CCCleaner beheben, allerdings werd ich aus den Programmen im Task-Manager auch nicht schlau, aber auch bei mir laufen csrss.exe und winlogon.exe die sich nicht schließen lassen. Wenn ich jetzt etwas zippe zum Beispiel und das dann abspeichere, sehe ich im Hintergrund die ganzen versteckten Dateien, sobald ich allerdings mit dem Explorer darauf zugreifen möchte finde ich so gut wie nichts mehr. Avira hat mir auch angezeigt, dass es einen Virus in 'C:\Users\*****\AppData\Local\Temp\~!#FBB6.tmp gefunden hat Virusbezeichnung: TR/Crypt.ZPACK.Gen. Und unter 'C:\Windows\System32\consrv.dll hat Avira diesen gefunden TR/ATRAPS.Gen2' [trojan] ich konnte das Ding allerdings nicht löschen oder verschieben. Ich hoffe ihr könnt mir helfen. OTL Scan hab ich gemacht hier das Ergebnis:OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.11.2011 14:19:24 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***** 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,81% Memory free 7,99 Gb Paging File | 6,50 Gb Available in Paging File | 81,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 453,14 Gb Total Space | 150,26 Gb Free Space | 33,16% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 0,01 Gb Free Space | 0,12% Space Free | Partition Type: NTFS Computer Name: *****-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.08 14:14:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*****\OTL.exe PRC - [2011.09.08 23:26:15 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.08.07 15:04:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.08.07 15:04:52 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.11.02 12:30:16 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.04.24 15:05:17 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.10.30 14:16:32 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.10.28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.09.13 17:17:42 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service) SRV - [2011.09.08 23:26:15 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.08.07 15:04:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.07 15:04:52 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.08.04 13:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.04.24 15:05:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.10.28 19:35:28 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.08.07 15:04:52 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.08.07 15:04:52 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.08.02 14:22:42 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.08.02 14:22:41 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.02.24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:06:48 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BTHPRINT.SYS -- (BTHprint) DRV:64bit: - [2009.07.14 01:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc) DRV:64bit: - [2009.07.14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.29 15:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.06.27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2007.10.10 16:03:00 | 000,266,624 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM02Dev.sys -- (OEM02Dev) DRV:64bit: - [2007.07.27 18:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2007.07.26 19:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2007.03.19 11:09:36 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2007.03.05 09:55:48 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM02Vfx.sys -- (OEM02Vfx) DRV:64bit: - [2005.02.23 17:00:19 | 000,007,168 | ---- | M] (Protection Technology) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.08.14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 75 CF 19 F0 C5 8E CB 01 [binary data] IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.0.1 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.08.22 23:08:35 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Windows.old\Program Files\Mozilla Firefox\components [2011.08.22 23:08:16 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Windows.old\Program Files\Mozilla Firefox\plugins [2011.08.22 23:09:13 | 000,000,000 | -H-D | M] [2010.04.23 15:27:23 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2011.10.11 07:30:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mv76hasw.default\extensions [2011.07.17 03:22:13 | 000,000,000 | -H-D | M] (Vuze Remote Community Toolbar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mv76hasw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2011.10.11 07:30:20 | 000,000,000 | -H-D | M] (Facemoods) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mv76hasw.default\extensions\ffxtlbr@Facemoods.com [2011.07.17 05:48:31 | 000,000,000 | -H-D | M] (LastPass) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mv76hasw.default\extensions\support@lastpass.com [2011.08.22 23:08:35 | 000,000,000 | -H-D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV76HASW.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV76HASW.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI [2010.08.16 17:04:03 | 000,000,000 | -H-D | M] (Java Console) -- C:\WINDOWS.OLD\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.13 14:31:57 | 000,000,000 | -H-D | M] (Java Console) -- C:\WINDOWS.OLD\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.03.08 09:50:04 | 000,000,000 | -H-D | M] (Java Console) -- C:\WINDOWS.OLD\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.08.27 11:24:04 | 000,000,000 | -H-D | M] (Java Console) -- C:\WINDOWS.OLD\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com) O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKCU..