Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Internet bricht dauernd ab und ist langsam, Virus? (https://www.trojaner-board.de/94186-internet-bricht-dauernd-ab-langsam-virus.html)

bong464 27.12.2010 18:25
Internet bricht dauernd ab und ist langsam, Virus?
 
Hey, ich bin neu hier.
Seit einiger zeit spackt mein PC ein bisschen rum, das Internet (Wlan) bricht in unregelmäßigen abständen weg. Dabei bleibt die Wlan verbindung allerdings noch vorhanden, nur ohne internetzugriff.
Wenn das Internet funktioniert, ist es meißt auch extrem langsam.
Firefox spinnt auch manchmal, er offnet einen tab einfach in einem neuen Fenster, also ohne etwas gemacht zu haben. Firefox beendet sich auch manchmal selbst...
Hier mal ein Hijacker post:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:20:42, on 27.12.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files\Logitech\SetPointP\LU\LULnchr.exe
C:\Program Files\Logitech\SetPointP\LU\LogitechUpdate.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\****\Desktop\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.nexon.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Dropbox.lnk = C:\Users\2288\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\2288\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~3\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: DATA BECKER Update Service (DBService) - DATA BECKER GmbH & Co KG - C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player-Netzwerkfreigabedienst (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7950 bytes

cosinus 29.12.2010 14:18
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

bong464 29.12.2010 17:48
hier der malewarebytes log:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5416

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

29.12.2010 17:46:29
mbam-log-2010-12-29 (17-46-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 378959
Laufzeit: 1 Stunde(n), 4 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 10

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\****\documents\visual studio 2010\Projects\best crosshair\best crosshair\bin\Debug\windowsapplication1.exe (Backdoor.Agent) -> No action taken.
c:\Users\****\documents\visual studio 2010\Projects\best crosshair\best crosshair\obj\x86\Debug\windowsapplication1.exe (Backdoor.Agent) -> No action taken.
c:\Users\****\documents\visual studio 2010\Projects\warrock crosshair\warrock crosshair\bin\Debug\windowsapplication1.exe (Backdoor.Agent) -> No action taken.
c:\Users\****\documents\visual studio 2010\Projects\warrock crosshair\warrock crosshair\obj\x86\Debug\windowsapplication1.exe (Backdoor.Agent) -> No action taken.
c:\Users\****\documents\visual studio 2010\Projects\windowsapplication1\windowsapplication1\bin\Debug\windowsapplication1.exe (Backdoor.Agent) -> No action taken.
c:\Users\****\documents\visual studio 2010\Projects\windowsapplication1\windowsapplication1\obj\x86\Debug\windowsapplication1.exe (Backdoor.Agent) -> No action taken.
c:\wintinixk7\iphodroid_bincon.exe (Trojan.Oficla) -> No action taken.
d:\****\games\image\downlmanager\tonec.inc.internet.download.manager.v5.18.8.incl.keygen.and.patch-lz0\lzkyawo1\Linezer0\patch (2).exe (RiskWare.Tool.CK) -> No action taken.
d:\****\games\image\downlmanager\tonec.inc.internet.download.manager.v5.18.8.incl.keygen.and.patch-lz0\lzkyawo1\Linezer0\Patch.exe (RiskWare.Tool.CK) -> No action taken.
d:\sicherung\hack\PerX.exe (HackTool.Agent) -> No action taken.

bong464 29.12.2010 18:05
hier die otl logs:

