Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bluescreens durch mehrere Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 16.05.2011, 22:57   #1
Juuliaan310
 
Bluescreens durch mehrere Trojaner - Standard

Bluescreens durch mehrere Trojaner



Guten Abend,

Microsoft Security Essentials hat heute Nachmittag nachdem ich beim surfen durchs Netz auf diese Seite search - advertising . org gestoßen bin, diesen Virus gefunden: Exploit:Win32/Pdfjsc.PD. Nachdem ich diesen über das besagte Programm entfernt habe, hat sich mein Laptop mit einem Bluescreen verabschiedet. Seitdem kann ich den Lappi nur noch im abgesicherten Modus starten, da ich sonst nach ein paar Minuten Laufzeit einen Bluescreen bekommen würde. Wenn ich jetzt im abgesichterten Modus google öffnen sich manchmal statt der eigentlichen Websiten Werbewebseiten(z.b. ask.com,search-advertising.org...). Außerdem startet der Windows Explorer manchmal nicht von alleine(Egal ob im AM oder im Normalen Modus). D.h. ich muss ihn über den Task-Manager manuell starten.
Die Bluescreens haben generell die Fehlermeldung: "Stop". Manchmal kommt es aber auch vor das die Fehlermeldung im Bluescreen iastor.sys ist.
Mein Betriebssystem ist Windows 7 Home Premium 32-Bit-Version (6.1, Build 7600)

Nunja hier sind die Logfiles

Malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6593

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

16.05.2011 22:47:56
mbam-log-2011-05-16 (22-47-56).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 167014
Laufzeit: 2 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Users\***\AppData\Roaming\appconf32.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
c:\Users\***\downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Otl:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 5/16/2011 11:04:34 PM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\***\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 247.86 Gb Total Space | 48.68 Gb Free Space | 19.64% Space Free | Partition Type: NTFS
Drive D: | 202.80 Gb Total Space | 52.35 Gb Free Space | 25.81% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/05/16 23:03:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2011/04/14 18:40:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/03/28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2010/07/01 00:07:46 | 001,193,848 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~1\mcafee.com\agent\mcagent.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/05/16 23:03:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/04/26 17:54:48 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/22 20:12:36 | 000,728,480 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Stopped] -- C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE -- (SpyHunter 4 Service)
SRV - [2011/04/08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2010/06/17 23:50:00 | 003,890,920 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/06/02 16:58:20 | 000,246,520 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009/10/02 17:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/09/29 17:25:38 | 000,099,768 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\Rezip.exe -- (Rezip)
SRV - [2009/01/23 03:46:14 | 000,203,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/05/16 21:41:34 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{98321832-913D-48E8-B9D3-6C035DA379C0}\MpKsl87f862b0.sys -- (MpKsl87f862b0)
DRV - [2011/05/16 20:59:53 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{98321832-913D-48E8-B9D3-6C035DA379C0}\MpKslc5b26a80.sys -- (MpKslc5b26a80)
DRV - [2011/04/08 07:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/03/03 17:59:19 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/01/30 15:38:14 | 000,162,432 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ithsgt.sys -- (ithsgt)
DRV - [2011/01/30 15:38:02 | 000,012,032 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lilsgt.sys -- (lilsgt)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/09/27 16:34:51 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/09/17 16:25:58 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/09/17 16:25:58 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/08/24 14:57:38 | 000,164,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/08/24 14:57:38 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/12/14 22:44:42 | 001,245,696 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/11/25 23:32:16 | 000,125,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/29 17:25:42 | 000,013,752 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\TurboB.sys -- (TurboB)
DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/01 22:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2005/01/04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.6.11
FF - prefs.js..extensions.enabledItems: {84b24861-62f6-364b-eba5-2e5e2061d7e6}:0.9.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/16 20:24:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/07 19:00:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 12:34:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 12:34:18 | 000,000,000 | ---D | M]
 