\Run: [AdobeBridge] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D53D63E1-1EF1-4FC8-B40B-847AD1FE1985}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9202992-AF51-4160-8A22-C8949BBA5011}: NameServer = 192.168.0.253 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{124eb076-634b-11df-91bb-002269bf0166}\Shell - "" = AutoRun O33 - MountPoints2\{124eb076-634b-11df-91bb-002269bf0166}\Shell\AutoRun\command - "" = F:\arun.exe O33 - MountPoints2\{814fe229-5dd7-11df-b2d5-002269bf0166}\Shell - "" = AutoRun O33 - MountPoints2\{814fe229-5dd7-11df-b2d5-002269bf0166}\Shell\AutoRun\command - "" = I:\pushinst.exe O33 - MountPoints2\{aa74de3e-6731-11df-9b2f-002269bf0166}\Shell - "" = AutoRun O33 - MountPoints2\{aa74de3e-6731-11df-9b2f-002269bf0166}\Shell\AutoRun\command - "" = G:\suppress_explorer.exe O33 - MountPoints2\{c9e88b5f-843b-11e0-b0a7-d705d335b9a6}\Shell - "" = AutoRun O33 - MountPoints2\{c9e88b5f-843b-11e0-b0a7-d705d335b9a6}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c9e88b71-843b-11e0-b0a7-d705d335b9a6}\Shell - "" = AutoRun O33 - MountPoints2\{c9e88b71-843b-11e0-b0a7-d705d335b9a6}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{f4f733c6-8658-11e0-827c-91f2010bd4a7}\Shell - "" = AutoRun O33 - MountPoints2\{f4f733c6-8658-11e0-827c-91f2010bd4a7}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{f4f733d9-8658-11e0-827c-91f2010bd4a7}\Shell - "" = AutoRun O33 - MountPoints2\{f4f733d9-8658-11e0-827c-91f2010bd4a7}\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {15CCD565-4B9B-C59F-2C9C-AFC0E7209331} - DirectX ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FD4D53E2-48B2-1A5C-52A5-7CBC9E5FF073} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= - File not found MsConfig:64bit - StartUpReg: amd_dc_opt - hkey= - key= - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) MsConfig:64bit - StartUpReg: D-Fense - hkey= - key= - C:\Program Files\1st-Help\1st-Help.exe () MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - File not found MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: facemoods - hkey= - key= - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com) MsConfig:64bit - StartUpReg: GoEEXkUVxKiuuCO.exe - hkey= - key= - C:\ProgramData\GoEEXkUVxKiuuCO.exe () MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: ISUSPM - hkey= - key= - File not found MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) MsConfig:64bit - StartUpReg: NVHotkey - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: OEM02Mon.exe - hkey= - key= - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.11.08 14:14:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\*****\OTL.exe [2011.11.08 14:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Windows\Start Menu\Programs\CCleaner [2011.11.08 14:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.11.08 14:00:54 | 003,511,776 | ---- | C] (Piriform Ltd) -- C:\Users\*****\ccsetup312.exe [2011.11.08 01:44:03 | 000,992,864 | -H-- | C] (Microsoft Corporation) -- C:\Users\*****\msvbvm50.exe [2011.11.08 01:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\1st-Help [2011.11.08 00:41:46 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2011.11.08 00:28:55 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2011.11.08 00:28:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2011.11.08 00:28:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\Lavasoft [2011.11.08 00:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft [2011.11.08 00:28:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2011.11.08 00:08:45 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2011.11.08 00:08:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2011.11.08 00:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.08 00:08:33 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.11.08 00:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.11.07 23:57:45 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore [2011.11.07 23:46:51 | 000,163,840 | ---- | C] (Blue Byte Software, Inc.) -- C:\Windows\_detmp.2 [2011.11.07 21:56:22 | 000,000,000 | -H-D | C] -- C:\Users\*****\Documents\ANNO 2070 Demo [2011.11.03 13:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus Home Interactive [2011.11.03 13:30:30 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Local\Focus Home Interactive [2011.11.03 13:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Focus Home Interactive [2011.10.31 14:21:21 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Local\World in Conflict [2011.10.31 14:20:15 | 000,000,000 | -H-D | C] -- C:\Users\*****\Documents\World in Conflict [2011.10.31 13:06:15 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Roaming\InstallShield [2011.10.30 12:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Byte [2011.10.30 12:48:11 | 000,000,000 | -H-D | C] -- C:\BlueByte [2011.10.25 14:04:53 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Local\Activision [2011.10.19 13:35:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare [2011.10.11 11:35:44 | 000,000,000 | -H-D | C] -- C:\Users\*****\Documents\Egosoft [2011.10.11 07:30:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2011.10.11 07:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\facemoods.com [2011.10.11 07:28:55 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\JDownloader [2011.10.09 22:02:22 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Local\dxhr [2011.10.09 22:01:11 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Local\28050 [2011.10.09 21:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Square Enix [2011.10.09 21:38:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Square Enix [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.08 14:19:07 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.08 14:19:07 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.08 14:16:04 | 000,178,908 | ---- | M] () -- C:\Users\*****\Documents\cc_20111108_141540.reg [2011.11.08 14:14:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*****\OTL.exe [2011.11.08 14:07:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.08 14:07:37 | 3219,701,760 | -HS- | M] () -- C:\hiberfil.sys [2011.11.08 14:06:24 | 000,000,020 | ---- | M] () -- C:\Users\*****\defogger_reenable [2011.11.08 14:05:45 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.11.08 14:05:01 | 000,050,477 | ---- | M] () -- C:\Users\*****\Defogger.exe [2011.11.08 14:01:08 | 003,511,776 | ---- | M] (Piriform Ltd) -- C:\Users\*****\ccsetup312.exe [2011.11.08 01:11:54 | 000,000,723 | -H-- | M] () -- C:\Users\*****\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk [2011.11.08 01:11:54 | 000,000,699 | -H-- | M] () -- C:\Users\*****\Desktop\System Restore.lnk [2011.11.08 00:41:45 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2011.11.08 00:01:33 | 000,000,456 | -H-- | M] () -- C:\ProgramData\bBEKperEpWxBh2 [2011.11.07 23:57:47 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~bBEKperEpWxBh2 [2011.11.07 23:57:47 | 000,000,224 | -H-- | M] () -- C:\ProgramData\~bBEKperEpWxBh2r [2011.11.07 23:57:09 | 000,340,320 | -H-- | M] () -- C:\ProgramData\bBEKperEpWxBh2.exe [2011.11.07 23:38:27 | 000,428,896 | -HS- | M] () -- C:\ProgramData\GoEEXkUVxKiuuCO.exe [2011.11.02 22:55:43 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.02 22:55:43 | 000,665,286 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.02 22:55:43 | 000,155,330 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.02 22:55:43 | 000,127,278 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.10.30 12:59:04 | 000,248,989 | ---- | M] () -- C:\Windows\_detmp.1 [2011.10.28 19:35:28 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2011.10.25 10:55:03 | 489,778,183 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.10.13 22:40:01 | 005,233,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.08 14:15:48 | 000,178,908 | ---- | C] () -- C:\Users\*****\Documents\cc_20111108_141540.reg [2011.11.08 14:06:23 | 000,000,020 | ---- | C] () -- C:\Users\*****\defogger_reenable [2011.11.08 14:05:45 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.11.08 14:04:58 | 000,050,477 | ---- | C] () -- C:\Users\*****\Defogger.exe [2011.11.08 01:11:54 | 000,000,723 | -H-- | C] () -- C:\Users\*****\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk [2011.11.08 01:11:54 | 000,000,699 | -H-- | C] () -- C:\Users\*****\Desktop\System Restore.lnk [2011.11.07 23:57:47 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~bBEKperEpWxBh2 [2011.11.07 23:57:47 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~bBEKperEpWxBh2r [2011.11.07 23:57:28 | 000,000,456 | -H-- | C] () -- C:\ProgramData\bBEKperEpWxBh2 [2011.11.07 23:57:09 | 000,340,320 | -H-- | C] () -- C:\ProgramData\bBEKperEpWxBh2.exe [2011.11.07 23:46:51 | 000,248,989 | ---- | C] () -- C:\Windows\_detmp.1 [2011.11.07 23:41:29 | 000,428,896 | -HS- | C] () -- C:\ProgramData\GoEEXkUVxKiuuCO.exe [2011.09.08 23:26:20 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.09.08 23:26:15 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.09.08 00:46:56 | 000,000,246 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.08.18 23:33:45 | 000,004,096 | -H-- | C] () -- C:\Users\*****\AppData\Local\keyfile3.drm [2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.04.09 07:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.09.14 01:10:34 | 000,000,565 | -H-- | C] () -- C:\Users\*****\AppData\Roaming\myMPQ.ini [2010.09.13 19:08:46 | 000,000,093 | -H-- | C] () -- C:\Users\*****\AppData\Local\fusioncache.dat [2010.09.13 18:44:58 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2010.06.21 22:53:34 | 000,007,597 | -H-- | C] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg [2010.05.18 13:18:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2000.07.15 00:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\regtlib.exe ========== LOP Check ========== [2010.09.13 19:55:27 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Atari [2011.08.02 17:23:18 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Azureus [2011.08.30 14:29:17 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2010.08.27 15:05:33 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Command and Conquer 3 Tiberium Wars [2010.05.19 14:35:55 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\DAEMON Tools Lite [2010.07.14 17:07:27 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\elsterformular [2011.10.02 19:55:47 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\GetRightToGo [2011.08.09 23:41:23 