avp.exe von Malewarebytes' Anti-Malware ,,geblockt´´

Superrene · 24.06.2011, 14:08

Guten Tag!
Malwarebytes' Anti-Malware gab mir gerade diese Meldung:
,,Zugang zu einer potenziell gefährlichen Website erfolgreich gestoppt: 67.29.139.153

Art: ausgehend
Port: 57394
Prozess: avp.exe´´

Ungefähr eine Minute später genau die gleiche Meldung, jedoch mit Port: 57788!
Auch Kaspersky gibt mir andauernt Meldungen, wegen ,,wtr.exe´´. Das ist aber ein anderes Thema, und werde es in einem anderen Thread mit einem Logfile von Malwarebytes' schreiben (Quick-Scan läuft noch)!
Ich kann leider nicht sagen wo es sich befindet, da es unter ,,Start´´ nicht findet!

Ich bin total aufgeregt, und hoffe ihr könnt mir ganz schnell helfen!
Mein PC ist auch sehr langsam geworden!

Danke im voraus!

Superrene · 24.06.2011, 14:38

Hallo,
Kaspersky gibt mir andauernd die Meldung, das ich einen Virus namens ,,WTR.exe´´ habe.
Ich habe also mit Malwarebytes' Anti-Malware einen Quickscan durchgeführt,
der aber Sehr lang dauerte! Also habe ich den nach einer Stund und 10 Minuten abgebrochen!
Es wurden 2 infizierte Objekte gefunden. Es sind genau die gleichen, wie die, die die ganze Zeit von Kaspersky angezeigt werden!
Als Anhang beigefügt ist ein Logfile von Malwarebytes'.
Ich hoffe der wird euch Helfer und Helferinnen helfen, mir zu helfen!

Wenn ich eine ganz neue Seite(Kein Tab) in meinem Mozilla öffne, kommt diese Meldung, als JavaSkript-Anwendung:
,,TypeError: Components.classes['@softage.ru/skype/SkypeFfExtension;1'] is undefined´´

Wenn ich dann auf OK drücke, wird die Seite geöffnet, und dann kommt die Meldung(auch als JavaSkript-Anwendung):
,,TypeError: Components.classes[cid] is undefined´´
Wenn ich ,,WTR.exe´´ unter meinen Prozessen schließe, passiert das nicht!

Ach ja, bevor ich das vergesse: Wenn ich meinen Windows (7) starte, kommt so eine Meldung(mit Kreuzchen)
,,*******************************************************

Gratulation! Sie haben sich für die Gewinnchance auf ein brandneues iPhone 4 qualifiziert!
Lesen sie weiter...

********************************************************´´

P.S.: Kaspersky sagt mir, dass ein Neustart erforderlich ist! Den werde ich jetzt auch machen.

Ich bedanke mich schon mal im vorraus!

Superrene

cosinus · 24.06.2011, 15:08

Zitat:

. Das ist aber ein anderes Thema, und werde es in einem anderen Thread mit einem Logfile von Malwarebytes' schreiben (Quick-Scan läuft noch)!

Warum soll das ein anderes Thema sein?? Macht doch keinen Sinn dafür einen neuen Strang zu eröffnen oder ist das ein anderer Rechner?

Zitat:

Art des Suchlaufs: Quick-Scan

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Superrene · 24.06.2011, 21:58

Okay, ich habe jetzt einen Vollscan gemacht!
Die Neuen, und Alten logfiles sind beigefügt.
Ach ja: Sorry ich bin hier neu, und ich dachte mir, es ist ein anderes Problem, also kommt das in einem anderen Thread.

Superrene · 24.06.2011, 22:03

Ne, warte mal so meinst du das!...
Also Erstmal war die Meldung mit avp.exe und dann mal mit bittorrent.exe ...entschuldigung, aber, heißt das, das sind 2 verschiedene viren, aber bittorrent ist doch kein virus?!
So wurde es aber bei mir angezeigt.

cosinus · 24.06.2011, 22:15

Zitat:

.entschuldigung, aber, heißt das, das sind 2 verschiedene viren, aber bittorrent ist doch kein virus?!

Zusammenhang, Sinn dazu? Willst du jetzt zu jeder kleinen Fehlermeldung von diesem Rechner ein neues Topic erstellen?