(1)OTL Logfile:
Code:
OTL logfile created on: 29.12.2010 17:51:47 - Run 1
OTL by OldTimer - Version 3.2.18.1    Folder = C:\Users\****\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 54,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 125,91 Gb Free Space | 54,06% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 267,83 Gb Free Space | 57,50% Space Free | Partition Type: NTFS
Drive F: | 6,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Logitech\SetPointP\LU\LogitechUpdate.exe (Logitech, Inc.)
PRC - C:\Program Files\Logitech\SetPointP\LU\LULnchr.exe (Logitech, Inc.)
PRC - C:\Program Files\ASUS\Six Engine\SixEngine.exe ()
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (nTuneService) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys File not found
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys File not found
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys File not found
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys File not found
DRV:64bit: - (EIO64) -- C:\Windows\SysNative\DRIVERS\EIO64.sys File not found
DRV:64bit: - (EagleX64) -- C:\Windows\SysNative\drivers\EagleX64.sys File not found
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (RTL2832UUSB) -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV:64bit: - (RTL2832UBDA) -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (RTL2832U_IRHID) -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys (Realtek)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (FlashUSB) -- C:\Windows\SysNative\drivers\FlashUSB_x64.sys (Danish Wireless Design A/S)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek)
DRV:64bit: - (SaiK0728) -- C:\Windows\SysNative\drivers\SaiK0728.sys (Saitek)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\SysNative\drivers\LV561V64.sys (Logitech Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
DRV - (RTL2832UUSB) -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (RTL2832UBDA) -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (RTL2832U_IRHID) -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys (Realtek)
DRV - (NVR0Dev) -- C:\Windows\nvoclk64.sys (NVidia Corp.)
DRV - (Secdrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.nexon.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 1F 6E 57 C6 D1 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q="
 
 
FF - HKLM\software\mozilla\Minefield 4.0b2pre\extensions\\Components: C:\Program Files (x86)\Minefield\components [2010.12.14 09:45:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.16 19:25:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.16 19:25:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.10\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.12.14 09:45:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] ()
 
