Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Sehr hohe CPU Auslastungff (https://www.trojaner-board.de/99170-sehr-hohe-cpu-auslastungff.html)

Jafa 16.05.2011 19:24
Sehr hohe CPU Auslastungff
 
Zu hohe CPU Auslastung!!!

Neuerdings nach dem Hochfahren meines Computer steigt die CPU Auslastung auf 70 % und pendelt dann zwichen 70 und 30 % obwohl ich keine Programme neben bei zu laufen habe!
Beim Task Manager unter Prozesse kann ich nicht erkennen welcher Prozess die hohe Auslastung verusacht denn alle Auslastungen sind auf null außer taskmgr.exe und dwm.exe pendeln ab und zu zwichen 1-2 %.
Hab Norton schon 2 mal drüberlaufen lassen hat was gefunden (1) und behoben auch Malwarebytes hat was gefunden (1) und behoben, leider ist die Auslastung immer noch da.
Als Anhang kommt mein LogFile hoffe ihr Profis könnt was erkennen, für alle Förmlichen Fehler die ich gemacht habe entschuldige ich mich hoffe aber auf eine rettende Antwort.:applaus:

Jafa 16.05.2011 19:26
HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:25:38, on 16.05.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\taskeng.exe
C:\Users\Shokry\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360 Online\osCheck.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6780 bytes
--- --- ---

Jafa 16.05.2011 19:31
wenn mehr benötigt wird dann sagt an was.

Jafa 16.05.2011 19:47
sry hier kommt die richitge LogFile

Jafa 16.05.2011 19:54
OTL Logfile:
Code:
OTL logfile created on: 16.05.2011 20:51:39 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Shokry\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 131,13 Gb Free Space | 28,15% Space Free | Partition Type: NTFS
 
Computer Name: SHOKRY-PC | User Name: Shokry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Shokry\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Mumble\mumble.exe (Thorvald Natvig)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
PRC - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files\ASUS\Six Engine\SixEngine.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\Razer\Diamondback 3G\razerhid.exe ()
PRC - C:\Program Files\Razer\Diamondback 3G\razerofa.exe (Razer Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Shokry\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Mumble\mumble_ol.dll ()
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (DTSRVC) -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (PdiService) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110515.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110515.002\NAVENG.SYS (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20110510.001\IDSvix86.sys (Symantec Corporation)
DRV - (P17) -- C:\Windows\System32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (COH_Mon) -- C:\Windows\System32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (mv61xx) -- C:\Windows\system32\drivers\mv61xx.sys (Marvell Semiconductor, Inc.)
DRV - (PdiPorts) -- C:\Windows\System32\drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) -- C:\Windows\System32\drivers\es1371mp.sys (Creative Technology Ltd.)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (CO_Mon) -- C:\Windows\System32\drivers\CO_Mon.sys (Symantec Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1.1
FF - prefs.js..extensions.enabledItems: abhere2@moztw.org:3.6.20101102
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.6
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.94
FF - prefs.js..extensions.enabledItems: {1cff04ef-0c75-4621-ba2a-2efb77346996}:2.3
FF - prefs.js..extensions.enabledItems: {20E2E952-0E3E-4b83-A1CE-5340C10F43A9}:3.1
FF - prefs.js..extensions.enabledItems: {2E481B23-66AC-313F-D6A8-A81DDDF26249}:1.0.20101216
FF - prefs.js..extensions.enabledItems: {21e48e29-f574-4619-b65d-0f00eea92e5b}:1.87
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {3354F302-9928-4b07-B947-82F65A8FF70D}:2.0.2009110201
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.6
FF - prefs.js..extensions.enabledItems: researchword@scott:1.3.7
FF - prefs.js..extensions.enabledItems: {7a46f9fe-4818-4837-ae4a-39c53978ae99}:1.5.4
FF - prefs.js..extensions.enabledItems: savesession@noasobi.net:1.3.1.6
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.21amo
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2
FF - prefs.js..extensions.enabledItems: tabpopup@adarsh.tp:1.2.3
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {3713a489-0634-4472-8456-dc7abd7eba00}:1.3.1
FF - prefs.js..keyword.URL: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: "localhost"
FF - prefs.js..network.proxy.backup.socks_port: 9050
FF - prefs.js..network.proxy.backup.ssl: "localhost"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.15 01:41:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.15 01:41:24 | 000,000,000 | ---D | M]
 