[2010/09/17 14:34:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011/05/15 14:39:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n429yo42.default\extensions
[2011/05/01 15:19:52 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n429yo42.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/11/02 20:01:39 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n429yo42.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2010/10/11 16:27:13 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n429yo42.default\extensions\battlefieldheroespatcher@ea.com
[2011/05/10 20:23:37 | 000,001,056 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\n429yo42.default\searchplugins\icqplugin.xml
[2011/04/30 12:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/01/14 15:49:19 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) -- 
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N429YO42.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N429YO42.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/04/14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/08/24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2010/01/01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/11/03 17:53:15 | 000,001,050 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1       ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1       onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1       orbitservice.ubi.com
O1 - Hosts: 127.0.0.1       ubisoft-orbit-savegames.s3.amazonaws.com
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\McAfee\MSK\MskAPBho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100918142758.dll (McAfee, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [OscarEditor] C:\Program Files\MOUSE Editor\MouseEditor.exe ()
O4 - HKLM..\RunOnce: [GrpConv] C:\windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9b7c7579-ca44-11df-b4ff-b482fe9a521a}\Shell - "" = AutoRun
O33 - MountPoints2\{9b7c7579-ca44-11df-b4ff-b482fe9a521a}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/05/16 22:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/05/16 22:43:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011/05/16 22:43:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/05/16 22:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/16 22:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/16 22:43:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/05/16 22:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/16 22:02:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2011/05/16 22:02:15 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011/05/16 22:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/05/16 21:16:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PackageAware
[2011/05/16 20:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011/05/16 19:16:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5015
[2011/05/16 19:15:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\xmldm
[2011/05/16 19:15:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\kock
[2011/05/12 19:52:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Unity
[2011/05/11 14:43:59 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2011/05/11 14:43:58 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2011/05/10 21:13:56 | 000,139,368 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\drivers\nvhda32v.sys
[2011/05/10 21:13:56 | 000,026,216 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvhdap32.dll
[2011/05/10 21:13:55 | 000,837,224 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvhdagenco322040.dll
[2011/05/10 21:13:54 | 000,057,960 | ---- | C] (Khronos Group) -- C:\windows\System32\OpenCL.dll
[2011/05/10 21:13:53 | 006,299,752 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvwgf2um.dll
[2011/05/10 21:13:51 | 015,227,496 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvoglv32.dll
[2011/05/10 21:13:51 | 010,690,024 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\drivers\nvlddmkm.sys
[2011/05/10 21:13:51 | 000,944,232 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvdispco3220140.dll
[2011/05/10 21:13:51 | 000,855,656 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvgenco322060.dll
[2011/05/10 21:13:50 | 010,071,656 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvd3dum.dll
[2011/05/10 21:13:50 | 005,180,824 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvcuda.dll
[2011/05/10 21:13:50 | 002,765,928 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvcuvid.dll
[2011/05/10 21:13:50 | 002,074,216 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvcuvenc.dll
[2011/05/10 21:13:47 | 013,007,464 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvcompiler.dll
[2011/05/10 21:13:47 | 002,034,280 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvapi.dll
[2011/05/10 21:13:47 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\drivers\nvBridge.kmd
[2011/05/10 20:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
[2011/05/10 20:49:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LucasArts
[2011/05/10 20:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\LucasArts
[2011/05/10 15:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acoustica Mixcraft 5
[2011/05/10 15:00:48 | 000,057,344 | ---- | C] (NexiTech, Inc.) -- C:\windows\System32\Wnaspint.dll
[2011/05/10 14:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\Acoustica Shared Effects
[2011/05/09 16:43:37 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\***
[2011/05/07 01:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/05/06 19:04:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.minecraft_xray
[2011/05/06 19:03:51 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\x-ray
[2011/05/06 18:24:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.6
[2011/05/06 18:23:18 | 000,000,000 | ---D | C] -- C:\Python26
[2011/05/06 18:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
[2011/05/06 18:17:08 | 000,000,000 | ---D | C] -- C:\Python27
[2011/05/04 16:14:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011/05/04 16:06:24 | 000,000,000 | ---D | C] -- C:\Fraps
[2011/05/04 16:03:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperSnap 6
[2011/05/04 16:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperSnap 6
[2011/05/04 16:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\HyperSnap 6
[2011/04/28 23:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/04/28 23:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/04/28 23:00:49 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2011/04/28 23:00:45 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prevhost.exe
[2011/04/28 23:00:25 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\esent.dll
[2011/04/28 23:00:25 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\storport.sys
[2011/04/28 23:00:24 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fsutil.exe
[2011/04/28 22:58:16 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2011/04/27 18:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2011/04/25 23:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDev
[2011/04/25 23:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\MegaDev
[2011/04/25 00:34:30 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\StarCraft II Demo
[2011/04/25 00:34:25 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II Demo
[2011/04/19 17:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArtMoney SE
[2011/04/19 17:16:05 | 000,000,000 | ---D | C] -- C:\Games
