Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows Live Trojaner und SVchost.exe im Temp-ordner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.12.2011, 15:20   #1
Schlümm
 
Windows Live Trojaner und SVchost.exe im Temp-ordner - Standard

Windows Live Trojaner und SVchost.exe im Temp-ordner



Erstmal noch allen ein fröhliches Restweihnachten und nun zu meinem unschönen Problem.

Web.de hat an meine Kontakte Spammails verschickt - also mal wieder einen Malwarebytesscan gemacht und natürlich fündig geworden.

So hier erstmal die letzten Malwarebytes-Scans.

PHP-Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122602

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

26.12.2011 15:07:01
mbam-log-2011-12-26 (15-07-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 576795
Laufzeit: 2 Stunde(n), 36 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
c:\Users\Marina\AppData\Local\temp\svchost.exe (Trojan.Agent) -> 1452 -> Failed to unload process.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Live (Trojan.Agent) -> Value: Windows Live -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Marina\AppData\Local\temp\dclogs\2011-12-24-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
c:\Users\Marina\AppData\Local\temp\dclogs\2011-12-25-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
c:\Users\Marina\AppData\Local\temp\dclogs\2011-12-26-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
c:\Users\Marina\AppData\Local\temp\svchost.exe (Trojan.Agent) -> Delete on reboot.
c:\Users\Marina\AppData\Local\temp\winini.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Marina\AppData\Local\temp\^fname^.exe (Trojan.Agent) -> Quarantined and deleted successfully. 

PHP-Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8146

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

15.11.2011 18:19:20
mbam-log-2011-11-15 (18-19-19).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 186337
Laufzeit: 4 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden) 
PHP-Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8146

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12.11.2011 17:34:48
mbam-log-2011-11-12 (17-34-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 395608
Laufzeit: 1 Stunde(n), 33 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden) 
Dann mach ich mal weiter mit Defogger - oder?

Alt 26.12.2011, 17:06   #2
Schlümm
 
Windows Live Trojaner und SVchost.exe im Temp-ordner - Standard

Windows Live Trojaner und SVchost.exe im Temp-ordner



Defogger hat funktioniert.

OTL auch, hab allerdings keinen extra.txt gefunden GMER hat sich irgendwann verabschiedet.

OTL.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12/26/2011 3:30:04 PM - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Marina\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.99 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.24% Memory free
3.98 Gb Paging File | 2.96 Gb Available in Paging File | 74.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 282.80 Gb Total Space | 200.74 Gb Free Space | 70.98% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: MIAU | User Name: Marina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Marina\Desktop\OTL.exx (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\STacSV.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\aestsrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark 1200 Series\lxczbmon.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Weather\usbwr.exe ()
PRC - C:\Program Files\Weather\weather.exe (weather-life.com)
PRC - C:\Windows\System32\lxczcoms.exe ( )
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Weather\usbwr.exe ()
MOD - C:\Program Files\Weather\onlywell.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\STacSV.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\aestsrv.exe (Andrea Electronics Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (RoxMediaDB10) -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (lxcz_device) -- C:\windows\System32\lxczcoms.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV - (aswSnx) -- C:\windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBTTN.sys (Hewlett-Packard Company)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (MfeAVFK) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (MfeBOPK) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MfeRKDK) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (HpqKbFiltr) -- C:\windows\system32\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=92&bd=all&pf=cmnb
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.0a2
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64
FF - prefs.js..extensions.enabledItems: {473f9a20-ce5a-11da-a94d-0800200c9a66}:0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marina\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marina\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/04 12:31:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 09:54:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/10 09:54:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/06 19:53:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/06/28 19:36:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010/03/23 10:49:58 | 000,000,000 | ---D | M]
 