[2010.04.08 17:26:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2010.04.08 17:26:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.29 17:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\op7g4qwx.default\extensions
[2010.10.14 18:10:28 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\op7g4qwx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.10.14 18:10:09 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\op7g4qwx.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.06.21 18:38:15 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\op7g4qwx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.10.14 18:10:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\op7g4qwx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.12.21 17:24:23 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\op7g4qwx.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.07.30 10:46:16 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\op7g4qwx.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.12.28 19:58:07 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\op7g4qwx.default\searchplugins\icqplugin-1.xml
[2010.06.30 16:43:19 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\op7g4qwx.default\searchplugins\icqplugin-2.xml
[2010.08.07 16:09:32 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\op7g4qwx.default\searchplugins\icqplugin-3.xml
[2010.09.17 13:32:22 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\op7g4qwx.default\searchplugins\icqplugin-4.xml
[2010.10.11 18:33:57 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\op7g4qwx.default\searchplugins\icqplugin-5.xml
[2010.10.24 13:27:25 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\op7g4qwx.default\searchplugins\icqplugin-6.xml
[2010.10.24 18:30:34 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\op7g4qwx.default\searchplugins\icqplugin-7.xml
[2010.12.16 19:25:37 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\op7g4qwx.default\searchplugins\icqplugin-8.xml
[2010.12.19 14:46:27 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\op7g4qwx.default\searchplugins\icqplugin-9.xml
[2010.06.24 17:21:28 | 000,000,656 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\op7g4qwx.default\searchplugins\icqplugin.xml
[2010.07.05 19:13:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2008.02.22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2010.07.28 11:52:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.28 11:52:30 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.28 11:52:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.28 11:52:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.28 11:52:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.12.27 12:10:38 | 000,000,877 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 74.208.10.249 gs.apple.com
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~3\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.01 11:44:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.12.30 11:40:44 | 000,000,044 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009.02.28 18:57:34 | 007,214,352 | R--- | M] (Ubisoft) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009.03.02 09:25:04 | 000,401,444 | R--- | M] (RAD Game Tools, Inc.) - F:\Autorun.dll -- [ UDF ]
O33 - MountPoints2\{12785a01-4003-11df-bd3a-001c4af2ebba}\Shell - "" = AutoRun
O33 - MountPoints2\{12785a01-4003-11df-bd3a-001c4af2ebba}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2009.02.28 18:57:34 | 007,214,352 | R--- | M] (Ubisoft)
O33 - MountPoints2\{f6fc58ea-3db5-11df-a5ab-90e6ba9f009d}\Shell - "" = AutoRun
O33 - MountPoints2\{f6fc58ea-3db5-11df-a5ab-90e6ba9f009d}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found
O33 - MountPoints2\{f6fc5977-3db5-11df-a5ab-001c4af2ebba}\Shell - "" = AutoRun
O33 - MountPoints2\{f6fc5977-3db5-11df-a5ab-001c4af2ebba}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\USBAutoRun.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\USBAutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.29 16:40:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2010.12.29 16:40:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.29 16:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.29 16:40:02 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.29 16:40:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.12.29 16:38:40 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2010.12.28 13:21:54 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2010.12.28 13:21:54 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2010.12.28 13:21:54 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2010.12.28 13:21:54 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2010.12.28 13:21:54 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010.12.28 13:21:54 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2010.12.28 13:21:53 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010.12.28 13:21:53 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2010.12.28 13:21:51 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010.12.28 13:21:51 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010.12.28 13:21:51 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010.12.28 13:21:51 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010.12.28 13:21:49 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010.12.28 13:21:49 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010.12.28 13:21:48 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2010.12.28 13:21:48 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2010.12.28 13:21:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2010.12.28 13:21:48 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2010.12.28 13:21:48 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2010.12.28 13:21:48 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2010.12.28 13:21:47 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2010.12.28 13:21:47 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2010.12.28 13:21:46 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010.12.28 13:21:46 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2010.12.28 13:21:46 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2010.12.28 13:21:46 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2010.12.28 13:21:44 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2010.12.28 13:21:44 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2010.12.28 13:21:44 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2010.12.28 13:21:44 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2010.12.28 13:21:43 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2010.12.28 13:21:43 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2010.12.28 13:21:42 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2010.12.28 13:21:42 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2010.12.28 13:21:41 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010.12.28 13:21:41 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2010.12.28 13:21:41 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2010.12.28 13:21:41 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2010.12.28 13:21:39 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2010.12.28 13:21:39 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010.12.28 13:21:39 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2010.12.28 13:21:39 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2010.12.28 13:21:37 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2010.12.28 13:21:37 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2010.12.28 13:21:37 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2010.12.28 13:21:37 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2010.12.28 13:21:35 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2010.12.28 13:21:35 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2010.12.28 13:21:34 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2010.12.28 13:21:34 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2010.12.28 13:21:33 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010.12.28 13:21:33 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2010.12.28 13:21:33 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2010.12.28 13:21:33 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2010.12.28 13:21:30 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2010.12.28 13:21:30 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010.12.28 13:21:29 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2010.12.28 13:21:29 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010.12.28 13:21:29 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2010.12.28 13:21:29 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2010.12.28 13:21:28 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2010.12.28 13:21:28 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2010.12.28 13:21:28 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2010.12.28 13:21:28 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2010.12.28 13:21:27 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2010.12.28 13:21:27 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010.12.28 13:21:26 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2010.12.28 13:21:26 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010.12.28 13:21:24 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2010.12.28 13:21:24 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2010.12.28 13:21:23 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2010.12.28 13:21:23 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2010.12.28 13:21:23 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2010.12.28 13:21:23 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2010.12.28 13:21:21 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2010.12.28 13:21:21 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2010.12.28 13:21:20 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2010.12.28 13:21:20 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2010.12.28 13:21:19 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2010.12.28 13:21:19 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2010.12.28 13:21:18 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2010.12.28 13:21:18 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2010.12.28 13:21:17 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010.12.28 13:21:17 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010.12.28 13:21:16 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2010.12.28 