[2009.03.26 12:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shokry\AppData\Roaming\mozilla\Extensions
[2011.05.16 00:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shokry\AppData\Roaming\mozilla\Firefox\Profiles\g5lqbbi4.default\extensions
[2010.02.16 11:57:15 | 000,000,000 | ---D | M] ("ChromaTabs Plus") -- C:\Users\Shokry\AppData\Roaming\mozilla\Firefox\Profiles\g5lqbbi4.default\extensions\{1cff04ef-0c75-4621-ba2a-2efb77346996}
[2010.04.28 00:00:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Shokry\AppData\Roaming\mozilla\Firefox\Profiles\g5lqbbi4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.08.07 14:14:42 | 000,000,000 | ---D | M] (ColorResults) -- C:\Users\Shokry\AppData\Roaming\mozilla\Firefox\Profiles\g5lqbbi4.default\extensions\{20E2E952-0E3E-4b83-A1CE-5340C10F43A9}
[2011.04.27 20:48:35 | 000,000,000 | ---D | M] ("GoogleEnhancer") -- C:\Users\Shokry\AppData\Roaming\mozilla\Firefox\Profiles\g5lqbbi4.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
[2010.12.19 14:35:50 | 000,000,000 | ---D | M] (Fierr) -- C:\Users\Shokry\AppData\Roaming\mozilla\Firefox\Profiles\g5lqbbi4.default\extensions\{2E481B23-66AC-313F-D6A8-A81DDDF26249}
[2009.11.06 18:59:36 | 000,000,000 | ---D | M] ("Line Marker") -- C:\Users\Shokry\AppData\Roaming\mozilla\Firefox\Profiles\g5lqbbi4.default\extensions\{3354F302-9928-4b07-B947-82F65A8FF70D}
[2010.04.08 11:10:00 | 000,000,000 | ---D | M] (Abaca classic) -- C:\Users\Shokry\AppData\Roaming\mozilla\Firefox\Profiles\g5lqbbi4.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}
[2011.04.27 20:48:34 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Shokry\AppData\Roaming\mozilla\Firefox\Profiles\g5lqbbi4.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009.03.26 12:46:20 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\Shokry\AppData\Roaming\mozilla\Firefox\Profiles\g5lqbbi4.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2009.06.04 02:42:33 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Shokry\AppData\Roaming\mozilla\Firefox\Profiles\g5lqbbi4.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011.04.27 20:48:35 | 000,000,000 | ---D | M] (Save Link in Folder) -- C:\Users\Shokry\AppData\Roaming\mozilla\Firefox\Profiles\g5lqbbi4.default\extensions\{7a46f9fe-4818-4837-ae4a-39c53978ae99}
[2011.04.27 20:48:26 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Shokry\AppData\Roaming\mozilla\Firefox\Profiles\g5lqbbi4.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011.03.11 20:37:08 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\Shokry\AppData\Roaming\mozilla\Firefox\Profiles\g5lqbbi4.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010.01.07 20:28:38 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\Shokry\AppData\Roaming\mozilla\Firefox\Profiles\g5lqbbi4.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2009.03.28 11:53:32 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\Shokry\AppData\Roaming\mozilla\Firefox\Profiles\g5lqbbi4.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2011.03.21 17:36:10 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Users\Shokry\AppData\Roaming\mozilla\Firefox\Profiles\g5lqbbi4.default\extensions\elemhidehelper@adblockplus.org
[2011.03.21 17:36:14 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Shokry\AppData\Roaming\mozilla\Firefox\Profiles\g5lqbbi4.default\extensions\personas@christopher.beard
[2010.09.24 21:39:20 | 000,000,000 | ---D | M] (Research Word) -- C:\Users\Shokry\AppData\Roaming\mozilla\Firefox\Profiles\g5lqbbi4.default\extensions\researchword@scott
[2009.07.22 04:52:07 | 000,000,000 | ---D | M] (Save Session) -- C:\Users\Shokry\AppData\Roaming\mozilla\Firefox\Profiles\g5lqbbi4.default\extensions\savesession@noasobi.net
[2011.01.16 18:27:18 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Users\Shokry\AppData\Roaming\mozilla\Firefox\Profiles\g5lqbbi4.default\extensions\SkipScreen@SkipScreen
[2011.04.27 20:48:35 | 000,000,000 | ---D | M] (Tab Popup) -- C:\Users\Shokry\AppData\Roaming\mozilla\Firefox\Profiles\g5lqbbi4.default\extensions\tabpopup@adarsh.tp
[2010.04.08 11:10:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shokry\AppData\Roaming\mozilla\Firefox\Profiles\g5lqbbi4.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}\chrome\mozapps\extensions
[2010.10.18 00:23:21 | 000,002,059 | ---- | M] () -- C:\Users\Shokry\AppData\Roaming\Mozilla\Firefox\Profiles\g5lqbbi4.default\searchplugins\daemon-search.xml
[2009.02.10 19:43:26 | 000,001,632 | ---- | M] () -- C:\Users\Shokry\AppData\Roaming\Mozilla\Firefox\Profiles\g5lqbbi4.default\searchplugins\live-search.xml
[2011.05.15 02:59:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.01 01:11:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.22 18:48:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.11 18:55:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.05.15 02:03:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\SHOKRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G5LQBBI4.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\SHOKRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G5LQBBI4.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SHOKRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G5LQBBI4.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
() (No name found) -- C:\USERS\SHOKRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G5LQBBI4.DEFAULT\EXTENSIONS\ABHERE2@MOZTW.ORG.XPI
() (No name found) -- C:\USERS\SHOKRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G5LQBBI4.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009.03.31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2011.04.14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.12 22:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe ()