Superrene · 25.06.2011, 13:18

Zitat:

Zitat von cosinus

Zusammenhang, Sinn dazu? Willst du jetzt zu jeder kleinen Fehlermeldung von diesem Rechner ein neues Topic erstellen?

Ach, ist doch jetzt auch egal!
Wenigsten ist dieser Sch*** Virus weg!

Aber was mich wirklich aufregt ist die Meldung:
,,TypeError: Components.classes['@softage.ru/skype/SkypeFfExtension;1'] is undefined´´
und die meldung: ,,TypeError: Components.classes[cid] is undefined´´
(Siehe unter dem titel ,,WTR.exe in c:\Users\***\AppData\Local\Temp\´´ ,oben)

cosinus · 25.06.2011, 17:11

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Superrene · 28.06.2011, 17:03

Okay, aber gebe ich nicht so meinen Namen Preis?

Superrene · 28.06.2011, 17:09

Ach egal!:
[OTL.txt ist beigefügt]

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 28.06.2011 17:25:35 - Run 1
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\Nienaber\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,49 Mb Total Physical Memory | 333,68 Mb Available Physical Memory | 32,63% Memory free
2,00 Gb Paging File | 0,74 Gb Available in Paging File | 36,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 61,07 Gb Free Space | 26,22% Space Free | Partition Type: NTFS
 
Computer Name: NIENABER-PC | User Name: Nienaber | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.06.28 17:22:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Nienaber\Desktop\OTL.exe
PRC - [2011.05.29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.05.10 10:44:36 | 026,285,920 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files\SlimDrivers\SlimDrivers.exe
PRC - [2011.04.18 11:59:04 | 000,400,760 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2011.04.13 15:39:50 | 000,387,696 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe
PRC - [2011.03.31 02:44:58 | 001,324,008 | ---- | M] (Iminent) -- C:\Program Files\Iminent\IMBooster\IMBooster.exe
PRC - [2011.03.24 19:17:20 | 004,047,184 | ---- | M] (Alexander Miehlke Softwareentwicklung) -- C:\Program Files\TraXEx\TraXEx.exe
PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.12 18:36:56 | 000,743,232 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2011.01.12 18:35:12 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.08 16:23:56 | 001,652,736 | ---- | M] (4t Niagara Software) -- C:\Program Files\4t Tray Minimizer\4t-min.exe
PRC - [2010.06.26 02:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010.06.22 21:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
PRC - [2007.02.20 11:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2007.01.11 15:57:20 | 000,291,760 | ---- | M] () -- C:\Programme\Lexmark 9300 Series\lxcqmon.exe
PRC - [2006.12.05 11:36:10 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcqcoms.exe
PRC - [2006.12.05 11:35:58 | 000,082,864 | ---- | M] (Lexmark International Inc.) -- C:\Programme\Lexmark 9300 Series\ezprint.exe
PRC - [2006.11.03 09:56:28 | 000,920,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2006.10.30 17:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006.09.20 09:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.06.28 17:22:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Nienaber\Desktop\OTL.exe
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009.07.14 03:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.04.13 15:39:50 | 000,387,696 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe -- (AVP)
SRV - [2011.02.20 11:49:48 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011.01.12 18:35:12 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.01.12 18:32:10 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.05.06 11:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2006.12.05 11:36:10 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcqcoms.exe -- (lxcq_device)
SRV - [2006.11.08 14:42:27 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.06.28 14:14:12 | 000,012,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.05.07 14:32:58 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011.04.18 12:55:34 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.03.07 20:43:20 | 000,052,824 | ---- | M] (NCH Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stdriver32.sys -- (stdriver)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010.06.09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010.04.22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2010.03.18 11:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010.03.18 11:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010.02.24 14:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.02.11 09:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009.04.22 14:46:42 | 003,482,112 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.02.08 23:42:42 | 000,099,968 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hxctlflt.sys -- (hxctlflt)
DRV - [2008.09.22 04:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6v.sys -- (FETND6V)
DRV - [2005.11.16 16:42:48 | 000,045,056 | ---- | M] (InterVideo) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iviVD.sys -- (iviVD)
DRV - [2005.09.23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2000.01.01 02:00:00 | 000,023,192 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2000.01.01 02:00:00 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\videX32.sys -- (videX32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: chipcard_plugin_20@siz.de:2.0.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.2.5.2
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.23 13:16:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.23 13:16:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.09.20 09:17:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.09.20 09:17:53 | 000,000,000 | ---D | M]
 