[2010/03/22 10:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marina\AppData\Roaming\mozilla\Extensions
[2010/03/22 10:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marina\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/04/30 09:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marina\AppData\Roaming\mozilla\Firefox\Profiles\i9qhldzi.default\extensions
[2010/05/31 12:36:28 | 000,000,000 | ---D | M] (SHOUTcast Radio Toolbar) -- C:\Users\Marina\AppData\Roaming\mozilla\Firefox\Profiles\i9qhldzi.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}
[2010/04/02 11:18:36 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Marina\AppData\Roaming\mozilla\Firefox\Profiles\i9qhldzi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/02 11:23:36 | 000,000,000 | ---D | M] (Google Bookmarks for Firefox) -- C:\Users\Marina\AppData\Roaming\mozilla\Firefox\Profiles\i9qhldzi.default\extensions\{473f9a20-ce5a-11da-a94d-0800200c9a66}
[2011/04/30 09:49:23 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Marina\AppData\Roaming\mozilla\Firefox\Profiles\i9qhldzi.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/09/04 21:03:48 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Marina\AppData\Roaming\mozilla\Firefox\Profiles\i9qhldzi.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/03/22 09:19:41 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Marina\AppData\Roaming\mozilla\Firefox\Profiles\i9qhldzi.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/09/04 20:14:00 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Marina\AppData\Roaming\mozilla\Firefox\Profiles\i9qhldzi.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/04/17 07:28:36 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\Marina\AppData\Roaming\mozilla\Firefox\Profiles\i9qhldzi.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/03/22 09:19:41 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Marina\AppData\Roaming\mozilla\Firefox\Profiles\i9qhldzi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/21 12:18:31 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Marina\AppData\Roaming\mozilla\Firefox\Profiles\i9qhldzi.default\extensions\foxmarks@kei.com
[2010/04/07 19:47:57 | 000,000,000 | ---D | M] (Test Pilot) -- C:\Users\Marina\AppData\Roaming\mozilla\Firefox\Profiles\i9qhldzi.default\extensions\testpilot@labs.mozilla.com
[2011/12/15 07:49:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marina\AppData\Roaming\mozilla\Firefox\Profiles\p4cix2sr.MarinaNeu\extensions
[2011/06/17 21:41:29 | 000,000,000 | ---D | M] (RefControl) -- C:\Users\Marina\AppData\Roaming\mozilla\Firefox\Profiles\p4cix2sr.MarinaNeu\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
[2011/11/19 12:21:01 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Marina\AppData\Roaming\mozilla\Firefox\Profiles\p4cix2sr.MarinaNeu\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/09/16 06:44:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Marina\AppData\Roaming\mozilla\Firefox\Profiles\p4cix2sr.MarinaNeu\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/06/30 19:02:53 | 000,000,000 | ---D | M] (QuickProxy) -- C:\Users\Marina\AppData\Roaming\mozilla\Firefox\Profiles\p4cix2sr.MarinaNeu\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
[2011/11/13 11:09:22 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Marina\AppData\Roaming\mozilla\Firefox\Profiles\p4cix2sr.MarinaNeu\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/03/29 08:22:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Marina\AppData\Roaming\mozilla\Firefox\Profiles\p4cix2sr.MarinaNeu\extensions\engine@conduit.com
[2011/05/08 09:41:38 | 000,000,000 | ---D | M] (Bored) -- C:\Users\Marina\AppData\Roaming\mozilla\Firefox\Profiles\p4cix2sr.MarinaNeu\extensions\gamebox@toolbar
[2010/05/12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Marina\AppData\Roaming\Mozilla\Firefox\Profiles\i9qhldzi.default\searchplugins\icqplugin.xml