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton 360 Online\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Shokry\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Shokry\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{067e0443-6d7e-11df-b7dc-00235400bcc6}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{067e0443-6d7e-11df-b7dc-00235400bcc6}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{072cfcfd-9df2-11de-941e-00235400bcc6}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL /RECYCLER/argrbnjl.exe navg
O33 - MountPoints2\{17379e28-2db3-11df-bf9d-00235400bcc6}\Shell - "" = AutoRun
O33 - MountPoints2\{17379e28-2db3-11df-bf9d-00235400bcc6}\Shell\AutoRun\command - "" = E:\dvdcheck.exe
O33 - MountPoints2\{17379e28-2db3-11df-bf9d-00235400bcc6}\Shell\directx\command - "" = DirectX9\dxsetup.exe
O33 - MountPoints2\{17379e28-2db3-11df-bf9d-00235400bcc6}\Shell\setup\command - "" = E:\setup.exe
O33 - MountPoints2\{212061be-803a-11df-a1f8-00235400bcc6}\Shell - "" = AutoRun
O33 - MountPoints2\{212061be-803a-11df-a1f8-00235400bcc6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{212061c0-803a-11df-a1f8-00235400bcc6}\Shell - "" = AutoRun
O33 - MountPoints2\{212061c0-803a-11df-a1f8-00235400bcc6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2431bb44-30f9-11df-8133-00235400bcc6}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{2431bb44-30f9-11df-8133-00235400bcc6}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{411b107e-d23a-11df-8b78-00235400bcc6}\Shell - "" = AutoRun
O33 - MountPoints2\{411b107e-d23a-11df-8b78-00235400bcc6}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{4e4222ef-b6cc-11df-b5b9-00235400bcc6}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{4e4222ef-b6cc-11df-b5b9-00235400bcc6}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{4e4222f5-b6cc-11df-b5b9-00235400bcc6}\Shell\AutoRun\command - "" = G:\
O33 - MountPoints2\{4e4222f5-b6cc-11df-b5b9-00235400bcc6}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{aa77bee4-7d2a-11df-9809-00235400bcc6}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{aa77bee4-7d2a-11df-9809-00235400bcc6}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{ee3774c5-7462-11df-9b9a-00235400bcc6}\Shell - "" = AutoRun
O33 - MountPoints2\{ee3774c5-7462-11df-9b9a-00235400bcc6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ee3774cc-7462-11df-9b9a-00235400bcc6}\Shell - "" = AutoRun
O33 - MountPoints2\{ee3774cc-7462-11df-9b9a-00235400bcc6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ee3774d6-7462-11df-9b9a-00235400bcc6}\Shell - "" = AutoRun
O33 - MountPoints2\{ee3774d6-7462-11df-9b9a-00235400bcc6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ee3774da-7462-11df-9b9a-00235400bcc6}\Shell - "" = AutoRun
O33 - MountPoints2\{ee3774da-7462-11df-9b9a-00235400bcc6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.15 17:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011.05.15 14:45:24 | 000,000,000 | ---D | C] -- C:\f1c1a3997ca70a30ebe4
[2011.05.15 14:45:22 | 000,000,000 | ---D | C] -- C:\3321498306b20000b2c72451
[2011.05.15 02:44:17 | 000,000,000 | ---D | C] -- C:\Users\Shokry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live for Speed
[2011.05.15 02:42:47 | 000,000,000 | ---D | C] -- C:\LFS
[2011.05.15 02:36:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011.05.15 02:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.05.15 02:03:29 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.05.15 02:03:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.05.15 02:03:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.05.14 21:52:57 | 000,000,000 | ---D | C] -- C:\Users\Shokry\AppData\Roaming\Mumble(PR Edition)
[2011.05.14 21:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble (PR Edition)
[2011.05.14 21:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble(PR Edition)
[2011.05.14 21:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project Reality
[2011.05.14 21:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2011.05.14 21:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble
[2009.03.12 03:15:41 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Users\Shokry\AppData\Roaming\REX Shared Library.dll
[2009.03.12 03:15:41 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Users\Shokry\AppData\Roaming\Rewire.dll
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.16 19:47:20 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.05.16 19:47:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.16 19:47:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.16 19:47:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.16 19:47:08 | 2146,492,416 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.16 02:01:07 | 000,660,408 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.16 02:01:07 | 000,622,620 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.16 02:01:07 | 000,140,264 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.16 02:01:07 | 000,115,244 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.16 01:20:12 | 264,225,435 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.05.16 00:58:25 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{06B650C3-439F-40C7-ACB9-4AF75F59D548}.job
[2011.05.15 02:49:47 | 000,000,552 | ---- | M] () -- C:\Users\Shokry\AppData\Local\d3d8caps.dat
[2011.05.15 02:44:17 | 000,000,486 | ---- | M] () -- C:\Users\Shokry\Desktop\LFS.lnk
[2011.05.15 01:18:27 | 000,138,520 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.05.15 01:16:32 | 000,234,536 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.05.14 21:53:28 | 000,139,152 | ---- | M] () -- C:\Users\Shokry\AppData\Roaming\PnkBstrK.sys
