| |
| |||||||
Log-Analyse und Auswertung: Bluescreens durch mehrere TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.05.2011, 22:57
| #1 |
| |  Bluescreens durch mehrere Trojaner Guten Abend, Microsoft Security Essentials hat heute Nachmittag nachdem ich beim surfen durchs Netz auf diese Seite search - advertising . org gestoßen bin, diesen Virus gefunden: Exploit:Win32/Pdfjsc.PD. Nachdem ich diesen über das besagte Programm entfernt habe, hat sich mein Laptop mit einem Bluescreen verabschiedet. Seitdem kann ich den Lappi nur noch im abgesicherten Modus starten, da ich sonst nach ein paar Minuten Laufzeit einen Bluescreen bekommen würde. Wenn ich jetzt im abgesichterten Modus google öffnen sich manchmal statt der eigentlichen Websiten Werbewebseiten(z.b. ask.com,search-advertising.org...). Außerdem startet der Windows Explorer manchmal nicht von alleine(Egal ob im AM oder im Normalen Modus). D.h. ich muss ihn über den Task-Manager manuell starten. Die Bluescreens haben generell die Fehlermeldung: "Stop". Manchmal kommt es aber auch vor das die Fehlermeldung im Bluescreen iastor.sys ist. Mein Betriebssystem ist Windows 7 Home Premium 32-Bit-Version (6.1, Build 7600) Nunja hier sind die Logfiles Malwarebytes: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6593 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 16.05.2011 22:47:56 mbam-log-2011-05-16 (22-47-56).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 167014 Laufzeit: 2 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 1 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Users\***\AppData\Roaming\appconf32.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Infizierte Verzeichnisse: c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. Infizierte Dateien: c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. c:\Users\***\downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. Otl:OTL Logfile: Code:
ATTFilter OTL logfile created on: 5/16/2011 11:04:34 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 247.86 Gb Total Space | 48.68 Gb Free Space | 19.64% Space Free | Partition Type: NTFS Drive D: | 202.80 Gb Total Space | 52.35 Gb Free Space | 25.81% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/05/16 23:03:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2011/04/14 18:40:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011/03/28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2011/03/28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe PRC - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe PRC - [2010/07/01 00:07:46 | 001,193,848 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~1\mcafee.com\agent\mcagent.exe PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe ========== Modules (SafeList) ========== MOD - [2011/05/16 23:03:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011/04/26 17:54:48 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/04/22 20:12:36 | 000,728,480 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Stopped] -- C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE -- (SpyHunter 4 Service) SRV - [2011/04/08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011/03/28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire) SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp) SRV - [2010/06/17 23:50:00 | 003,890,920 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\windows\System32\GameMon.des -- (npggsvc) SRV - [2010/06/02 16:58:20 | 000,246,520 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV - [2009/10/02 17:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009/09/29 17:25:38 | 000,099,768 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\Rezip.exe -- (Rezip) SRV - [2009/01/23 03:46:14 | 000,203,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) ========== Driver Services (SafeList) ========== DRV - [2011/05/16 21:41:34 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{98321832-913D-48E8-B9D3-6C035DA379C0}\MpKsl87f862b0.sys -- (MpKsl87f862b0) DRV - [2011/05/16 20:59:53 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{98321832-913D-48E8-B9D3-6C035DA379C0}\MpKslc5b26a80.sys -- (MpKslc5b26a80) DRV - [2011/04/08 07:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011/03/03 17:59:19 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011/01/30 15:38:14 | 000,162,432 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ithsgt.sys -- (ithsgt) DRV - [2011/01/30 15:38:02 | 000,012,032 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lilsgt.sys -- (lilsgt) DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010/09/27 16:34:51 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010/09/17 16:25:58 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010/09/17 16:25:58 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek) DRV - [2010/08/24 14:57:38 | 000,164,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk) DRV - [2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2010/08/24 14:57:38 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk) DRV - [2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids) DRV - [2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/12/14 22:44:42 | 001,245,696 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/11/25 23:32:16 | 000,125,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2009/09/29 17:25:42 | 000,013,752 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\TurboB.sys -- (TurboB) DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/07/01 22:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2005/01/04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0 FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.6.11 FF - prefs.js..extensions.enabledItems: {84b24861-62f6-364b-eba5-2e5e2061d7e6}:0.9.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/16 20:24:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/07 19:00:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 12:34:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 12:34:18 | 000,000,000 | ---D | M] [2010/09/17 14:34:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011/05/15 14:39:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n429yo42.default\extensions [2011/05/01 15:19:52 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n429yo42.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010/11/02 20:01:39 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n429yo42.