13:21:16 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2010.12.28 13:21:16 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2010.12.28 13:21:16 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2010.12.28 13:21:13 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2010.12.28 13:21:13 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2010.12.28 13:21:11 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2010.12.28 13:21:11 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2010.12.28 13:21:11 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2010.12.28 13:21:11 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2010.12.28 13:21:08 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2010.12.28 13:21:08 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2010.12.28 13:21:06 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2010.12.28 13:21:06 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2010.12.28 13:21:03 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2010.12.28 13:21:03 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2010.12.28 13:20:50 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2010.12.28 13:20:50 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010.12.28 13:20:48 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2010.12.28 13:20:48 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010.12.28 13:20:48 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2010.12.28 13:20:48 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010.12.28 13:20:45 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2010.12.28 13:20:45 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010.12.28 13:20:42 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2010.12.28 13:20:42 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2010.12.28 13:20:38 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2010.12.28 13:20:38 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2010.12.28 13:20:31 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2010.12.28 13:20:31 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010.12.28 13:20:29 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2010.12.28 13:20:29 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010.12.28 13:20:23 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2010.12.28 13:20:23 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2010.12.28 13:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2010.12.26 14:48:45 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\p
[2010.12.24 15:38:59 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Newsbin Download
[2010.12.24 15:36:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\NewsBin
[2010.12.24 14:18:58 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Microsoft Games
[2010.12.22 17:51:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AltBinz
[2010.12.22 17:47:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SABnzbd
[2010.12.20 14:02:53 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2010.12.20 14:02:53 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2010.12.20 14:02:53 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2010.12.20 14:02:53 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2010.12.19 19:46:25 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Wi-Fi Sync
[2010.12.19 15:46:27 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\CrashRpt
[2010.12.19 15:30:52 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\aIW-37a-10802
[2010.12.19 14:51:06 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\ph
[2010.12.15 13:23:26 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010.12.15 13:23:26 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010.12.15 13:23:26 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2010.12.15 13:23:25 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010.12.15 13:23:25 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010.12.15 13:23:25 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010.12.15 13:23:25 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2010.12.15 13:23:25 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2010.12.15 13:23:24 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.12.15 13:23:23 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.12.15 13:23:23 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.12.15 13:23:23 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.12.15 13:23:21 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2010.12.15 13:23:21 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2010.12.15 13:23:16 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010.12.15 13:23:02 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.12.15 13:23:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.12.15 13:22:59 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.12.15 13:22:59 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.12.15 13:22:59 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.12.15 13:22:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.12.15 13:22:59 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.12.15 13:22:59 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.12.15 13:22:57 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.12.15 13:22:57 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.12.15 13:22:57 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.12.15 13:22:57 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.12.15 13:22:56 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.12.15 13:22:56 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.12.14 17:06:53 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\widescreen-wallpaper
[2010.12.14 10:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.12.14 10:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.12.14 09:44:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.12.14 09:43:28 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Dropbox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.29 17:45:05 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.29 17:45:04 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.29 16:40:08 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.29 16:38:44 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2010.12.29 13:44:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.27 17:11:51 | 000,000,600 | ---- | M] () -- C:\Users\****\AppData\Roaming\winscp.rnd
[2010.12.27 16:54:39 | 000,000,600 | ---- | M] () -- C:\Users\****\AppData\Local\PUTTY.RND
[2010.12.27 16:28:02 | 000,014,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.27 16:28:02 | 000,014,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.27 15:20:41 | 1609,867,264 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.27 12:10:38 | 000,000,878 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[2010.12.27 12:10:38 | 000,000,877 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.12.23 15:45:36 | 001,612,480 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.12.23 15:45:36 | 000,696,622 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.12.23 15:45:36 | 000,651,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.12.23 15:45:36 | 000,147,918 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.12.23 15:45:36 | 000,120,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.12.22 20:23:02 | 000,001,345 | ---- | M] () -- C:\Users\****\Desktop\Media Center.lnk
[2010.12.22 17:51:48 | 000,001,001 | ---- | M] () -- C:\Users\****\Desktop\Alt.Binz.lnk
[2010.12.22 17:48:22 | 000,000,924 | ---- | M] () -- C:\Users\****\Desktop\xlned - Verknüpfung.lnk
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.20 14:02:44 | 000,002,165 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.12.19 16:32:52 | 000,000,004 | ---- | M] () -- C:\Users\****\AppData\Roaming\steam_md4.dat
[2010.12.15 16:26:30 | 000,320,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.12.14 09:46:13 | 000,001,000 | ---- | M] () -- C:\Users\****\Desktop\Dropbox.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.29 16:40:08 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.27 12:01:09 | 000,000,088 | ---- | C] () -- C:\Users\****\umbrella0.log
[2010.12.22 20:23:02 | 000,001,345 | ---- | C] () -- C:\Users\****\Desktop\Media Center.lnk
[2010.12.22 17:51:48 | 000,001,001 | ---- | C] () -- C:\Users\****\Desktop\Alt.Binz.lnk
[2010.12.22 17:48:22 | 000,000,924 | ---- | C] () -- C:\Users\****\Desktop\xlned - Verknüpfung.lnk
[2010.12.20 14:02:44 | 000,002,165 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.12.19 16:32:51 | 000,000,004 | ---- | C] () -- C:\Users\****\AppData\Roaming\steam_md4.dat
[2010.12.14 09:46:13 | 000,001,000 | ---- | C] () -- C:\Users\****\Desktop\Dropbox.lnk
[2010.09.20 19:30:40 | 000,073,832 | ---- | C] () -- C:\Windows\SysWow64\SuperFrameSplitter.dll
[2010.09.20 19:30:40 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\RTKDABMWare.dll
[2010.08.27 18:34:29 | 000,000,600 | ---- | C] () -- C:\Users\****\AppData\Local\PUTTY.RND
[2010.08.27 15:38:32 | 000,000,600 | ---- | C] () -- C:\Users\****\AppData\Roaming\winscp.rnd
[2010.07.27 15:08:33 | 000,011,968 | ---- | C] () -- C:\Windows\SysWow64\drivers\SECDRV.SYS
[2010.07.10 20:10:43 | 000,000,103 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2010.06.18 20:44:35 | 001,640,714 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.06.03 19:29:12 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.05.28 17:40:17 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010.05.25 17:10:31 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.04.08 17:01:52 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.04.02 17:45:12 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.04.02 17:45:12 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.04.02 17:32:52 | 000,037,182 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010.04.02 15:36:33 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.04.02 13:49:36 | 000,026,433 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.04.02 09:31:16 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll
[2010.04.02 09:31:16 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll
[2010.04.01 21:13:43 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2010.04.01 21:13:43 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2009.10.20 19:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.12.28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007.03.12 11:01:30 | 000,273,408 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
 