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/05/16 22:59:26 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/05/16 22:56:34 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2011/05/16 22:54:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/05/16 22:54:31 | 274,108,453 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/05/16 22:54:27 | 3209,199,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/16 22:51:56 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/16 22:43:13 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/16 22:02:17 | 000,002,244 | ---- | M] () -- C:\Users\***\Desktop\SpyHunter.lnk
[2011/05/16 21:38:33 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2011/05/16 21:18:58 | 000,112,326 | ---- | M] () -- C:\Users\***\Documents\cc_20110516_211850.reg
[2011/05/16 19:15:52 | 000,000,000 | ---- | M] () -- C:\Users\***\2gweorjqjutp92vjy9gake
[2011/05/16 18:52:30 | 000,007,601 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011/05/16 10:40:31 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/16 10:40:31 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/15 21:49:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/13 16:54:35 | 000,113,595 | ---- | M] () -- C:\Users\***\Documents\IMG_13052011_165425.png
[2011/05/13 16:47:44 | 000,116,300 | ---- | M] () -- C:\Users\***\Documents\IMG_13052011_164717.png
[2011/05/10 21:16:58 | 000,350,352 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/05/10 21:15:06 | 000,043,520 | ---- | M] () -- C:\windows\System32\CmdLineExt03.dll
[2011/05/10 20:59:08 | 000,001,996 | ---- | M] () -- C:\Users\***\Desktop\Star Wars Knights of the Old Republic.lnk
[2011/05/10 20:28:21 | 000,656,266 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/05/10 20:28:21 | 000,618,108 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/05/10 20:28:21 | 000,131,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/05/10 20:28:21 | 000,107,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/05/10 15:26:01 | 000,003,584 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/10 15:00:49 | 000,000,978 | ---- | M] () -- C:\Users\Public\Desktop\Mixcraft 5.lnk
[2011/05/09 20:44:25 | 004,897,935 | ---- | M] () -- C:\Users\***\Documents\***.rar
[2011/05/09 16:43:46 | 004,789,448 | ---- | M] () -- C:\Users\***\Desktop\***.rar
[2011/05/06 18:44:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/05/06 18:44:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/05/06 13:20:01 | 000,000,641 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/05/04 16:14:38 | 000,000,572 | ---- | M] () -- C:\Users\***\Desktop\Fraps.lnk
[2011/05/04 16:03:10 | 000,000,948 | ---- | M] () -- C:\Users\***\Desktop\HyperSnap 6.lnk
[2011/05/02 20:26:20 | 000,001,638 | ---- | M] () -- C:\Users\Public\Desktop\Operation Flashpoint ® Red River.lnk
[2011/04/30 12:34:28 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/25 23:46:37 | 000,002,140 | ---- | M] () -- C:\Users\***\Desktop\MegaTrainer eXperience.lnk
[2011/04/25 23:46:37 | 000,002,127 | ---- | M] () -- C:\Users\***\Desktop\MT-X - Anleitung.lnk
[2011/04/23 22:20:39 | 000,000,298 | ---- | M] () -- C:\Users\***\Desktop\Anno1404_Stadtplanung.pdf
[2011/04/19 17:16:09 | 000,000,693 | ---- | M] () -- C:\Users\Public\Desktop\ArtMoney SE v7.35.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/05/16 22:43:13 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/16 22:02:17 | 000,002,244 | ---- | C] () -- C:\Users\***\Desktop\SpyHunter.lnk
[2011/05/16 21:38:33 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2011/05/16 21:18:53 | 000,112,326 | ---- | C] () -- C:\Users\***\Documents\cc_20110516_211850.reg
[2011/05/16 20:31:38 | 274,108,453 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011/05/16 19:15:52 | 000,000,000 | ---- | C] () -- C:\Users\***\2gweorjqjutp92vjy9gake
[2011/05/13 16:54:33 | 000,113,595 | ---- | C] () -- C:\Users\***\Documents\IMG_13052011_165425.png
[2011/05/13 16:47:42 | 000,116,300 | ---- | C] () -- C:\Users\***\Documents\IMG_13052011_164717.png
[2011/05/10 21:15:06 | 000,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll
[2011/05/10 20:49:14 | 000,001,996 | ---- | C] () -- C:\Users\***\Desktop\Star Wars Knights of the Old Republic.lnk
[2011/05/10 15:26:01 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/10 15:00:49 | 000,000,978 | ---- | C] () -- C:\Users\Public\Desktop\Mixcraft 5.lnk
[2011/05/09 16:43:45 | 004,789,448 | ---- | C] () -- C:\Users\***\Desktop\***.rar
[2011/05/08 21:25:29 | 004,897,935 | ---- | C] () -- C:\Users\***\Documents\***.rar
[2011/05/06 18:44:14 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/05/06 18:44:14 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/05/04 16:06:29 | 000,000,572 | ---- | C] () -- C:\Users\***\Desktop\Fraps.lnk
[2011/05/04 16:03:10 | 000,000,948 | ---- | C] () -- C:\Users\***\Desktop\HyperSnap 6.lnk
[2011/05/02 18:18:30 | 000,001,638 | ---- | C] () -- C:\Users\Public\Desktop\Operation Flashpoint ® Red River.lnk
[2011/04/30 12:34:27 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/25 23:46:37 | 000,002,140 | ---- | C] () -- C:\Users\***\Desktop\MegaTrainer eXperience.lnk
[2011/04/25 23:46:37 | 000,002,127 | ---- | C] () -- C:\Users\***\Desktop\MT-X - Anleitung.lnk
[2011/04/23 22:20:18 | 000,000,298 | ---- | C] () -- C:\Users\***\Desktop\Anno1404_Stadtplanung.pdf
[2011/04/19 17:16:09 | 000,000,693 | ---- | C] () -- C:\Users\Public\Desktop\ArtMoney SE v7.35.lnk
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\windows\System32\xlive.dll.cat
[2011/03/13 19:15:33 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/03/07 14:18:34 | 000,000,529 | ---- | C] () -- C:\windows\eReg.dat
[2011/01/30 15:38:14 | 000,162,432 | ---- | C] () -- C:\windows\System32\drivers\ithsgt.sys
[2011/01/30 15:38:02 | 000,012,032 | ---- | C] () -- C:\windows\System32\drivers\lilsgt.sys
[2011/01/30 15:30:18 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2010/11/09 19:47:39 | 000,001,832 | ---- | C] () -- C:\windows\hpwmdl24.dat.temp
[2010/11/07 18:50:07 | 000,256,296 | ---- | C] () -- C:\windows\hpwins24.dat
[2010/10/11 16:47:10 | 000,138,184 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2010/10/11 16:47:10 | 000,138,056 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2010/10/11 16:46:58 | 000,215,016 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe
[2010/10/11 16:46:56 | 000,075,064 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe
[2010/10/11 16:46:53 | 002,427,248 | ---- | C] () -- C:\windows\System32\pbsvc_heroes.exe
[2010/09/22 19:12:33 | 000,007,601 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010/09/17 16:25:58 | 000,281,760 | ---- | C] () -- C:\windows\System32\drivers\atksgt.sys
[2010/09/17 16:25:58 | 000,025,888 | ---- | C] () -- C:\windows\System32\drivers\lirsgt.sys
[2010/09/17 13:38:00 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/03/06 00:12:46 | 000,656,266 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2010/03/06 00:12:46 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2010/03/06 00:12:46 | 000,131,006 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2010/03/06 00:12:46 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2010/03/05 07:06:50 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/03/05 06:56:58 | 000,000,426 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/03/05 06:29:42 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe
[2009/11/06 11:53:13 | 000,001,832 | ---- | C] () -- C:\windows\hpwmdl24.dat
[2009/09/29 17:25:42 | 000,013,752 | ---- | C] () -- C:\windows\System32\drivers\TurboB.sys
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 000,350,352 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,618,108 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,107,388 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2008/12/09 17:23:13 | 000,048,352 | RHS- | C] () -- C:\Users\***\AppData\Roaming\appconf32.exe
[2006/10/08 19:33:54 | 000,000,000 | ---- | C] () -- C:\windows\R-series.ini
 