[2011/11/10 09:54:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/04/28 12:48:49 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2011/11/03 07:04:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/03/23 10:49:58 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX
File not found (No name found) -- C:\USERS\MARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I9QHLDZI.DEFAULT\EXTENSIONS\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
[2011/11/05 08:10:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/11/05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: ICQ Search (Enabled)
CHR - default_search_provider: search_url = hxxp://search.icq.com/search/results.php?ch_id=osd&q={searchTerms}&icid=chrome
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marina\AppData\Local\Google\Chrome\Application\14.0.835.163\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Marina\AppData\Local\Google\Chrome\Application\14.0.835.163\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marina\AppData\Local\Google\Chrome\Application\14.0.835.163\pdf.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2010/06/16 18:08:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (SHOUTcast Loader) - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (SHOUTcast Radio Toolbar) - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (SHOUTcast Radio Toolbar) - {0457331D-8CA6-4F97-9C26-6A9EF2B2DBA8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes* Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes* Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [cfweatherStation] C:\Program Files\Weather\Weather.exe (weather-life.com)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &SHOUTcast Search - C:\ProgramData\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Marina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RF - Formular speichern - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/The%20Secret%20of%20Margrave%20Manor/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/The%20Secret%20of%20Margrave%20Manor/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43D8503F-FEA6-44CB-8973-190D0BEE8439}: NameServer = 212.23.97.3 212.23.97.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF5E77CE-3DAE-4993-9BCC-940EE0ACC66D}: DhcpNameServer = 192.168.113.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2BF4203-C1C9-48A5-B75A-708E9F7CBFC8}: NameServer = 208.67.222.222 208.67.220.220
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1c1c52e4-891a-11e0-8a76-f8ef9b302867}\Shell - "" = AutoRun
O33 - MountPoints2\{1c1c52e4-891a-11e0-8a76-f8ef9b302867}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{1c1c52f5-891a-11e0-8a76-f8ef9b302867}\Shell - "" = AutoRun
O33 - MountPoints2\{1c1c52f5-891a-11e0-8a76-f8ef9b302867}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e455d907-a63c-11df-a5d2-dff3eb88471c}\Shell - "" = AutoRun
O33 - MountPoints2\{e455d907-a63c-11df-a5d2-dff3eb88471c}\Shell\AutoRun\command - "" = D:\autoset.exe
O33 - MountPoints2\{f5a6ea08-6ff8-11e0-8568-f3fefcd97370}\Shell - "" = AutoRun
O33 - MountPoints2\{f5a6ea08-6ff8-11e0-8568-f3fefcd97370}\Shell\AutoRun\command - "" = F:\DarkTales-DerschwarzeKater.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/26 15:17:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Marina\Desktop\OTL.exe
[2011/12/22 22:16:39 | 000,000,000 | ---D | C] -- C:\Users\Marina\AppData\Roaming\LestaStudio
[2011/12/21 09:25:32 | 000,000,000 | ---D | C] -- C:\Users\Marina\AppData\Roaming\MediaArt
[2011/12/21 09:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaArt
[2011/12/18 21:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Cateia Games
[2011/12/18 16:51:09 | 000,000,000 | ---D | C] -- C:\Users\Marina\AppData\Roaming\Vogat Interactive
[2011/12/09 15:06:20 | 000,000,000 | ---D | C] -- C:\Users\Marina\AppData\Roaming\DailyMagic
[2011/12/09 14:56:54 | 000,000,000 | ---D | C] -- C:\Users\Marina\AppData\Roaming\Aidem Media
[2011/12/03 09:35:33 | 000,000,000 | ---D | C] -- C:\Users\Marina\Desktop\druck_Sperrmüll-Dateien