========== Files - Unicode (All) ==========
[2010.10.03 09:26:09 | 000,000,000 | ---D | M](C:\Users\****\Documents\?? ???) -- C:\Users\****\Documents\넥슨 플러그
[2010.10.03 09:26:09 | 000,000,000 | ---D | C](C:\Users\****\Documents\?? ???) -- C:\Users\****\Documents\넥슨 플러그
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2BE9FEFC

< End of report >
--- --- ---


(2)OTL Logfile:
Code:
OTL Extras logfile created on: 29.12.2010 17:51:47 - Run 1
OTL by OldTimer - Version 3.2.18.1    Folder = C:\Users\2288\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 54,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 125,91 Gb Free Space | 54,06% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 267,83 Gb Free Space | 57,50% Space Free | Partition Type: NTFS
Drive F: | 6,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26F32F41-2AA7-4DC9-B995-EA9860AE8C3B}" = Saitek SD6 Programming Software 6.2.1.3
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{34280DB1-8558-4709-AB7E-62A572C03355}" = Saitek Cyborg Keyboard Volume 6.2.1.3
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{55E76113-3899-4A63-A308-71A9BD3491EE}" = MobileMe Control Panel
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"81AE60DDD229A248055515E311406D86F7E4012A" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Security Essentials" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SP6" = Logitech SetPoint 6.0
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{4DE938F7-C196-43D7-8EEB-411CDE0A96B1}" = System Requirements Lab
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Alt.Binz" = Alt.Binz 0.25.0
"Cain & Abel v4.9.36" = Cain & Abel v4.9.36
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.0.10)" = Mozilla Thunderbird (3.0.10)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.0
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.1.0
"WinPcapInst" = WinPcap 4.1.1
"winscp3_is1" = WinSCP 4.2.8
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.12.2010 11:51:46 | Computer Name = Merlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 29.12.2010 11:51:46 | Computer Name = Merlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 29.12.2010 11:51:46 | Computer Name = Merlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 29.12.2010 11:51:46 | Computer Name = Merlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 29.12.2010 11:51:47 | Computer Name = Merlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 29.12.2010 11:51:47 | Computer Name = Merlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 29.12.2010 11:51:47 | Computer Name = Merlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 29.12.2010 11:51:52 | Computer Name = Merlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 29.12.2010 11:52:01 | Computer Name = Merlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 29.12.2010 11:52:24 | Computer Name = Merlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ Media Center Events ]
Error - 19.09.2010 00:34:24 | Computer Name = ****-PC | Source = MCUpdate | ID = 0
Description = 06:34:11 - Fehler beim Herstellen der Internetverbindung.  06:34:11
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 21.09.2010 10:07:44 | Computer Name = ****-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) REALTEK
DTV Filter
 