========== LOP Check ==========
 
[2011/05/09 21:44:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2011/05/06 19:04:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft_xray
[2010/10/09 19:41:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\2K Sports
[2011/05/16 20:24:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5015
[2011/01/12 21:27:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acoustica
[2011/01/12 21:34:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Antares
[2010/09/27 16:41:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011/04/30 18:45:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager
[2010/11/07 20:16:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GameTuts
[2010/10/09 14:57:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Go Go Gourmet
[2011/05/13 18:33:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011/05/16 19:15:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock
[2010/10/29 15:02:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2011/01/31 19:18:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2010/09/17 22:07:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PlayFirst
[2011/01/12 21:27:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SynthMaker
[2011/03/10 00:22:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly
[2011/02/23 19:44:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2010/11/03 17:03:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2011/05/12 19:52:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unity
[2011/05/10 21:09:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2010/10/14 22:03:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WebcamMax
[2011/05/16 19:15:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm
[2010/10/07 21:22:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zylom
[2010/11/14 18:03:08 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE

< End of report >
         
--- --- ---

Otl Extras:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 5/16/2011 11:04:34 PM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Julian\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 247.86 Gb Total Space | 48.68 Gb Free Space | 19.64% Space Free | Partition Type: NTFS
Drive D: | 202.80 Gb Total Space | 52.35 Gb Free Space | 25.81% Space Free | Partition Type: NTFS
 
Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/05/16 23:03:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Downloads\OTL.exe
PRC - [2011/04/14 18:40:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/03/28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2010/07/01 00:07:46 | 001,193,848 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~1\mcafee.com\agent\mcagent.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/05/16 23:03:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Downloads\OTL.exe
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/04/26 17:54:48 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/22 20:12:36 | 000,728,480 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Stopped] -- C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE -- (SpyHunter 4 Service)
SRV - [2011/04/08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2010/06/17 23:50:00 | 003,890,920 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/06/02 16:58:20 | 000,246,520 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2009/10/02 17:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/09/29 17:25:38 | 000,099,768 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\Rezip.exe -- (Rezip)
SRV - [2009/01/23 03:46:14 | 000,203,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/05/16 21:41:34 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{98321832-913D-48E8-B9D3-6C035DA379C0}\MpKsl87f862b0.sys -- (MpKsl87f862b0)
DRV - [2011/05/16 20:59:53 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{98321832-913D-48E8-B9D3-6C035DA379C0}\MpKslc5b26a80.sys -- (MpKslc5b26a80)
DRV - [2011/04/08 07:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/03/03 17:59:19 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/01/30 15:38:14 | 000,162,432 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ithsgt.sys -- (ithsgt)
DRV - [2011/01/30 15:38:02 | 000,012,032 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lilsgt.sys -- (lilsgt)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/09/27 16:34:51 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/09/17 16:25:58 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/09/17 16:25:58 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/08/24 14:57:38 | 000,164,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/08/24 14:57:38 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/12/14 22:44:42 | 001,245,696 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/11/25 23:32:16 | 000,125,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/29 17:25:42 | 000,013,752 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\TurboB.sys -- (TurboB)
DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/01 22:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2005/01/04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.6.11
FF - prefs.js..extensions.enabledItems: {84b24861-62f6-364b-eba5-2e5e2061d7e6}:0.9.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/16 20:24:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/07 19:00:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 12:34:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 12:34:18 | 000,000,000 | ---D | M]
 