 [2011/11/29 22:07:55 | 000,000,000 | ---D | C] -- C:\Users\Marina\AppData\Roaming\DragonsEye Studios
[2011/11/29 22:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\DragonsEye Studios
[2011/11/28 19:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\MumboJumbo
[2011/11/27 19:50:59 | 000,000,000 | ---D | C] -- C:\Users\Marina\AppData\Roaming\GameInvest
[2010/03/31 14:01:45 | 001,224,704 | ---- | C] ( ) -- C:\windows\System32\lxczserv.dll
[2010/03/31 14:01:45 | 000,991,232 | ---- | C] ( ) -- C:\windows\System32\lxczusb1.dll
[2010/03/31 14:01:45 | 000,696,320 | ---- | C] ( ) -- C:\windows\System32\lxczhbn3.dll
[2010/03/31 14:01:45 | 000,684,032 | ---- | C] ( ) -- C:\windows\System32\lxczcomc.dll
[2010/03/31 14:01:45 | 000,643,072 | ---- | C] ( ) -- C:\windows\System32\lxczpmui.dll
[2010/03/31 14:01:45 | 000,585,728 | ---- | C] ( ) -- C:\windows\System32\lxczlmpm.dll
[2010/03/31 14:01:45 | 000,537,520 | ---- | C] ( ) -- C:\windows\System32\lxczcoms.exe
[2010/03/31 14:01:45 | 000,421,888 | ---- | C] ( ) -- C:\windows\System32\lxczcomm.dll
[2010/03/31 14:01:45 | 000,413,696 | ---- | C] ( ) -- C:\windows\System32\lxczinpa.dll
[2010/03/31 14:01:45 | 000,397,312 | ---- | C] ( ) -- C:\windows\System32\lxcziesc.dll
[2010/03/31 14:01:45 | 000,385,968 | ---- | C] ( ) -- C:\windows\System32\lxczih.exe
[2010/03/31 14:01:45 | 000,381,872 | ---- | C] ( ) -- C:\windows\System32\lxczcfg.exe
[2010/03/31 14:01:45 | 000,323,584 | ---- | C] ( ) -- C:\windows\System32\LXCZhcp.dll
[2010/03/31 14:01:45 | 000,163,840 | ---- | C] ( ) -- C:\windows\System32\lxczprox.dll
[2010/03/31 14:01:45 | 000,094,208 | ---- | C] ( ) -- C:\windows\System32\lxczpplc.dll
[2010/03/22 07:14:19 | 000,256,560 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2010/03/22 07:14:16 | 000,203,312 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Marina\*.tmp files -> C:\Users\Marina\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/26 15:32:14 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/26 15:32:14 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/26 15:25:15 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/26 15:25:05 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2011/12/26 15:24:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/12/26 15:24:46 | 1603,772,416 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/26 15:23:53 | 000,000,020 | ---- | M] () -- C:\Users\Marina\defogger_reenable
[2011/12/26 15:18:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Marina\Desktop\OTL.exe
[2011/12/26 15:16:55 | 000,696,870 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/12/26 15:16:55 | 000,652,148 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/12/26 15:16:55 | 000,148,134 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/12/26 15:16:55 | 000,121,080 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/12/26 15:06:23 | 000,050,477 | ---- | M] () -- C:\Users\Marina\Desktop\Defogger.exe
[2011/12/26 14:58:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/26 14:50:09 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-323170953-3921450666-3824411574-1001UA.job
[2011/12/24 23:33:20 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/24 11:35:54 | 000,000,324 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForMarina.job
[2011/12/24 10:50:00 | 000,001,072 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-323170953-3921450666-3824411574-1001Core.job
[2011/12/15 19:17:51 | 000,456,000 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/12/14 18:52:58 | 000,002,364 | ---- | M] () -- C:\Users\Marina\Desktop\Google Chrome.lnk
[2011/12/04 12:31:54 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2011/12/03 09:35:34 | 000,003,690 | ---- | M] () -- C:\Users\Marina\Desktop\druck_Sperrmüll.htm
[2011/11/28 19:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2011/11/28 19:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2011/11/28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2011/11/28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2011/11/28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr.sys