Error - 16.10.2010 06:06:05 | Computer Name = ****-PC | Source = MCUpdate | ID = 0
Description = 12:06:05 - Fehler beim Herstellen der Internetverbindung.  12:06:05
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 16.10.2010 06:06:26 | Computer Name = ****-PC | Source = MCUpdate | ID = 0
Description = 12:06:11 - Fehler beim Herstellen der Internetverbindung.  12:06:11
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 13.12.2010 12:08:27 | Computer Name = ****-PC | Source = MCUpdate | ID = 0
Description = 17:08:27 - Fehler beim Herstellen der Internetverbindung.  17:08:27
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 13.12.2010 12:09:09 | Computer Name = ****-PC | Source = MCUpdate | ID = 0
Description = 17:08:57 - Fehler beim Herstellen der Internetverbindung.  17:08:57
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 21.12.2010 03:37:10 | Computer Name = ****-PC | Source = MCUpdate | ID = 0
Description = 08:37:10 - Fehler beim Herstellen der Internetverbindung.  08:37:10
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 21.12.2010 03:37:30 | Computer Name = ****-PC | Source = MCUpdate | ID = 0
Description = 08:37:16 - Fehler beim Herstellen der Internetverbindung.  08:37:16
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 21.12.2010 09:30:16 | Computer Name = ****-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) REALTEK
DTV Filter
 
Error - 21.12.2010 09:30:23 | Computer Name = ****-PC | Source = MCUpdate | ID = 0
Description = 14:30:23 - Fehler beim Herstellen der Internetverbindung.  14:30:23
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 21.12.2010 03:34:09 | Computer Name = ****-PC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 21.12.2010 03:34:10 | Computer Name = ****-PC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 21.12.2010 03:34:14 | Computer Name = ****-PC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 21.12.2010 03:34:15 | Computer Name = ****-PC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 21.12.2010 03:34:16 | Computer Name = ****-PC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 21.12.2010 03:34:17 | Computer Name = ****-PC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 21.12.2010 03:34:18 | Computer Name = ****-PC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 21.12.2010 03:34:19 | Computer Name = ****-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden.
 
Error - 21.12.2010 03:34:19 | Computer Name = ****-PC | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
 
Error - 21.12.2010 03:43:25 | Computer Name = ****-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%861 beim Aktualisieren von Signaturen.    Neue Signaturversion:
      Vorherige Signaturversion: 1.95.2096.0    Aktualisierungsquelle: %%859    Aktualisierungsstufe:
 %%852    Quellpfad: hxxp://www.microsoft.com    Signaturtyp: %%800    Aktualisierungstyp: %%803

        Benutzer:
 NT-AUTORITÄT\SYSTEM    Aktuelle Modulversion:      Vorherige Modulversion: 1.1.6402.0    Fehlercode:
 0x8024402c    Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
 Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
 unter "Hilfe und Support".
 
 
< End of report >
--- --- ---

cosinus 29.12.2010 20:05
Zitat:
d:\****\games\image\downlmanager\tonec.inc.internet.download.manager.v5.18.8.incl.keygen.and.patch-lz0\lzkyawo1\Linezer0\patch (2).exe (RiskWare.Tool.CK) -> No action taken.
d:\****\games\image\downlmanager\tonec.inc.internet.download.manager.v5.18.8.incl.keygen.and.patch-lz0\lzkyawo1\Linezer0\Patch.exe (RiskWare.Tool.CK) -> No action taken.
Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:56 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131