[2010/09/17 14:34:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions
[2011/05/15 14:39:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\n429yo42.default\extensions
[2011/05/01 15:19:52 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\n429yo42.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/11/02 20:01:39 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\n429yo42.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2010/10/11 16:27:13 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\n429yo42.default\extensions\battlefieldheroespatcher@ea.com
[2011/05/10 20:23:37 | 000,001,056 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\n429yo42.default\searchplugins\icqplugin.xml
[2011/04/30 12:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/01/14 15:49:19 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) -- 
() (No name found) -- C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N429YO42.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
() (No name found) -- C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N429YO42.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/04/14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/08/24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2010/01/01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/11/03 17:53:15 | 000,001,050 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1       ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1       onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1       orbitservice.ubi.com
O1 - Hosts: 127.0.0.1       ubisoft-orbit-savegames.s3.amazonaws.com
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\McAfee\MSK\MskAPBho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100918142758.dll (McAfee, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [OscarEditor] C:\Program Files\MOUSE Editor\MouseEditor.exe ()
O4 - HKLM..\RunOnce: [GrpConv] C:\windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9b7c7579-ca44-11df-b4ff-b482fe9a521a}\Shell - "" = AutoRun
O33 - MountPoints2\{9b7c7579-ca44-11df-b4ff-b482fe9a521a}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/05/16 22:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/05/16 22:43:18 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Malwarebytes
[2011/05/16 22:43:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/05/16 22:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/16 22:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/16 22:43:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/05/16 22:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/16 22:02:17 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2011/05/16 22:02:15 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011/05/16 22:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/05/16 21:16:06 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\PackageAware
[2011/05/16 20:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011/05/16 19:16:08 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\5015
[2011/05/16 19:15:54 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\xmldm
[2011/05/16 19:15:53 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\kock
[2011/05/12 19:52:52 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Unity
[2011/05/11 14:43:59 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2011/05/11 14:43:58 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2011/05/10 21:13:56 | 000,139,368 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\drivers\nvhda32v.sys
[2011/05/10 21:13:56 | 000,026,216 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvhdap32.dll
[2011/05/10 21:13:55 | 000,837,224 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvhdagenco322040.dll
[2011/05/10 21:13:54 | 000,057,960 | ---- | C] (Khronos Group) -- C:\windows\System32\OpenCL.dll
[2011/05/10 21:13:53 | 006,299,752 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvwgf2um.dll
[2011/05/10 21:13:51 | 015,227,496 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvoglv32.dll
[2011/05/10 21:13:51 | 010,690,024 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\drivers\nvlddmkm.sys
[2011/05/10 21:13:51 | 000,944,232 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvdispco3220140.dll
[2011/05/10 21:13:51 | 000,855,656 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvgenco322060.dll
[2011/05/10 21:13:50 | 010,071,656 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvd3dum.dll
[2011/05/10 21:13:50 | 005,180,824 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvcuda.dll
[2011/05/10 21:13:50 | 002,765,928 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvcuvid.dll
[2011/05/10 21:13:50 | 002,074,216 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvcuvenc.dll
[2011/05/10 21:13:47 | 013,007,464 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvcompiler.dll
[2011/05/10 21:13:47 | 002,034,280 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvapi.dll
[2011/05/10 21:13:47 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\drivers\nvBridge.kmd
[2011/05/10 20:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
[2011/05/10 20:49:01 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LucasArts
[2011/05/10 20:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\LucasArts
[2011/05/10 15:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acoustica Mixcraft 5
[2011/05/10 15:00:48 | 000,057,344 | ---- | C] (NexiTech, Inc.) -- C:\windows\System32\Wnaspint.dll
[2011/05/10 14:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\Acoustica Shared Effects
[2011/05/09 16:43:37 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\***
[2011/05/07 01:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/05/06 19:04:09 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\.minecraft_xray
[2011/05/06 19:03:51 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\x-ray
[2011/05/06 18:24:24 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.6
[2011/05/06 18:23:18 | 000,000,000 | ---D | C] -- C:\Python26
[2011/05/06 18:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
[2011/05/06 18:17:08 | 000,000,000 | ---D | C] -- C:\Python27
[2011/05/04 16:14:38 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011/05/04 16:06:24 | 000,000,000 | ---D | C] -- C:\Fraps
[2011/05/04 16:03:10 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperSnap 6
[2011/05/04 16:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperSnap 6
[2011/05/04 16:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\HyperSnap 6
[2011/04/28 23:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/04/28 23:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/04/28 23:00:49 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2011/04/28 23:00:45 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prevhost.exe
[2011/04/28 23:00:25 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\esent.dll
[2011/04/28 23:00:25 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\storport.sys
[2011/04/28 23:00:24 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fsutil.exe
[2011/04/28 22:58:16 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2011/04/27 18:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2011/04/25 23:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDev
[2011/04/25 23:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\MegaDev
[2011/04/25 00:34:30 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\StarCraft II Demo
[2011/04/25 00:34:25 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II Demo
[2011/04/19 17:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArtMoney SE
[2011/04/19 17:16:05 | 000,000,000 | ---D | C] -- C:\Games