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2010/10/11 16:27:13 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n429yo42.default\extensions\battlefieldheroespatcher@ea.com [2011/05/10 20:23:37 | 000,001,056 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\n429yo42.default\searchplugins\icqplugin.xml [2011/04/30 12:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/01/14 15:49:19 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} File not found (No name found) -- () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N429YO42.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N429YO42.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011/04/14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/08/24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll [2010/01/01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010/01/01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010/01/01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010/01/01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010/01/01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010/11/03 17:53:15 | 000,001,050 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com O1 - Hosts: 127.0.0.1 orbitservice.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\McAfee\MSK\MskAPBho.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100918142758.dll (McAfee, Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll () O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll () O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [OscarEditor] C:\Program Files\MOUSE Editor\MouseEditor.exe () O4 - HKLM..\RunOnce: [GrpConv] C:\windows\System32\grpconv.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll () O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{9b7c7579-ca44-11df-b4ff-b482fe9a521a}\Shell - "" = AutoRun O33 - MountPoints2\{9b7c7579-ca44-11df-b4ff-b482fe9a521a}\Shell\AutoRun\command - "" = F:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/05/16 22:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2011/05/16 22:43:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011/05/16 22:43:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2011/05/16 22:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/05/16 22:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/05/16 22:43:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2011/05/16 22:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/05/16 22:02:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2011/05/16 22:02:15 | 000,000,000 | ---D | C] -- C:\sh4ldr [2011/05/16 22:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2011/05/16 21:16:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PackageAware [2011/05/16 20:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2011/05/16 19:16:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5015 [2011/05/16 19:15:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\xmldm [2011/05/16 19:15:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\kock [2011/05/12 19:52:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Unity [2011/05/11 14:43:59 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe [2011/05/11 14:43:58 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe [2011/05/10 21:13:56 | 000,139,368 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\drivers\nvhda32v.sys [2011/05/10 21:13:56 | 000,026,216 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvhdap32.dll [2011/05/10 21:13:55 | 000,837,224 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvhdagenco322040.dll [2011/05/10 21:13:54 | 000,057,960 | ---- | C] (Khronos Group) -- C:\windows\System32\OpenCL.dll [2011/05/10 21:13:53 | 006,299,752 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvwgf2um.dll [2011/05/10 21:13:51 | 015,227,496 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvoglv32.dll [2011/05/10 21:13:51 | 010,690,024 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\drivers\nvlddmkm.sys [2011/05/10 21:13:51 | 000,944,232 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvdispco3220140.dll [2011/05/10 21:13:51 | 000,855,656 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvgenco322060.dll [2011/05/10 21:13:50 | 010,071,656 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvd3dum.dll [2011/05/10 21:13:50 | 005,180,824 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvcuda.dll [2011/05/10 21:13:50 | 002,765,928 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvcuvid.dll [2011/05/10 21:13:50 | 002,074,216 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvcuvenc.dll [2011/05/10 21:13:47 | 013,007,464 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvcompiler.dll [2011/05/10 21:13:47 | 002,034,280 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvapi.dll [2011/05/10 21:13:47 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\drivers\nvBridge.kmd [2011/05/10 20:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts [2011/05/10 20:49:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LucasArts [2011/05/10 20:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\LucasArts [2011/05/10 15:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acoustica Mixcraft 5 [2011/05/10 15:00:48 | 000,057,344 | ---- | C] (NexiTech, Inc.) -- C:\windows\System32\Wnaspint.dll [2011/05/10 14:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\Acoustica Shared Effects [2011/05/09 16:43:37 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\*** [2011/05/07 01:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2011/05/06 19:04:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.minecraft_xray [2011/05/06 19:03:51 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\x-ray [2011/05/06 18:24:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.6 [2011/05/06 18:23:18 | 000,000,000 | ---D | C] -- C:\Python26 [2011/05/06 18:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7 [2011/05/06 18:17:08 | 000,000,000 | ---D | C] -- C:\Python27 [2011/05/04 16:14:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps [2011/05/04 16:06:24 | 000,000,000 | ---D | C] -- C:\Fraps [2011/05/04 16:03:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperSnap 6 [2011/05/04 16:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperSnap 6 [2011/05/04 16:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\HyperSnap 6 [2011/04/28 23:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2011/04/28 23:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2011/04/28 23:00:49 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll [2011/04/28 23:00:45 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prevhost.exe [2011/04/28 23:00:25 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\esent.dll [2011/04/28 23:00:25 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\storport.sys [2011/04/28 23:00:24 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fsutil.exe [2011/04/28 22:58:16 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe [2011/04/27 18:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2011/04/25 23:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDev [2011/04/25 23:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\MegaDev [2011/04/25 00:34:30 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\StarCraft II Demo [2011/04/25 00:34:25 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II Demo [2011/04/19 17:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArtMoney SE [2011/04/19 17:16:05 | 000,000,000 | ---D | C] -- C:\Games [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/05/16 22:59:26 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk [2011/05/16 22:56:34 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl [2011/05/16 22:54:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2011/05/16 22:54:31 | 274,108,453 | ---- | M] () -- C:\windows\MEMORY.DMP [2011/05/16 22:54:27 | 3209,199,616 | -HS- | M] () -- C:\hiberfil.sys [2011/05/16 22:51:56 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2011/05/16 22:43:13 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/16 22:02:17 | 000,002,244 | ---- | M] () -- C:\Users\***\Desktop\SpyHunter.lnk [2011/05/16 21:38:33 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2011/05/16 21:18:58 | 000,112,326 | ---- | M] () -- C:\Users\***\Documents\cc_20110516_211850.reg [2011/05/16 19:15:52 | 000,000,000 | ---- | M] () -- C:\Users\***\2gweorjqjutp92vjy9gake [2011/05/16 18:52:30 | 000,007,601 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2011/05/16 10:40:31 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/05/16 10:40:31 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/05/15 21:49:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2011/05/13 16:54:35 | 000,113,595 | ---- | M] () -- C:\Users\***\Documents\IMG_13052011_165425.png [2011/05/13 16:47:44 | 000,116,300 | ---- | M] () -- C:\Users\***\Documents\IMG_13052011_164717.png [2011/05/10 21:16:58 | 000,350,352 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2011/05/10 21:15:06 | 000,043,520 | ---- | M] () -- C:\windows\System32\CmdLineExt03.dll [2011/05/10 20:59:08 | 000,001,996 | ---- | M] () -- C:\Users\***\Desktop\Star Wars Knights of the Old Republic.lnk [2011/05/10 20:28:21 | 000,656,266 | ---- | M] () -- C:\windows\System32\perfh007.dat [2011/05/10 20:28:21 | 000,618,108 | ---- | M] () -- C:\windows\System32\perfh009.dat [2011/05/10 20:28:21 | 000,131,006 | ---- | M] () -- C:\windows\System32\perfc007.dat [2011/05/10 20:28:21 | 000,107,388 | ---- | M] () -- C:\windows\System32\perfc009.dat [2011/05/10 15:26:01 | 000,003,584 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/05/10 15:00:49 | 000,000,978 | ---- | M] () -- C:\Users\Public\Desktop\Mixcraft 5.lnk [2011/05/09 20:44:25 | 004,897,935 | ---- | M] () -- C:\Users\***\Documents\***.rar [2011/05/09 16:43:46 | 004,789,448 | ---- | M] () -- C:\Users\***\Desktop\***.rar [2011/05/06 18:44:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011/05/06 18:44:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011/05/06 13:20:01 | 000,000,641 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2011/05/04 16:14:38 | 000,000,572 | ---- | M] () -- C:\Users\***\Desktop\Fraps.lnk [2011/05/04 16:03:10 | 000,000,948 | ---- | M] () -- C:\Users\***\Desktop\HyperSnap 6.lnk [2011/05/02 20:26:20 | 000,001,638 | ---- | M] () -- C:\Users\Public\Desktop\Operation Flashpoint ® Red River.lnk [2011/04/30 12:34:28 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/04/25 23:46:37 | 000,002,140 | ---- | M] () -- C:\Users\***\Desktop\MegaTrainer eXperience.lnk [2011/04/25 23:46:37 | 000,002,127 | ---- | M] () -- C:\Users\***\Desktop\MT-X - Anleitung.lnk [2011/04/23 22:20:39 | 000,000,298 | ---- | M] () -- C:\Users\***\Desktop\Anno1404_Stadtplanung.pdf [2011/04/19 17:16:09 | 000,000,693 | ---- | M] () -- C:\Users\Public\Desktop\ArtMoney SE v7.35.lnk [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/05/16 22:43:13 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/16 22:02:17 | 000,002,244 | ---- | C] () -- C:\Users\***\Desktop\SpyHunter.lnk [2011/05/16 21:38:33 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2011/05/16 21:18:53 | 000,112,326 | ---- | C] () -- C:\Users\***\Documents\cc_20110516_211850.reg [2011/05/16 20:31:38 | 274,108,453 | ---- | C] () -- C:\windows\MEMORY.DMP [2011/05/16 19:15:52 | 000,000,000 | ---- | C] () -- C:\Users\***\2gweorjqjutp92vjy9gake [2011/05/13 16:54:33 | 000,113,595 | ---- | C] () -- C:\Users\***\Documents\IMG_13052011_165425.png [2011/05/13 16:47:42 | 000,116,300 | ---- | C] () -- C:\Users\***\Documents\IMG_13052011_164717.png [2011/05/10 21:15:06 | 000,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll [2011/05/10 20:49:14 | 000,001,996 | ---- | C] () -- C:\Users\***\Desktop\Star Wars Knights of the Old Republic.lnk [2011/05/10 15:26:01 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/05/10 15:00:49 | 000,000,978 | ---- | C] () -- C:\Users\Public\Desktop\Mixcraft 5.lnk [2011/05/09 16:43:45 | 004,789,448 | ---- | C] () -- C:\Users\***\Desktop\***.rar [2011/05/08 21:25:29 | 004,897,935 | ---- | C] () -- C:\Users\***\Documents\***.rar [2011/05/06 18:44:14 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2011/05/06 18:44:14 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2011/05/04 16:06:29 | 000,000,572 | ---- | C] () -- C:\Users\***\Desktop\Fraps.lnk [2011/05/04 16:03:10 | 000,000,948 | ---- | C] () -- C:\Users\***\Desktop\HyperSnap 6.lnk [2011/05/02 18:18:30 | 000,001,638 | ---- | C] () -- C:\Users\Public\Desktop\Operation Flashpoint ® Red River.lnk [2011/04/30 12:34:27 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011/04/25 23:46:37 | 000,002,140 | ---- | C] () -- C:\Users\***\Desktop\MegaTrainer eXperience.lnk [2011/04/25 23:46:37 | 000,002,127 | ---- | C] () -- C:\Users\***\Desktop\MT-X - Anleitung.lnk [2011/04/23 22:20:18 | 000,000,298 | ---- | C] () -- C:\Users\***\Desktop\Anno1404_Stadtplanung.pdf [2011/04/19 17:16:09 | 000,000,693 | ---- | C] () -- C:\Users\Public\Desktop\ArtMoney SE v7.35.lnk [2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\windows\System32\xlive.dll.cat [2011/03/13 19:15:33 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat [2011/03/07 14:18:34 | 000,000,529 | ---- | C] () -- C:\windows\eReg.dat [2011/01/30 15:38:14 | 000,162,432 | ---- | C] () -- C:\windows\System32\drivers\ithsgt.sys [2011/01/30 15:38:02 | 000,012,032 | ---- | C] () -- C:\windows\System32\drivers\lilsgt.sys [2011/01/30 15:30:18 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat [2010/11/09 19:47:39 | 000,001,832 | ---- | C] () -- C:\windows\hpwmdl24.dat.temp [2010/11/07 18:50:07 | 000,256,296 | ---- | C] () -- C:\windows\hpwins24.dat [2010/10/11 16:47:10 | 000,138,184 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys [2010/10/11 16:47:10 | 000,138,056 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys [2010/10/11 16:46:58 | 000,215,016 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe [2010/10/11 16:46:56 | 000,075,064 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe [2010/10/11 16:46:53 | 002,427,248 | ---- | C] () -- C:\windows\System32\pbsvc_heroes.exe [2010/09/22 19:12:33 | 000,007,601 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2010/09/17 16:25:58 | 000,281,760 | ---- | C] () -- C:\windows\System32\drivers\atksgt.sys [2010/09/17 16:25:58 | 000,025,888 | ---- | C] () -- C:\windows\System32\drivers\lirsgt.sys [2010/09/17 13:38:00 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010/03/06 00:12:46 | 000,656,266 | ---- | C] () -- C:\windows\System32\perfh007.dat [2010/03/06 00:12:46 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2010/03/06 00:12:46 | 000,131,006 | ---- | C] () -- C:\windows\System32\perfc007.dat [2010/03/06 00:12:46 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat [2010/03/05 07:06:50 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2010/03/05 06:56:58 | 000,000,426 | ---- | C] () -- C:\windows\HotFixList.ini [2010/03/05 06:29:42 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe [2009/11/06 11:53:13 | 000,001,832 | ---- | C] () -- C:\windows\hpwmdl24.dat [2009/09/29 17:25:42 | 000,013,752 | ---- | C] () -- C:\windows\System32\drivers\TurboB.sys [2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 06:33:53 | 000,350,352 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2009/07/14 04:05:48 | 000,618,108 | ---- | C] () -- C:\windows\System32\perfh009.dat [2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat [2009/07/14 04:05:48 | 000,107,388 | ---- | C] () -- C:\windows\System32\perfc009.dat [2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat [2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT [2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat [2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin [2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin [2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin [2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat [2008/12/09 17:23:13 | 000,048,352 | RHS- | C] () -- C:\Users\***\AppData\Roaming\appconf32.exe [2006/10/08 19:33:54 | 000,000,000 | ---- | C] () -- C:\windows\R-series.ini ========== LOP Check ========== [2011/05/09 21:44:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2011/05/06 19:04:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft_xray [2010/10/09 19:41:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\2K Sports [2011/05/16 20:24:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5015 [2011/01/12 21:27:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acoustica [2011/01/12 21:34:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Antares [2010/09/27 16:41:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2011/04/30 18:45:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager [2010/11/07 20:16:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GameTuts [2010/10/09 14:57:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Go Go Gourmet [2011/05/13 18:33:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2011/05/16 19:15:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock [2010/10/29 15:02:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient [2011/01/31 19:18:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2010/09/17 22:07:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PlayFirst [2011/01/12 21:27:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SynthMaker [2011/03/10 00:22:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly [2011/02/23 19:44:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2010/11/03 17:03:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2011/05/12 19:52:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unity [2011/05/10 21:09:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent [2010/10/14 22:03:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WebcamMax [2011/05/16 19:15:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm [2010/10/07 21:22:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zylom [2010/11/14 18:03:08 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE < End of report > Otl Extras:OTL Logfile: Code:
ATTFilter OTL logfile created on: 5/16/2011 11:04:34 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Julian\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 247.86 Gb Total Space | 48.68 Gb Free Space | 19.64% Space Free | Partition Type: NTFS Drive D: | 202.80 Gb Total Space | 52.35 Gb Free Space | 25.81% Space Free | Partition Type: NTFS Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/05/16 23:03:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Downloads\OTL.exe PRC - [2011/04/14 18:40:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011/03/28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2011/03/28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe PRC - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe PRC - [2010/07/01 00:07:46 | 001,193,848 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~1\mcafee.com\agent\mcagent.exe PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe ========== Modules (SafeList) ========== MOD - [2011/05/16 23:03:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Downloads\OTL.exe MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011/04/26 17:54:48 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/04/22 20:12:36 | 000,728,480 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Stopped] -- C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE -- (SpyHunter 4 Service) SRV - [2011/04/08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011/03/28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire) SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp) SRV - [2010/06/17 23:50:00 | 003,890,920 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\windows\System32\GameMon.des -- (npggsvc) SRV - [2010/06/02 16:58:20 | 000,246,520 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV - [2009/10/02 17:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009/09/29 17:25:38 | 000,099,768 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\Rezip.exe -- (Rezip) SRV - [2009/01/23 03:46:14 | 000,203,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) ========== Driver Services (SafeList) ========== DRV - [2011/05/16 21:41:34 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{98321832-913D-48E8-B9D3-6C035DA379C0}\MpKsl87f862b0.sys -- (MpKsl87f862b0) DRV - [2011/05/16 20:59:53 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{98321832-913D-48E8-B9D3-6C035DA379C0}\MpKslc5b26a80.sys -- (MpKslc5b26a80) DRV - [2011/04/08 07:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011/03/03 17:59:19 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011/01/30 15:38:14 | 000,162,432 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ithsgt.sys -- (ithsgt) DRV - [2011/01/30 15:38:02 | 000,012,032 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lilsgt.sys -- (lilsgt) DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010/09/27 16:34:51 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010/09/17 16:25:58 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010/09/17 16:25:58 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek) DRV - [2010/08/24 14:57:38 | 000,164,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk) DRV - [2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2010/08/24 14:57:38 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk) DRV - [2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids) DRV - [2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/12/14 22:44:42 | 001,245,696 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/11/25 23:32:16 | 000,125,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2009/09/29 17:25:42 | 000,013,752 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\TurboB.sys -- (TurboB) DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/07/01 22:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2005/01/04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0 FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.6.11 FF - prefs.js..extensions.enabledItems: {84b24861-62f6-364b-eba5-2e5e2061d7e6}:0.9.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/16 20:24:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/07 19:00:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 12:34:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 12:34:18 | 000,000,000 | ---D | M] [2010/09/17 14:34:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions [2011/05/15 14:39:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\n429yo42.default\extensions [2011/05/01 15:19:52 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\n429yo42.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010/11/02 20:01:39 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\n429yo42.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2010/10/11 16:27:13 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\n429yo42.default\extensions\battlefieldheroespatcher@ea.com [2011/05/10 20:23:37 | 000,001,056 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\n429yo42.default\searchplugins\icqplugin.xml [2011/04/30 12:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/01/14 15:49:19 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} File not found (No name found) -- () (No name found) -- C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N429YO42.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI () (No name found) -- C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N429YO42.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011/04/14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/08/24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll [2010/01/01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010/01/01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010/01/01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010/01/01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010/01/01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010/11/03 17:53:15 | 000,001,050 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com O1 - Hosts: 127.0.0.1 orbitservice.ubi.com O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\McAfee\MSK\MskAPBho.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100918142758.dll (McAfee, Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll () O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll () O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [OscarEditor] C:\Program Files\MOUSE Editor\MouseEditor.exe () O4 - HKLM..\RunOnce: [GrpConv] C:\windows\System32\grpconv.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll () O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{9b7c7579-ca44-11df-b4ff-b482fe9a521a}\Shell - "" = AutoRun O33 - MountPoints2\{9b7c7579-ca44-11df-b4ff-b482fe9a521a}\Shell\AutoRun\command - "" = F:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/05/16 22:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2011/05/16 22:43:18 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Malwarebytes [2011/05/16 22:43:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2011/05/16 22:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/05/16 22:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/05/16 22:43:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2011/05/16 22:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/05/16 22:02:17 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2011/05/16 22:02:15 | 000,000,000 | ---D | C] -- C:\sh4ldr [2011/05/16 22:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2011/05/16 21:16:06 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\PackageAware [2011/05/16 20:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2011/05/16 19:16:08 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\5015 [2011/05/16 19:15:54 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\xmldm [2011/05/16 19:15:53 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\kock [2011/05/12 19:52:52 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Unity [2011/05/11 14:43:59 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe [2011/05/11 14:43:58 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe [2011/05/10 21:13:56 | 000,139,368 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\drivers\nvhda32v.sys [2011/05/10 21:13:56 | 000,026,216 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvhdap32.dll [2011/05/10 21:13:55 | 000,837,224 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvhdagenco322040.dll [2011/05/10 21:13:54 | 000,057,960 | ---- | C] (Khronos Group) -- C:\windows\System32\OpenCL.dll [2011/05/10 21:13:53 | 006,299,752 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvwgf2um.dll [2011/05/10 21:13:51 | 015,227,496 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvoglv32.dll [2011/05/10 21:13:51 | 010,690,024 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\drivers\nvlddmkm.sys [2011/05/10 21:13:51 | 000,944,232 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvdispco3220140.dll [2011/05/10 21:13:51 | 000,855,656 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvgenco322060.dll [2011/05/10 21:13:50 | 010,071,656 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvd3dum.dll [2011/05/10 21:13:50 | 005,180,824 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvcuda.dll [2011/05/10 21:13:50 | 002,765,928 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvcuvid.dll [2011/05/10 21:13:50 | 002,074,216 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvcuvenc.dll [2011/05/10 21:13:47 | 013,007,464 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvcompiler.dll [2011/05/10 21:13:47 | 002,034,280 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvapi.dll [2011/05/10 21:13:47 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\drivers\nvBridge.kmd [2011/05/10 20:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts [2011/05/10 20:49:01 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LucasArts [2011/05/10 20:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\LucasArts [2011/05/10 15:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acoustica Mixcraft 5 [2011/05/10 15:00:48 | 000,057,344 | ---- | C] (NexiTech, Inc.) -- C:\windows\System32\Wnaspint.dll [2011/05/10 14:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\Acoustica Shared Effects [2011/05/09 16:43:37 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\*** [2011/05/07 01:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2011/05/06 19:04:09 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\.minecraft_xray [2011/05/06 19:03:51 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\x-ray [2011/05/06 18:24:24 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.6 [2011/05/06 18:23:18 | 000,000,000 | ---D | C] -- C:\Python26 [2011/05/06 18:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7 [2011/05/06 18:17:08 | 000,000,000 | ---D | C] -- C:\Python27 [2011/05/04 16:14:38 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps [2011/05/04 16:06:24 | 000,000,000 | ---D | C] -- C:\Fraps [2011/05/04 16:03:10 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperSnap 6 [2011/05/04 16:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperSnap 6 [2011/05/04 16:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\HyperSnap 6 [2011/04/28 23:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2011/04/28 23:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2011/04/28 23:00:49 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll [2011/04/28 23:00:45 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prevhost.exe [2011/04/28 23:00:25 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\esent.dll [2011/04/28 23:00:25 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\storport.sys [2011/04/28 23:00:24 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fsutil.exe [2011/04/28 22:58:16 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe [2011/04/27 18:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2011/04/25 23:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDev [2011/04/25 23:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\MegaDev [2011/04/25 00:34:30 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\StarCraft II Demo [2011/04/25 00:34:25 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II Demo [2011/04/19 17:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArtMoney SE [2011/04/19 17:16:05 | 000,000,000 | ---D | C] -- C:\Games [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\Julian\AppData\Roaming\*.tmp files -> C:\Users\Julian\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/05/16 22:59:26 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk [2011/05/16 22:56:34 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl [2011/05/16 22:54:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2011/05/16 22:54:31 | 274,108,453 | ---- | M] () -- C:\windows\MEMORY.DMP [2011/05/16 22:54:27 | 3209,199,616 | -HS- | M] () -- C:\hiberfil.sys [2011/05/16 22:51:56 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2011/05/16 22:43:13 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/16 22:02:17 | 000,002,244 | ---- | M] () -- C:\Users\Julian\Desktop\SpyHunter.lnk [2011/05/16 21:38:33 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2011/05/16 21:18:58 | 000,112,326 | ---- | M] () -- C:\Users\Julian\Documents\cc_20110516_211850.reg [2011/05/16 19:15:52 | 000,000,000 | ---- | M] () -- C:\Users\Julian\2gweorjqjutp92vjy9gake [2011/05/16 18:52:30 | 000,007,601 | ---- | M] () -- C:\Users\Julian\AppData\Local\Resmon.ResmonCfg [2011/05/16 10:40:31 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/05/16 10:40:31 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/05/15 21:49:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2011/05/13 16:54:35 | 000,113,595 | ---- | M] () -- C:\Users\Julian\Documents\IMG_13052011_165425.png [2011/05/13 16:47:44 | 000,116,300 | ---- | M] () -- C:\Users\Julian\Documents\IMG_13052011_164717.png [2011/05/10 21:16:58 | 000,350,352 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2011/05/10 21:15:06 | 000,043,520 | ---- | M] () -- C:\windows\System32\CmdLineExt03.dll [2011/05/10 20:59:08 | 000,001,996 | ---- | M] () -- C:\Users\Julian\Desktop\Star Wars Knights of the Old Republic.lnk [2011/05/10 20:28:21 | 000,656,266 | ---- | M] () -- C:\windows\System32\perfh007.dat [2011/05/10 20:28:21 | 000,618,108 | ---- | M] () -- C:\windows\System32\perfh009.dat [2011/05/10 20:28:21 | 000,131,006 | ---- | M] () -- C:\windows\System32\perfc007.dat [2011/05/10 20:28:21 | 000,107,388 | ---- | M] () -- C:\windows\System32\perfc009.dat [2011/05/10 15:26:01 | 000,003,584 | ---- | M] () -- C:\Users\Julian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/05/10 15:00:49 | 000,000,978 | ---- | M] () -- C:\Users\Public\Desktop\Mixcraft 5.lnk [2011/05/09 20:44:25 | 004,897,935 | ---- | M] () -- C:\Users\Julian\Documents\***.rar [2011/05/09 16:43:46 | 004,789,448 | ---- | M] () -- C:\Users\Julian\Desktop\***.rar [2011/05/06 18:44:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011/05/06 18:44:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011/05/06 13:20:01 | 000,000,641 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2011/05/04 16:14:38 | 000,000,572 | ---- | M] () -- C:\Users\Julian\Desktop\Fraps.lnk [2011/05/04 16:03:10 | 000,000,948 | ---- | M] () -- C:\Users\Julian\Desktop\HyperSnap 6.lnk [2011/05/02 20:26:20 | 000,001,638 | ---- | M] () -- C:\Users\Public\Desktop\Operation Flashpoint ® Red River.lnk [2011/04/30 12:34:28 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/04/25 23:46:37 | 000,002,140 | ---- | M] () -- C:\Users\Julian\Desktop\MegaTrainer eXperience.lnk [2011/04/25 23:46:37 | 000,002,127 | ---- | M] () -- C:\Users\Julian\Desktop\MT-X - Anleitung.lnk [2011/04/23 22:20:39 | 000,000,298 | ---- | M] () -- C:\Users\Julian\Desktop\Anno1404_Stadtplanung.pdf [2011/04/19 17:16:09 | 000,000,693 | ---- | M] () -- C:\Users\Public\Desktop\ArtMoney SE v7.35.lnk [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\Julian\AppData\Roaming\*.tmp files -> C:\Users\Julian\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/05/16 22:43:13 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/16 22:02:17 | 000,002,244 | ---- | C] () -- C:\Users\Julian\Desktop\SpyHunter.lnk [2011/05/16 21:38:33 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2011/05/16 21:18:53 | 000,112,326 | ---- | C] () -- C:\Users\Julian\Documents\cc_20110516_211850.reg [2011/05/16 20:31:38 | 274,108,453 | ---- | C] () -- C:\windows\MEMORY.DMP [2011/05/16 19:15:52 | 000,000,000 | ---- | C] () -- C:\Users\Julian\2gweorjqjutp92vjy9gake [2011/05/13 16:54:33 | 000,113,595 | ---- | C] () -- C:\Users\Julian\Documents\IMG_13052011_165425.png [2011/05/13 16:47:42 | 000,116,300 | ---- | C] () -- C:\Users\Julian\Documents\IMG_13052011_164717.png [2011/05/10 21:15:06 | 000,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll [2011/05/10 20:49:14 | 000,001,996 | ---- | C] () -- C:\Users\Julian\Desktop\Star Wars Knights of the Old Republic.lnk [2011/05/10 15:26:01 | 000,003,584 | ---- | C] () -- C:\Users\Julian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/05/10 15:00:49 | 000,000,978 | ---- | C] () -- C:\Users\Public\Desktop\Mixcraft 5.lnk [2011/05/09 16:43:45 | 004,789,448 | ---- | C] () -- C:\Users\Julian\Desktop\***.rar [2011/05/08 21:25:29 | 004,897,935 | ---- | C] () -- C:\Users\Julian\Documents\***.rar [2011/05/06 18:44:14 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2011/05/06 18:44:14 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2011/05/04 16:06:29 | 000,000,572 | ---- | C] () -- C:\Users\Julian\Desktop\Fraps.lnk [2011/05/04 16:03:10 | 000,000,948 | ---- | C] () -- C:\Users\Julian\Desktop\HyperSnap 6.lnk [2011/05/02 18:18:30 | 000,001,638 | ---- | C] () -- C:\Users\Public\Desktop\Operation Flashpoint ® Red River.lnk [2011/04/30 12:34:27 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011/04/25 23:46:37 | 000,002,140 | ---- | C] () -- C:\Users\Julian\Desktop\MegaTrainer eXperience.lnk [2011/04/25 23:46:37 | 000,002,127 | ---- | C] () -- C:\Users\Julian\Desktop\MT-X - Anleitung.lnk [2011/04/23 22:20:18 | 000,000,298 | ---- | C] () -- C:\Users\Julian\Desktop\Anno1404_Stadtplanung.pdf [2011/04/19 17:16:09 | 000,000,693 | ---- | C] () -- C:\Users\Public\Desktop\ArtMoney SE v7.35.lnk [2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\windows\System32\xlive.dll.cat [2011/03/13 19:15:33 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat [2011/03/07 14:18:34 | 000,000,529 | ---- | C] () -- C:\windows\eReg.dat [2011/01/30 15:38:14 | 000,162,432 | ---- | C] () -- C:\windows\System32\drivers\ithsgt.sys [2011/01/30 15:38:02 | 000,012,032 | ---- | C] () -- C:\windows\System32\drivers\lilsgt.sys [2011/01/30 15:30:18 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat [2010/11/09 19:47:39 | 000,001,832 | ---- | C] () -- C:\windows\hpwmdl24.dat.temp [2010/11/07 18:50:07 | 000,256,296 | ---- | C] () -- C:\windows\hpwins24.dat [2010/10/11 16:47:10 | 000,138,184 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys [2010/10/11 16:47:10 | 000,138,056 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\PnkBstrK.sys [2010/10/11 16:46:58 | 000,215,016 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe [2010/10/11 16:46:56 | 000,075,064 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe [2010/10/11 16:46:53 | 002,427,248 | ---- | C] () -- C:\windows\System32\pbsvc_heroes.exe [2010/09/22 19:12:33 | 000,007,601 | ---- | C] () -- C:\Users\Julian\AppData\Local\Resmon.ResmonCfg [2010/09/17 16:25:58 | 000,281,760 | ---- | C] () -- C:\windows\System32\drivers\atksgt.sys [2010/09/17 16:25:58 | 000,025,888 | ---- | C] () -- C:\windows\System32\drivers\lirsgt.sys [2010/09/17 13:38:00 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010/03/06 00:12:46 | 000,656,266 | ---- | C] () -- C:\windows\System32\perfh007.dat [2010/03/06 00:12:46 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2010/03/06 00:12:46 | 000,131,006 | ---- | C] () -- C:\windows\System32\perfc007.dat [2010/03/06 00:12:46 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat [2010/03/05 07:06:50 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2010/03/05 06:56:58 | 000,000,426 | ---- | C] () -- C:\windows\HotFixList.ini [2010/03/05 