[2011.02.26 17:21:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nienaber\AppData\Roaming\mozilla\Extensions
[2011.06.24 14:16:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nienaber\AppData\Roaming\mozilla\Firefox\Profiles\2sntw4gq.default\extensions
[2011.02.26 17:21:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nienaber\AppData\Roaming\mozilla\Firefox\Profiles\2sntw4gq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.20 20:10:08 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Nienaber\AppData\Roaming\mozilla\Firefox\Profiles\2sntw4gq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.28 16:11:50 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Nienaber\AppData\Roaming\mozilla\Firefox\Profiles\2sntw4gq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.24 14:16:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Nienaber\AppData\Roaming\mozilla\Firefox\Profiles\2sntw4gq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.03.15 14:44:10 | 000,000,000 | ---D | M] (OWOK) -- C:\Users\Nienaber\AppData\Roaming\mozilla\Firefox\Profiles\2sntw4gq.default\extensions\chipcard_plugin_20@siz.de
[2011.04.22 13:33:31 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Nienaber\AppData\Roaming\mozilla\Firefox\Profiles\2sntw4gq.default\extensions\DTToolbar@toolbarnet.com
[2011.04.21 20:16:25 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Nienaber\AppData\Roaming\mozilla\Firefox\Profiles\2sntw4gq.default\extensions\ffxtlbr@Facemoods.com
[2010.12.15 16:12:32 | 000,000,923 | ---- | M] () -- C:\Users\Nienaber\AppData\Roaming\Mozilla\Firefox\Profiles\2sntw4gq.default\searchplugins\conduit.xml
[2011.04.18 12:54:27 | 000,002,059 | ---- | M] () -- C:\Users\Nienaber\AppData\Roaming\Mozilla\Firefox\Profiles\2sntw4gq.default\searchplugins\daemon-search.xml
[2011.06.21 18:32:23 | 000,000,950 | ---- | M] () -- C:\Users\Nienaber\AppData\Roaming\Mozilla\Firefox\Profiles\2sntw4gq.default\searchplugins\icqplugin-1.xml
[2011.06.20 10:45:18 | 000,000,168 | ---- | M] () -- C:\Users\Nienaber\AppData\Roaming\Mozilla\Firefox\Profiles\2sntw4gq.default\searchplugins\icqplugin.gif
[2011.06.20 10:45:18 | 000,000,618 | ---- | M] () -- C:\Users\Nienaber\AppData\Roaming\Mozilla\Firefox\Profiles\2sntw4gq.default\searchplugins\icqplugin.src
[2011.06.18 10:49:26 | 000,001,056 | ---- | M] () -- C:\Users\Nienaber\AppData\Roaming\Mozilla\Firefox\Profiles\2sntw4gq.default\searchplugins\icqplugin.xml
[2011.06.21 18:31:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.05.04 20:25:21 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.04.27 13:54:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.27 15:42:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.05.08 16:03:34 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011.05.08 16:03:30 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2011.04.28 15:19:04 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files\mozilla firefox\extensions\webbooster@iminent.com
File not found (No name found) -- 
[2011.04.23 13:16:02 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.04.23 13:16:02 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011.05.15 13:15:04 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\PROGRAM FILES\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER
() (No name found) -- C:\USERS\NIENABER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2SNTW4GQ.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\NIENABER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2SNTW4GQ.DEFAULT\EXTENSIONS\{6E764C17-863A-450F-BDD0-6772BD5AAA18}.XPI
() (No name found) -- C:\USERS\NIENABER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2SNTW4GQ.DEFAULT\EXTENSIONS\{89F8DDE0-010A-11DA-8CD6-0800200C9A66}.XPI
() (No name found) -- C:\USERS\NIENABER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2SNTW4GQ.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- C:\USERS\NIENABER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2SNTW4GQ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\NIENABER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2SNTW4GQ.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM.XPI