[2011.05.14 21:53:11 | 000,794,408 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[2011.05.14 21:52:53 | 000,000,879 | ---- | M] () -- C:\Users\Public\Desktop\PRmumble(0.5beta).lnk
[2011.05.14 21:52:40 | 000,002,030 | ---- | M] () -- C:\Users\Shokry\Desktop\Project Reality 0957.lnk
[2011.05.14 21:45:20 | 000,000,738 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.15 02:49:47 | 000,000,552 | ---- | C] () -- C:\Users\Shokry\AppData\Local\d3d8caps.dat
[2011.05.15 02:44:17 | 000,000,486 | ---- | C] () -- C:\Users\Shokry\Desktop\LFS.lnk
[2011.05.15 01:41:26 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.05.14 21:52:53 | 000,000,879 | ---- | C] () -- C:\Users\Public\Desktop\PRmumble(0.5beta).lnk
[2011.05.14 21:52:40 | 000,002,030 | ---- | C] () -- C:\Users\Shokry\Desktop\Project Reality 0957.lnk
[2011.05.14 21:45:20 | 000,000,738 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2011.02.23 23:52:39 | 000,138,520 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.02.23 23:52:24 | 000,234,536 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.02.23 23:52:19 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011.02.06 23:26:01 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2010.11.08 03:12:43 | 000,001,356 | ---- | C] () -- C:\Users\Shokry\AppData\Local\d3d9caps.dat
[2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.06.05 15:56:28 | 000,002,954 | ---- | C] () -- C:\Windows\System32\AudioDrv.ini
[2010.06.05 15:55:02 | 000,166,912 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010.06.05 15:55:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010.06.05 15:54:44 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2010.06.05 15:54:44 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2010.03.10 17:32:57 | 000,000,024 | ---- | C] () -- C:\Users\Shokry\AppData\Roaming\WED.prefs
[2010.03.02 22:18:16 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.01.07 19:19:18 | 000,078,211 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009.12.24 01:54:59 | 000,168,615 | ---- | C] () -- C:\Windows\hpgins32.dat
[2009.12.12 02:11:03 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.12.12 02:11:03 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009.12.12 02:11:01 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009.12.12 02:11:01 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.12.12 02:11:01 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.12.12 02:10:59 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.10.16 06:50:54 | 000,003,930 | ---- | C] () -- C:\Windows\System32\ludap17.ini
[2009.07.26 18:59:13 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.07.26 18:59:13 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.05.28 03:55:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.28 03:55:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.15 03:09:42 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.05.13 05:58:41 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009.04.24 07:39:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.03.30 08:51:08 | 000,001,307 | ---- | C] () -- C:\Windows\aopr.ini
[2009.03.27 10:02:16 | 000,098,816 | ---- | C] () -- C:\Users\Shokry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.26 13:59:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.03.26 12:55:55 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009.03.26 12:22:25 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009.03.10 18:22:57 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009.02.11 20:09:06 | 076,629,272 | ---- | C] () -- C:\Program Files\Install_Norton360_DE.EXE
[2009.02.08 03:51:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.02.08 00:13:25 | 000,048,913 | ---- | C] () -- C:\Windows\UninstVeetleTVPlayer.exe
[2009.01.30 02:40:06 | 000,002,304 | ---- | C] () -- C:\Windows\System32\Machnm32.sys
[2009.01.19 22:39:35 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.01.15 15:41:25 | 000,000,160 | ---- | C] () -- C:\Users\Shokry\AppData\Roaming\default.rss
[2009.01.15 06:00:15 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.01.12 14:36:51 | 000,023,888 | ---- | C] () -- C:\Users\Shokry\AppData\Roaming\UserTile.png
[2009.01.11 03:35:40 | 000,139,152 | ---- | C] () -- C:\Users\Shokry\AppData\Roaming\PnkBstrK.sys
[2009.01.11 03:35:24 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.01.07 23:05:00 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2009.01.07 23:05:00 | 000,012,400 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2009.01.07 23:04:57 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2009.01.07 23:04:57 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2009.01.07 22:46:23 | 000,035,408 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009.01.07 22:46:05 | 000,035,018 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008.11.13 06:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2008.08.26 07:42:51 | 000,000,149 | ---- | C] () -- C:\Windows\hpgmdl32.dat
[2008.01.21 09:15:58 | 000,660,408 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,140,264 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.12.28 17:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 002,336,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,622,620 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,115,244 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.03.08 06:17:00 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2002.06.28 11:43:44 | 000,438,272 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2002.05.16 01:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll
[2002.05.04 15:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll
 