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Julian\AppData\Roaming\*.tmp files -> C:\Users\Julian\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/05/16 22:59:26 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/05/16 22:56:34 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2011/05/16 22:54:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/05/16 22:54:31 | 274,108,453 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/05/16 22:54:27 | 3209,199,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/16 22:51:56 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/16 22:43:13 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/16 22:02:17 | 000,002,244 | ---- | M] () -- C:\Users\Julian\Desktop\SpyHunter.lnk
[2011/05/16 21:38:33 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2011/05/16 21:18:58 | 000,112,326 | ---- | M] () -- C:\Users\Julian\Documents\cc_20110516_211850.reg
[2011/05/16 19:15:52 | 000,000,000 | ---- | M] () -- C:\Users\Julian\2gweorjqjutp92vjy9gake
[2011/05/16 18:52:30 | 000,007,601 | ---- | M] () -- C:\Users\Julian\AppData\Local\Resmon.ResmonCfg
[2011/05/16 10:40:31 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/16 10:40:31 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/15 21:49:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/13 16:54:35 | 000,113,595 | ---- | M] () -- C:\Users\Julian\Documents\IMG_13052011_165425.png
[2011/05/13 16:47:44 | 000,116,300 | ---- | M] () -- C:\Users\Julian\Documents\IMG_13052011_164717.png
[2011/05/10 21:16:58 | 000,350,352 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/05/10 21:15:06 | 000,043,520 | ---- | M] () -- C:\windows\System32\CmdLineExt03.dll
[2011/05/10 20:59:08 | 000,001,996 | ---- | M] () -- C:\Users\Julian\Desktop\Star Wars Knights of the Old Republic.lnk
[2011/05/10 20:28:21 | 000,656,266 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/05/10 20:28:21 | 000,618,108 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/05/10 20:28:21 | 000,131,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/05/10 20:28:21 | 000,107,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/05/10 15:26:01 | 000,003,584 | ---- | M] () -- C:\Users\Julian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/10 15:00:49 | 000,000,978 | ---- | M] () -- C:\Users\Public\Desktop\Mixcraft 5.lnk
[2011/05/09 20:44:25 | 004,897,935 | ---- | M] () -- C:\Users\Julian\Documents\***.rar
[2011/05/09 16:43:46 | 004,789,448 | ---- | M] () -- C:\Users\Julian\Desktop\***.rar
[2011/05/06 18:44:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/05/06 18:44:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/05/06 13:20:01 | 000,000,641 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/05/04 16:14:38 | 000,000,572 | ---- | M] () -- C:\Users\Julian\Desktop\Fraps.lnk
[2011/05/04 16:03:10 | 000,000,948 | ---- | M] () -- C:\Users\Julian\Desktop\HyperSnap 6.lnk
[2011/05/02 20:26:20 | 000,001,638 | ---- | M] () -- C:\Users\Public\Desktop\Operation Flashpoint ® Red River.lnk
[2011/04/30 12:34:28 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/25 23:46:37 | 000,002,140 | ---- | M] () -- C:\Users\Julian\Desktop\MegaTrainer eXperience.lnk
[2011/04/25 23:46:37 | 000,002,127 | ---- | M] () -- C:\Users\Julian\Desktop\MT-X - Anleitung.lnk
[2011/04/23 22:20:39 | 000,000,298 | ---- | M] () -- C:\Users\Julian\Desktop\Anno1404_Stadtplanung.pdf
[2011/04/19 17:16:09 | 000,000,693 | ---- | M] () -- C:\Users\Public\Desktop\ArtMoney SE v7.35.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Julian\AppData\Roaming\*.tmp files -> C:\Users\Julian\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/05/16 22:43:13 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/16 22:02:17 | 000,002,244 | ---- | C] () -- C:\Users\Julian\Desktop\SpyHunter.lnk
[2011/05/16 21:38:33 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2011/05/16 21:18:53 | 000,112,326 | ---- | C] () -- C:\Users\Julian\Documents\cc_20110516_211850.reg
[2011/05/16 20:31:38 | 274,108,453 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011/05/16 19:15:52 | 000,000,000 | ---- | C] () -- C:\Users\Julian\2gweorjqjutp92vjy9gake
[2011/05/13 16:54:33 | 000,113,595 | ---- | C] () -- C:\Users\Julian\Documents\IMG_13052011_165425.png
[2011/05/13 16:47:42 | 000,116,300 | ---- | C] () -- C:\Users\Julian\Documents\IMG_13052011_164717.png
[2011/05/10 21:15:06 | 000,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll
[2011/05/10 20:49:14 | 000,001,996 | ---- | C] () -- C:\Users\Julian\Desktop\Star Wars Knights of the Old Republic.lnk
[2011/05/10 15:26:01 | 000,003,584 | ---- | C] () -- C:\Users\Julian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/10 15:00:49 | 000,000,978 | ---- | C] () -- C:\Users\Public\Desktop\Mixcraft 5.lnk
[2011/05/09 16:43:45 | 004,789,448 | ---- | C] () -- C:\Users\Julian\Desktop\***.rar
[2011/05/08 21:25:29 | 004,897,935 | ---- | C] () -- C:\Users\Julian\Documents\***.rar
[2011/05/06 18:44:14 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/05/06 18:44:14 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/05/04 16:06:29 | 000,000,572 | ---- | C] () -- C:\Users\Julian\Desktop\Fraps.lnk
[2011/05/04 16:03:10 | 000,000,948 | ---- | C] () -- C:\Users\Julian\Desktop\HyperSnap 6.lnk
[2011/05/02 18:18:30 | 000,001,638 | ---- | C] () -- C:\Users\Public\Desktop\Operation Flashpoint ® Red River.lnk
[2011/04/30 12:34:27 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/25 23:46:37 | 000,002,140 | ---- | C] () -- C:\Users\Julian\Desktop\MegaTrainer eXperience.lnk
[2011/04/25 23:46:37 | 000,002,127 | ---- | C] () -- C:\Users\Julian\Desktop\MT-X - Anleitung.lnk
[2011/04/23 22:20:18 | 000,000,298 | ---- | C] () -- C:\Users\Julian\Desktop\Anno1404_Stadtplanung.pdf
[2011/04/19 17:16:09 | 000,000,693 | ---- | C] () -- C:\Users\Public\Desktop\ArtMoney SE v7.35.lnk
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\windows\System32\xlive.dll.cat
[2011/03/13 19:15:33 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/03/07 14:18:34 | 000,000,529 | ---- | C] () -- C:\windows\eReg.dat
[2011/01/30 15:38:14 | 000,162,432 | ---- | C] () -- C:\windows\System32\drivers\ithsgt.sys
[2011/01/30 15:38:02 | 000,012,032 | ---- | C] () -- C:\windows\System32\drivers\lilsgt.sys
[2011/01/30 15:30:18 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2010/11/09 19:47:39 | 000,001,832 | ---- | C] () -- C:\windows\hpwmdl24.dat.temp
[2010/11/07 18:50:07 | 000,256,296 | ---- | C] () -- C:\windows\hpwins24.dat
[2010/10/11 16:47:10 | 000,138,184 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2010/10/11 16:47:10 | 000,138,056 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\PnkBstrK.sys
[2010/10/11 16:46:58 | 000,215,016 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe
[2010/10/11 16:46:56 | 000,075,064 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe
[2010/10/11 16:46:53 | 002,427,248 | ---- | C] () -- C:\windows\System32\pbsvc_heroes.exe
[2010/09/22 19:12:33 | 000,007,601 | ---- | C] () -- C:\Users\Julian\AppData\Local\Resmon.ResmonCfg
[2010/09/17 16:25:58 | 000,281,760 | ---- | C] () -- C:\windows\System32\drivers\atksgt.sys
[2010/09/17 16:25:58 | 000,025,888 | ---- | C] () -- C:\windows\System32\drivers\lirsgt.sys
[2010/09/17 13:38:00 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/03/06 00:12:46 | 000,656,266 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2010/03/06 00:12:46 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2010/03/06 00:12:46 | 000,131,006 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2010/03/06 00:12:46 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2010/03/05 07:06:50 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/03/05 06:56:58 | 000,000,426 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/03/05 06:29:42 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe
[2009/11/06 11:53:13 | 000,001,832 | ---- | C] () -- C:\windows\hpwmdl24.dat
[2009/09/29 17:25:42 | 000,013,752 | ---- | C] () -- C:\windows\System32\drivers\TurboB.sys
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 000,350,352 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,618,108 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,107,388 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2008/12/09 17:23:13 | 000,048,352 | RHS- | C] () -- C:\Users\Julian\AppData\Roaming\appconf32.exe
[2006/10/08 19:33:54 | 000,000,000 | ---- | C] () -- C:\windows\R-series.ini
 