[2011/11/28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2011/11/28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2011/11/28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Marina\*.tmp files -> C:\Users\Marina\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/12/26 15:23:14 | 000,000,020 | ---- | C] () -- C:\Users\Marina\defogger_reenable
[2011/12/26 15:06:19 | 000,050,477 | ---- | C] () -- C:\Users\Marina\Desktop\Defogger.exe
[2011/12/03 09:35:32 | 000,003,690 | ---- | C] () -- C:\Users\Marina\Desktop\druck_Sperrmüll.htm
[2011/06/02 19:03:59 | 000,000,000 | ---- | C] () -- C:\Users\Marina\AppData\Local\{5A51BAFE-B77A-4286-B771-21FBF1276985}
 [2011/05/10 17:55:13 | 000,000,000 | ---- | C] () -- C:\Users\Marina\AppData\Local\{8080109E-9756-45F1-B83C-89B877A22152}
[2011/05/10 17:53:25 | 000,000,000 | ---- | C] () -- C:\Users\Marina\AppData\Local\{E4153252-F8CB-4CD1-9A30-FAFC0D013F96}
[2011/05/10 06:20:31 | 000,000,000 | ---- | C] () -- C:\Users\Marina\AppData\Local\{99009A53-E6B2-4D2F-89D1-427451394B5C}
 [2010/12/31 14:44:31 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/08/13 09:17:43 | 000,000,000 | ---- | C] () -- C:\Users\Marina\AppData\Local\rx_image32.Cache
[2010/08/12 19:14:06 | 000,284,160 | ---- | C] () -- C:\windows\unin0407.exe
[2010/07/31 11:36:17 | 000,075,776 | ---- | C] () -- C:\windows\cadkasdeinst01e.exe
[2010/07/12 19:05:34 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/06/10 18:01:36 | 000,007,606 | ---- | C] () -- C:\Users\Marina\AppData\Local\Resmon.ResmonCfg
[2010/05/20 20:06:22 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2010/05/18 15:20:03 | 000,000,058 | ---- | C] () -- C:\Users\Marina\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2010/04/15 22:25:15 | 000,165,376 | ---- | C] () -- C:\windows\System32\unrar.dll
[2010/03/31 14:02:50 | 000,000,233 | ---- | C] () -- C:\windows\Lexstat.ini
[2010/03/31 14:01:45 | 000,413,696 | ---- | C] () -- C:\windows\System32\lxczutil.dll
[2010/03/31 14:01:45 | 000,274,432 | ---- | C] () -- C:\windows\System32\LXCZinst.dll
[2010/03/22 07:14:18 | 001,765,168 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2010/03/22 07:14:18 | 000,027,184 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2010/03/22 07:14:18 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010/03/22 07:14:17 | 000,034,480 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2010/03/22 07:06:51 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll
[2009/09/23 18:16:08 | 002,050,952 | ---- | C] () -- C:\windows\System32\igkrng400.bin
[2009/09/15 02:03:55 | 000,696,870 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/09/15 02:03:55 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/09/15 02:03:55 | 000,148,134 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/09/15 02:03:55 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/07/16 01:50:42 | 000,013,312 | ---- | C] () -- C:\windows\LPRES.DLL
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 000,456,000 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,652,148 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,121,080 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/01/13 11:29:00 | 000,197,408 | ---- | C] () -- C:\windows\System32\vpnapi.dll
[2007/02/07 17:58:12 | 000,039,899 | ---- | C] () -- C:\windows\System32\rtsicis.ini
[2007/01/22 08:49:34 | 000,344,064 | ---- | C] () -- C:\windows\System32\lxczcoin.dll
[2006/06/07 13:23:04 | 000,061,440 | ---- | C] () -- C:\windows\System32\lxczcnv7.dll
[2006/03/27 11:19:14 | 000,040,960 | ---- | C] () -- C:\windows\System32\lxczvs.dll
[2006/03/07 11:59:04 | 000,061,440 | ---- | C] () -- C:\windows\System32\lxczcnv6.dll
[2006/01/10 17:11:06 | 000,061,440 | ---- | C] () -- C:\windows\System32\lxczcnv5.dll
[2006/01/10 17:11:06 | 000,061,440 | ---- | C] () -- C:\windows\System32\lxczcnv4.dll
 