========== LOP Check ==========
 
[2009.04.07 01:03:45 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\AeroSnapApp
[2009.03.26 12:46:12 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\App Launcher Gadget
[2009.03.26 12:46:12 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\Canneverbe_Limited
[2009.06.12 04:35:36 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\CD Art Display
[2009.03.26 12:46:12 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\concept design
[2010.05.25 01:18:27 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\Cuttermaran
[2010.10.10 02:38:22 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\DAEMON Tools Lite
[2010.03.10 00:15:21 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\DAEMON Tools Pro
[2009.03.26 12:46:12 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\DisplayTune
[2009.05.01 21:08:52 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\FRITZ!
[2010.12.16 00:17:46 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\GetRightToGo
[2009.03.30 14:00:11 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\Leadertech
[2009.03.26 12:46:13 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\MessengerGadget
[2011.05.16 19:48:06 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\Mumble
[2011.05.14 22:52:55 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\Mumble(PR Edition)
[2010.09.26 12:07:10 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\My Games
[2010.10.17 23:56:18 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\New Technology Studio
[2010.05.26 16:36:01 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\No Company Name
[2009.03.26 12:46:24 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\OpenOffice.org
[2009.01.12 14:36:51 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\PeerNetworking
[2009.03.26 12:46:25 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\Propellerhead Software
[2009.05.19 02:39:58 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\Red Alert 3
[2009.03.26 12:46:25 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\SAD
[2009.09.09 13:57:44 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\Stardock
[2011.01.21 01:48:45 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\Teeworlds
[2009.01.30 05:12:25 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\temp
[2009.03.26 12:46:25 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\Thunderbird
[2011.05.15 02:36:51 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\TuneUp Software
[2010.03.16 18:03:30 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\Ubisoft
[2010.03.06 17:00:49 | 000,000,000 | ---D | M] -- C:\Users\Shokry\AppData\Roaming\VoipStunt
[2011.05.16 19:46:02 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.05.16 00:58:25 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{06B650C3-439F-40C7-ACB9-4AF75F59D548}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 48 bytes -> C:\Windows:0D0F83A2BBF5B76D

< End of report >
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:55 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129