========== LOP Check ==========
 
[2011/05/09 21:44:01 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\.minecraft
[2011/05/06 19:04:09 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\.minecraft_xray
[2010/10/09 19:41:12 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\2K Sports
[2011/05/16 20:24:31 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\5015
[2011/01/12 21:27:34 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Acoustica
[2011/01/12 21:34:17 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Antares
[2010/09/27 16:41:30 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\DAEMON Tools Lite
[2011/04/30 18:45:43 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Free Download Manager
[2010/11/07 20:16:04 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\GameTuts
[2010/10/09 14:57:38 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Go Go Gourmet
[2011/05/13 18:33:58 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\ICQ
[2011/05/16 19:15:53 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\kock
[2010/10/29 15:02:33 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\LolClient
[2011/01/31 19:18:22 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2010/09/17 22:07:16 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\PlayFirst
[2011/01/12 21:27:38 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\SynthMaker
[2011/03/10 00:22:08 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\The Creative Assembly
[2011/02/23 19:44:23 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\TS3Client
[2010/11/03 17:03:46 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Ubisoft
[2011/05/12 19:52:52 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Unity
[2011/05/10 21:09:01 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\uTorrent
[2010/10/14 22:03:53 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\WebcamMax
[2011/05/16 19:15:54 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\xmldm
[2010/10/07 21:22:07 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Zylom
[2010/11/14 18:03:08 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE

< End of report >
         
--- --- ---


Sollten noch mehr Logs von Nöten sein müsst ihr mir das sagen.
Ich hoffe ihr könnt mir helfen!