========== LOP Check ==========
 
[2010/04/28 13:33:47 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Academic Software Zurich
[2010/07/12 18:55:51 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Accord CD Ripper Standard
[2011/12/09 14:56:54 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Aidem Media
[2011/09/16 22:21:38 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Alawar Entertainment
[2011/09/06 21:52:10 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Awem
[2011/08/06 12:39:16 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Az-Art
[2011/11/26 22:50:06 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Boomzap
[2011/10/25 10:21:45 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\BSW
[2010/10/04 18:24:59 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Canneverbe Limited
[2011/09/18 22:18:09 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Clockwork Pixels
[2010/08/12 18:08:52 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\CorsixTH
[2011/10/10 20:07:01 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Crown
[2011/10/27 14:02:29 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Daedalic Entertainment
 [2011/12/09 15:06:20 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\DailyMagic
[2011/11/24 12:40:21 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Deep Shadows
[2011/06/13 12:35:00 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\DivoGames
[2010/05/18 15:20:03 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\DonationCoder
[2011/11/29 22:07:55 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\DragonsEye Studios
[2011/11/23 06:15:44 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\DVDVideoSoft
[2011/09/16 06:44:54 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/08/07 14:47:47 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\ERS Game Studios
[2011/07/23 19:58:23 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Flood Light Games
[2011/03/09 19:50:34 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\FloodLightGames
[2011/07/22 23:05:33 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Friday's games
[2011/07/27 22:28:34 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\GameHouse
[2011/06/11 20:19:46 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\GameHousev1002
[2011/12/11 13:30:42 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\GameInvest
[2011/08/02 21:01:33 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\GestaltGames
[2011/03/27 13:38:05 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\GetRightToGo
[2010/11/05 15:15:04 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\gretl
[2010/11/05 15:15:04 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\gtk-2.0
[2011/05/02 20:59:32 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\ICQ
[2010/09/11 22:13:19 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\K-Meleon
[2011/08/01 22:26:14 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Lazy Turtle Games
[2011/12/22 22:16:39 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\LestaStudio
[2010/12/31 15:08:28 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Lindy
[2011/07/19 22:46:47 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\margrave3_full
[2011/08/04 18:36:56 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Maximize Games
[2011/12/21 09:25:32 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\MediaArt
[2011/10/19 10:31:05 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Meridian93
[2010/06/15 14:30:25 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Miranda
[2011/09/07 09:37:41 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\MumboJumbo
[2011/08/21 21:12:56 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\PlayFirst
[2011/07/28 20:21:41 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Playrix Entertainment
 [2011/07/19 19:55:22 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Rovio
[2011/07/03 17:36:22 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\SharePod
[2011/10/10 20:19:55 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Skunk Studios
[2011/03/09 19:30:57 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\SpinTop
[2011/08/21 14:57:38 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\SpinTop Games
 [2011/09/24 21:17:46 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\SulusGames
[2010/07/12 19:21:15 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Teeworlds
 [2010/03/22 10:11:03 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Thunderbird
 [2011/07/19 22:48:34 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\ViquaSoft
[2011/12/18 16:51:09 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Vogat Interactive
 [2011/03/09 20:27:16 | 000,000,000 | ---D | M] -- C:\Users\Marina\AppData\Roaming\Zylom
[2011/12/09 17:44:16 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/10/25 07:41:17 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011/12/26 15:10:32 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache
[2009/07/27 09:31:13 | 000,000,000 | ---D | M] -- C:\boot
[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011/04/26 16:52:54 | 000,000,000 | ---D | M] -- C:\Downloads
[2009/09/15 00:57:43 | 000,000,000 | ---D | M] -- C:\EFI
[2009/09/15 02:02:50 | 000,000,000 | ---D | M] -- C:\hp
[2010/03/31 14:00:46 | 000,000,000 | ---D | M] -- C:\lexmark
[2010/03/30 17:29:46 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011/12/26 15:11:03 | 000,000,000 | R--D | M] -- C:\Program Files
[2011/12/21 09:25:32 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010/06/11 19:52:17 | 000,000,000 | ---D | M] -- C:\rsit
[2011/11/12 16:35:01 | 000,000,000 | ---D | M] -- C:\swsetup
[2011/12/26 15:36:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010/03/22 07:17:21 | 000,000,000 | ---D | M] -- C:\SYSTEM.SAV
[2011/07/11 12:46:06 | 000,000,000 | ---D | M] -- C:\temp
[2010/04/26 12:48:33 | 000,000,000 | R--D | M] -- C:\Users
[2011/12/04 12:31:54 | 000,000,000 | ---D | M] -- C:\Windows
[2011/03/14 18:37:05 | 000,000,000 | ---D | M] -- C:\Zylom Games
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011/04/25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2010/11/20 09:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011/04/25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
[2011/04/25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011/04/25 03:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011/04/25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009/07/14 00:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-23 20:13:27
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMV89VFN4TKBRVLNGCMXP4CTVS8LNH2KVLJTKV8VVL4MP
@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:A88BE334
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:D4558A0B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:EE198B1F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4E79C4F8
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:BD8010FE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:587F3582
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:98353363
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:18DEBC51
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:4EC7F009
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4B244549
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:E6BEADB7
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:ED9B661E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:E8C44CB4
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2B9555D8
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B606BA34
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:1B3549F2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:3A691DDB