() (No name found) -- C:\USERS\NIENABER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2SNTW4GQ.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
[2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.03.27 15:41:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.04.12 09:55:08 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.04.22 14:02:46 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.10 02:21:02 | 000,002,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 9300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (Iminent)
O4 - HKLM..\Run: [Iminent.Notifier] C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe (Iminent)
O4 - HKLM..\Run: [Lexmark 9300 Series Fax Server] C:\Program Files\Lexmark 9300 Series\fm3032.exe ()
O4 - HKLM..\Run: [LXCQCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCQtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcqmon.exe] C:\Program Files\Lexmark 9300 Series\lxcqmon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USBToolTip] C:\PROGRA~2\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Nienaber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4t Tray Minimizer.lnk = C:\Program Files\4t Tray Minimizer\4t-min.exe (4t Niagara Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nienaber\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: IE-Spuren löschen - {6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - C:\Program Files\TraXEx\Integration\TraXEx Internet Explorer.lnk ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Löschautomat - {8DA7743F-9274-4BE8-899E-C0FF6ED61B00} - C:\Program Files\TraXEx\Integration\TraXEx Löschautomat.lnk ()
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: vsmon - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3fhg - C:\Windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.div2 - C:\Windows\System32\DivXc32.dll (Hacked with Joy !)
Drivers32: vidc.div3 - C:\Windows\System32\DivXc32.dll (Hacked with Joy !)
Drivers32: vidc.div4 - C:\Windows\System32\divxc32f.dll (Hacked with Joy !    )
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dv25 - C:\PROGRA~2\MATROX~1\VFW32\mvcVfwDV.dll (Matrox Electronic Systems)
Drivers32: vidc.dv50 - C:\PROGRA~2\MATROX~1\VFW32\mvcVfwDV.dll (Matrox Electronic Systems)
Drivers32: vidc.dvh1 - C:\PROGRA~2\MATROX~1\VFW32\mvcVfwDV100.dll (Matrox Electronic Systems)
Drivers32: vidc.dvsd - C:\PROGRA~2\MATROX~1\VFW32\mvcVfwDV.dll (Matrox Electronic Systems)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.hfyu - C:\Windows\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.ir21 - C:\Windows\System32\IR21_R.DLL ()
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv40 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\PROGRA~2\TSUNAM~1\Ir50_32.dll (Intel Corporation)
Drivers32: VIDC.LWLR - C:\Windows\System32\rgbacodec.dll ()
Drivers32: vidc.M101 - C:\PROGRA~2\MATROX~1\VFW32\mvcVfw.dll (Matrox Electronic Systems)
Drivers32: vidc.M102 - C:\PROGRA~2\MATROX~1\VFW32\mvcVfwHD.dll (Matrox Electronic Systems)
Drivers32: vidc.M103 - C:\PROGRA~2\MATROX~1\VFW32\mvcVfwYUVA.dll (Matrox Electronic Systems)
Drivers32: vidc.M104 - C:\PROGRA~2\MATROX~1\VFW32\mvcVfwYUVAHD.dll (Matrox Electronic Systems)
Drivers32: vidc.M301 - C:\PROGRA~2\MATROX~1\VFW32\mvcVfwRefAVI.dll (Matrox Electronic Systems)
Drivers32: vidc.M701 - C:\PROGRA~2\MATROX~1\VFW32\mvcVfwMpeg2HD.dll (Matrox Electronic Systems)
Drivers32: vidc.M702 - C:\PROGRA~2\MATROX~1\VFW32\mvcVfwMpeg2HDOffLine.dll (Matrox Electronic Systems)
Drivers32: vidc.M703 - C:\PROGRA~2\MATROX~1\VFW32\mvcVfwMpeg2HDV.dll (Matrox Electronic Systems)
Drivers32: vidc.M704 - C:\PROGRA~2\MATROX~1\VFW32\mvcVfwMpeg2Alpha.dll (Matrox Electronic Systems)
Drivers32: vidc.M705 - C:\PROGRA~2\MATROX~1\VFW32\mvcVfwMpeg2AlphaHD.dll (Matrox Electronic Systems)
Drivers32: vidc.mjpx - C:\PROGRA~2\MATROX~1\VFW32\mvcVfwMJPeg.dll (Matrox Electronic Systems)
Drivers32: vidc.MMES - C:\PROGRA~2\MATROX~1\VFW32\mvcVfwMpeg2.dll (Matrox Electronic Systems)
Drivers32: vidc.rt21 - C:\Windows\System32\IR21_R.DLL ()
Drivers32: vidc.vifp - C:\Windows\System32\vfcodec.dll ()
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\Windows\System32\XviD.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\Windows\System32\Iyvu9_32.dll ()