Mfg Julian

Alt 16.05.2011, 23:07   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bluescreens durch mehrere Trojaner - Standard

Bluescreens durch mehrere Trojaner



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 16.05.2011, 23:12   #3
Juuliaan310
 
Bluescreens durch mehrere Trojaner - Standard

Bluescreens durch mehrere Trojaner



Es gibt noch einen den ich nach dem vorherigen Scan gemacht hab.
Sonst aber keinen.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6593

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

16.05.2011 23:25:36
mbam-log-2011-05-16 (23-25-36).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 166896
Laufzeit: 2 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Mfg Julian
__________________

Alt 16.05.2011, 23:21   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bluescreens durch mehrere Trojaner - Standard

Bluescreens durch mehrere Trojaner



Zitat:
Art des Suchlaufs: Quick-Scan

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.05.2011, 10:09   #5
Juuliaan310
 
Bluescreens durch mehrere Trojaner - Standard

Bluescreens durch mehrere Trojaner



Tut mir leid das ich erst jetzt antworte ich bin während des Scans eingeschlafen.
Jedenfalls hat der vollständige Scan 5 Trojan.Dropper gefunden.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6593

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

17.05.2011 06:22:24
mbam-log-2011-05-17 (06-22-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 494557
Laufzeit: 1 Stunde(n), 15 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\Temp\0.038743985186531105.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.00693450851851829.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.22208238544798664.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.4486574374882275.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.8172706671246647.exe (Trojan.Dropper) -> Quarantined and deleted successfully.


Alt 17.05.2011, 10:48   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bluescreens durch mehrere Trojaner - Standard

Bluescreens durch mehrere Trojaner



Zitat:
O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 orbitservice.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
Was sollen die Einträge?
__________________
--> Bluescreens durch mehrere Trojaner

Alt 17.05.2011, 10:56   #7
Juuliaan310
 
Bluescreens durch mehrere Trojaner - Standard

Bluescreens durch mehrere Trojaner



Das könnte ein Crack sein.

Alt 17.05.2011, 11:01   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bluescreens durch mehrere Trojaner - Standard

Bluescreens durch mehrere Trojaner



Dann ist auch klar, woher die Infektion kommt.
Mach die Kiste platt und setz Windows neu auf, bei Cracks wird hier nicht mehr bereinigt. Folge dem Artikel zur Neuinstallation von Windows.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Bluescreens durch mehrere Trojaner
alternate, autorun, bho, bluescreen, defender, enigma, error, explorer, fehlermeldung, firefox, format, free download, google, heuristics.reserved.word.exploit, home, kaspersky, laufzeit, mozilla, nvlddmkm.sys, oldtimer, phishing, plug-in, programm, recycle.bin, registry, searchplugins, security, siteadvisor, software, sptd.sys, start menu, starten, static, task-manager, trojane, trojaner, updates, virus, virus gefunden, webcheck, windows, windows 7 home, windows 7 home premium



Ähnliche Themen: Bluescreens durch mehrere Trojaner


  1. Regelmäßige Bluescreens und der Verdacht durch Rougekiller auf einen IRP Hook Rootkit
    Log-Analyse und Auswertung - 05.04.2015 (21)
  2. Windows 8.1: Nach Toolbar Installation mehrere Funde durch Antivirensoftware
    Log-Analyse und Auswertung - 04.12.2014 (5)
  3. Mehrere Funde von Java-Viren durch Avira
    Log-Analyse und Auswertung - 23.02.2014 (16)
  4. Massive Bluescreens durch Windows/Treiber
    Alles rund um Windows - 23.10.2013 (2)
  5. Windows vista: Mehrere Trojaner durch CT Viren-CD gefunden
    Log-Analyse und Auswertung - 16.09.2013 (17)
  6. Instabiles System: Mehrere Bluescreens und Festplattenfehler
    Netzwerk und Hardware - 22.08.2013 (11)
  7. Mehrere Funde durch Malwarebytes
    Log-Analyse und Auswertung - 13.06.2013 (13)
  8. mehrere Bluescreens
    Plagegeister aller Art und deren Bekämpfung - 28.11.2012 (7)
  9. Mehrere Trojaner durch Malwarebytes Anti Malware gefunden und ein Virus durch Avira gefunden (TR/Gendal.81920.6)
    Log-Analyse und Auswertung - 10.11.2012 (1)
  10. Win32-Sality Virus Computer laggt und dreht durch !Schon mehrere Programme benutzt
    Plagegeister aller Art und deren Bekämpfung - 05.04.2012 (5)
  11. Täglich mehrere Bluescreens und Blackscreens
    Alles rund um Windows - 27.03.2012 (7)
  12. mehrere Trojaner gefunden durch Malwarebytes Antimalware
    Log-Analyse und Auswertung - 28.02.2012 (44)
  13. Mehrere Trojaner auf meinen PC durch Facebook
    Log-Analyse und Auswertung - 07.12.2011 (18)
  14. Pc-Abstürze durch Bluescreens und automatisches Öffnen von Tabs im Browser
    Plagegeister aller Art und deren Bekämpfung - 17.09.2011 (28)
  15. Mehrere unbekannte Viren und Trojaner, nicht entfernbar durch AntiVirenProgramm
    Log-Analyse und Auswertung - 09.08.2011 (1)
  16. Sicherheit durch mehrere Installationen von Windows?
    Diskussionsforum - 15.10.2010 (4)
  17. Mehrere Bluescreens
    Log-Analyse und Auswertung - 16.11.2008 (0)

Zum Thema Bluescreens durch mehrere Trojaner - Guten Abend, Microsoft Security Essentials hat heute Nachmittag nachdem ich beim surfen durchs Netz auf diese Seite search - advertising . org gestoßen bin, diesen Virus gefunden: Exploit:Win32/Pdfjsc.PD. Nachdem ich - Bluescreens durch mehrere Trojaner...
Archiv
Du betrachtest: Bluescreens durch mehrere Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.