< End of report >
         
--- --- ---
__________________


Geändert von Schlümm (26.12.2011 um 17:26 Uhr) Grund: Links rausgemacht

Antwort

Themen zu Windows Live Trojaner und SVchost.exe im Temp-ordner
adware.trymedia, anti-malware, appdata, bösartige, dateien, dc3_fexec, explorer, failed, live, microsoft, minute, natürlich, schöne, schönen, service, software, spammails, svchost.exe, temp, trojan.agent, trojaner, trymedia, value, verschickt, version, weihnachten, windows, windows live




Ähnliche Themen: Windows Live Trojaner und SVchost.exe im Temp-ordner


  1. Windows 7: Viren im Temp-Ordner
    Log-Analyse und Auswertung - 19.11.2014 (13)
  2. Windows 7: Unbekannte .exe Datei in Temp Ordner
    Plagegeister aller Art und deren Bekämpfung - 05.03.2014 (9)
  3. Windows 7 - Temp-Ordner verdächtiges Verhalten
    Log-Analyse und Auswertung - 11.01.2014 (18)
  4. RtkBtMnt.exe im Temp Ordner - Windows 7 - BEFALL
    Plagegeister aller Art und deren Bekämpfung - 05.04.2011 (28)
  5. Bekomme hartnäckigen Trojaner nicht weg! C:\Windows\Temp\imgs.tmp\svchost.exe
    Log-Analyse und Auswertung - 25.07.2010 (9)
  6. tr downloader.gen C:\WINDOWS\Temp\cmqk.tmp\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 05.07.2010 (13)
  7. Unregelmäßigkeiten auf Bankseite und immer wieder svchost.exe im Temp Ordner
    Plagegeister aller Art und deren Bekämpfung - 01.07.2010 (1)
  8. TR/Dropper.Gen im Windows\Temp Ordner
    Plagegeister aller Art und deren Bekämpfung - 01.07.2010 (1)
  9. TR/Hijacker.gen in C:\WINDOWS\Temp\****.tmp\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 13.05.2010 (46)
  10. Trojaner TR/Crypt.ZPACK.gen in C:/WINDOWS/TEMP/xxxx.temp/svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 30.04.2010 (33)
  11. antimalware doctor + C:\Windows\Temp\xxx.tmp\svchost.exe
    Log-Analyse und Auswertung - 21.04.2010 (1)
  12. TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 17.04.2010 (53)
  13. TR/Crypt.ZPACK.Gen in C:\Temp\bcot.tmp\svchost.exe , C:\Temp\qmub.tmp\svchost.exe usw
    Plagegeister aller Art und deren Bekämpfung - 12.04.2010 (1)
  14. svchost.exe erstellt sich immer wieder neu im TEMP Ordner
    Plagegeister aller Art und deren Bekämpfung - 18.01.2010 (1)
  15. Trojaner generiert sich immer wieder neu im windows/temp ordner
    Log-Analyse und Auswertung - 21.07.2007 (8)
  16. mx_**.temp dateien in windows/temp ordner?
    Plagegeister aller Art und deren Bekämpfung - 27.06.2007 (1)
  17. Trojaner agent.age in Windows Temp Ordner
    Plagegeister aller Art und deren Bekämpfung - 16.02.2007 (7)

Zum Thema Windows Live Trojaner und SVchost.exe im Temp-ordner - Erstmal noch allen ein fröhliches Restweihnachten und nun zu meinem unschönen Problem. Web.de hat an meine Kontakte Spammails verschickt - also mal wieder einen Malwarebytesscan gemacht und natürlich fündig geworden. - Windows Live Trojaner und SVchost.exe im Temp-ordner...
Archiv
Du betrachtest: Windows Live Trojaner und SVchost.exe im Temp-ordner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.