06:29:42 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe [2009/11/06 11:53:13 | 000,001,832 | ---- | C] () -- C:\windows\hpwmdl24.dat [2009/09/29 17:25:42 | 000,013,752 | ---- | C] () -- C:\windows\System32\drivers\TurboB.sys [2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 06:33:53 | 000,350,352 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2009/07/14 04:05:48 | 000,618,108 | ---- | C] () -- C:\windows\System32\perfh009.dat [2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat [2009/07/14 04:05:48 | 000,107,388 | ---- | C] () -- C:\windows\System32\perfc009.dat [2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat [2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT [2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat [2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin [2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin [2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin [2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat [2008/12/09 17:23:13 | 000,048,352 | RHS- | C] () -- C:\Users\Julian\AppData\Roaming\appconf32.exe [2006/10/08 19:33:54 | 000,000,000 | ---- | C] () -- C:\windows\R-series.ini ========== LOP Check ========== [2011/05/09 21:44:01 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\.minecraft [2011/05/06 19:04:09 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\.minecraft_xray [2010/10/09 19:41:12 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\2K Sports [2011/05/16 20:24:31 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\5015 [2011/01/12 21:27:34 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Acoustica [2011/01/12 21:34:17 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Antares [2010/09/27 16:41:30 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\DAEMON Tools Lite [2011/04/30 18:45:43 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Free Download Manager [2010/11/07 20:16:04 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\GameTuts [2010/10/09 14:57:38 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Go Go Gourmet [2011/05/13 18:33:58 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\ICQ [2011/05/16 19:15:53 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\kock [2010/10/29 15:02:33 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\LolClient [2011/01/31 19:18:22 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2010/09/17 22:07:16 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\PlayFirst [2011/01/12 21:27:38 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\SynthMaker [2011/03/10 00:22:08 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\The Creative Assembly [2011/02/23 19:44:23 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\TS3Client [2010/11/03 17:03:46 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Ubisoft [2011/05/12 19:52:52 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Unity [2011/05/10 21:09:01 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\uTorrent [2010/10/14 22:03:53 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\WebcamMax [2011/05/16 19:15:54 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\xmldm [2010/10/07 21:22:07 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Zylom [2010/11/14 18:03:08 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE < End of report > Sollten noch mehr Logs von Nöten sein müsst ihr mir das sagen. Ich hoffe ihr könnt mir helfen!  Mfg Julian |
|
16.05.2011, 23:07
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bluescreens durch mehrere Trojaner Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
16.05.2011, 23:12
| #3 |
| | Bluescreens durch mehrere Trojaner Es gibt noch einen den ich nach dem vorherigen Scan gemacht hab.
__________________Sonst aber keinen. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6593 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 16.05.2011 23:25:36 mbam-log-2011-05-16 (23-25-36).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 166896 Laufzeit: 2 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Mfg Julian |
|
16.05.2011, 23:21
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bluescreens durch mehrere TrojanerZitat:
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.05.2011, 10:09
| #5 |
| | Bluescreens durch mehrere Trojaner Tut mir leid das ich erst jetzt antworte ich bin während des Scans eingeschlafen.  Jedenfalls hat der vollständige Scan 5 Trojan.Dropper gefunden. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6593 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 17.05.2011 06:22:24 mbam-log-2011-05-17 (06-22-24).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 494557 Laufzeit: 1 Stunde(n), 15 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 5 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Windows\Temp\0.038743985186531105.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Windows\Temp\0.00693450851851829.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Windows\Temp\0.22208238544798664.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Windows\Temp\0.4486574374882275.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Windows\Temp\0.8172706671246647.exe (Trojan.Dropper) -> Quarantined and deleted successfully. |
|
17.05.2011, 10:48
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bluescreens durch mehrere TrojanerZitat:
__________________ --> Bluescreens durch mehrere Trojaner |
|
17.05.2011, 10:56
| #7 |
| | Bluescreens durch mehrere Trojaner Das könnte ein Crack sein.  |
|
17.05.2011, 11:01
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bluescreens durch mehrere Trojaner Dann ist auch klar, woher die Infektion kommt. Mach die Kiste platt und setz Windows neu auf, bei Cracks wird hier nicht mehr bereinigt. Folge dem Artikel zur Neuinstallation von Windows.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Bluescreens durch mehrere Trojaner |
| alternate, autorun, bho, bluescreen, defender, enigma, error, explorer, fehlermeldung, firefox, format, free download, google, heuristics.reserved.word.exploit, home, kaspersky, laufzeit, mozilla, nvlddmkm.sys, oldtimer, phishing, plug-in, programm, recycle.bin, registry, searchplugins, security, siteadvisor, software, sptd.sys, start menu, starten, static, task-manager, trojane, trojaner, updates, virus, virus gefunden, webcheck, windows, windows 7 home, windows 7 home premium |
Linear-Darstellung