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Kalypso Media [2010.09.13 18:45:05 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Leadertech [2011.09.13 01:00:20 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Lionhead Studios [2010.08.24 03:56:40 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\LucasArts [2010.10.17 11:59:30 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\ProtectDisc [2011.09.08 23:26:14 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\PunkBuster [2011.09.27 19:03:49 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Red Alert 3 [2011.03.31 06:58:42 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\SharePod [2010.06.09 11:31:20 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\The Games Company [2011.06.28 04:44:29 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Tropico3 [2010.09.13 20:05:45 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Turbine [2011.11.07 21:37:31 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Ubisoft [2011.10.01 18:19:56 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Unity [2011.11.03 13:29:49 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\uTorrent [2011.09.19 16:13:09 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\wargaming.net [2011.08.25 12:37:45 | 000,000,000 | -H-D | M] -- C:\Users\****\AppData\Roaming\WindSolutions [2011.10.25 10:55:29 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.04.23 15:15:50 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.10.26 19:03:27 | 000,000,000 | -H-D | M] -- C:\315262ad4fb7d0cab0f0 [2011.03.18 11:33:26 | 000,000,000 | ---D | M] -- C:\6f953aee03cbddb9d828eb95eec88f5a [2011.04.29 01:13:23 | 000,000,000 | ---D | M] -- C:\a07d34958f2b33b408 [2011.10.30 12:48:11 | 000,000,000 | -H-D | M] -- C:\BlueByte [2010.04.24 00:39:33 | 000,000,000 | -HSD | M] -- C:\Boot [2011.11.08 00:32:30 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2011.05.22 12:00:46 | 000,000,000 | ---D | M] -- C:\d31351f70e04bbfb1d007f4a [2011.05.17 21:06:12 | 000,000,000 | -H-D | M] -- C:\DELL [2006.12.07 19:36:26 | 000,000,000 | -H-D | M] -- C:\doctemp [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.10.21 10:53:56 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2008.10.17 08:20:56 | 000,000,000 | -H-D | M] -- C:\Drivers [2011.11.08 01:42:50 | 000,000,000 | -H-D | M] -- C:\Games [2010.06.03 13:01:01 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.11.12 01:57:55 | 000,000,000 | -HSD | M] -- C:\Nsi.pending [2011.09.13 18:03:56 | 000,000,000 | -H-D | M] -- C:\NVIDIA [2009.07.14 04:20:08 | 000,000,000 | -H-D | M] -- C:\PerfLogs [2011.11.08 14:05:43 | 000,000,000 | R--D | M] -- C:\Program Files [2011.11.08 00:28:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2011.11.08 00:28:13 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.10.21 10:53:57 | 000,000,000 | -HSD | M] -- C:\Programme [2010.04.23 15:15:11 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.11.08 14:21:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.01.26 10:00:31 | 000,000,000 | -H-D | M] -- C:\Temp [2011.09.13 18:13:24 | 000,000,000 | R--D | M] -- C:\Users [2011.11.08 01:44:20 | 000,000,000 | ---D | M] -- C:\Windows [2010.04.24 00:16:15 | 000,000,000 | -H-D | M] -- C:\Windows.old < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2008.10.29 07:20:29 | 002,923,520 | -H-- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | -H-- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | -H-- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009.04.10 23:27:38 | 002,926,592 | -H-- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | -H-- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009.04.10 23:27:38 | 002,926,592 | -H-- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | -H-- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | -H-- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2008.01.21 03:24:53 | 000,134,656 | -H-- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows.old\Windows\regedit.exe [2008.01.21 03:24:53 | 000,134,656 | -H-- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | -H-- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | -H-- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:23:42 | 000,096,768 | -H-- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | -H-- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | -H-- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | -H-- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\System32\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | -H-- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | -H-- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > < End of report > Geändert von tyraelblack (08.11.2011 um 15:29 Uhr) |
|
09.11.2011, 10:51
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | "TR/ATRAPS.Gen2 PC" Performance & Stability Analysis ReportZitat:
__________________ |
|
| Themen zu "TR/ATRAPS.Gen2 PC" Performance & Stability Analysis Report |
| 192.168.0.2, ad-aware, alert, analysis, anfang, antivir, ausgelastet, autorun, bho, c:\windows\system32\rundll32.exe, ccsetup, conduit, csrss.exe, desktop, error, festplatte, firefox, focus, format, helper, logfile, malware, nicht mehr öffnen, object, pc performance, performance, plug-in, problem, programm, registry, rundll, software, stability, system, trojaner-board, virus, webcheck, windows, windows.old, winlogon.exe |
Linear-Darstellung