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.28 17:22:09 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Nienaber\Desktop\OTL.exe
[2011.06.26 15:26:52 | 000,000,000 | -H-D | C] -- C:\Users\Nienaber\Documents\Runes of Magic
[2011.06.26 14:49:50 | 000,000,000 | ---D | C] -- C:\Users\Nienaber\Desktop\Games
[2011.06.26 14:48:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runes of Magic
[2011.06.26 14:18:29 | 000,000,000 | ---D | C] -- C:\Program Files\Runes of Magic
[2011.06.26 14:01:00 | 000,000,000 | ---D | C] -- C:\Users\Nienaber\Desktop\Chats
[2011.06.26 13:56:56 | 000,000,000 | ---D | C] -- C:\Users\Nienaber\Desktop\PC-Helfer u. Praktische Programme
[2011.06.26 13:54:19 | 000,000,000 | ---D | C] -- C:\Users\Nienaber\Desktop\Unterhaltung
[2011.06.26 13:52:30 | 000,000,000 | ---D | C] -- C:\Users\Nienaber\Desktop\Kamera
[2011.06.25 17:26:47 | 000,000,000 | ---D | C] -- C:\Users\Nienaber\Documents\Runes_of_Magic_4.0.0.2360_slim_eu
[2011.06.25 17:26:47 | 000,000,000 | ---D | C] -- C:\Users\Nienaber\AppData\Roaming\FOG Downloader
[2011.06.24 18:23:33 | 000,000,000 | ---D | C] -- C:\Users\Nienaber\AppData\Local\{5D4EC481-E10A-4D1F-AD3C-7B6E84CA897F}
[2011.06.24 14:05:50 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.06.23 13:15:05 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.23 13:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.23 13:14:54 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.06.23 13:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.06.22 18:28:56 | 000,000,000 | ---D | C] -- C:\Users\Nienaber\AppData\Roaming\Marine Aquarium 3
[2011.06.22 18:25:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SereneScreen
[2011.06.22 18:25:23 | 006,840,320 | ---- | C] (SereneScreen) -- C:\Windows\System32\MarineAquarium3.scr
[2011.06.22 18:25:22 | 000,000,000 | ---D | C] -- C:\Program Files\SereneScreen
[2011.06.22 17:44:48 | 000,000,000 | ---D | C] -- C:\Users\Nienaber\AppData\Roaming\Azureus
[2011.06.22 17:43:56 | 002,789,376 | ---- | C] (Screenomania.com) -- C:\Windows\System32\Cities.scr
[2011.06.22 17:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screenomania
[2011.06.22 17:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Cities of Earth
[2011.06.22 17:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2011.06.22 17:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flower Clock 3D Screensaver
[2011.06.22 17:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\Flower Clock 3D Screensaver
[2011.06.15 17:52:37 | 000,000,000 | ---D | C] -- C:\Users\Nienaber\Desktop\Keramiksachen etc
[2011.06.15 17:50:52 | 000,000,000 | ---D | C] -- C:\Users\Nienaber\Desktop\Fredshow
[2011.06.15 17:48:57 | 000,000,000 | ---D | C] -- C:\Users\Nienaber\Documents\Renés Dokumente
[2011.06.11 18:57:00 | 000,000,000 | ---D | C] -- C:\Users\Nienaber\AppData\Local\DDMSettings
[2011.06.08 16:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.06.05 20:19:52 | 000,000,000 | ---D | C] -- C:\Users\Nienaber\AppData\Local\{70031CAE-4A7E-46E1-B7F4-34A17BBCC55A}
[2011.06.02 21:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD
[2011.06.02 21:23:50 | 000,000,000 | ---D | C] -- C:\Users\Nienaber\AppData\Roaming\proDAD
[2011.06.02 21:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\proDAD
[2011.06.02 20:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2011.06.02 20:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3tag
[2011.06.01 21:49:24 | 000,000,000 | ---D | C] -- C:\Users\Nienaber\Documents\Pinnacle Studio
[2011.06.01 21:42:12 | 000,000,000 | ---D | C] -- C:\Users\Nienaber\AppData\Local\Pinnacle
[2011.06.01 21:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pinnacle
[2011.06.01 21:17:22 | 000,000,000 | ---D | C] -- C:\Users\Nienaber\AppData\Local\Downloaded Installations
[2011.06.01 21:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Ultimate Collection
[2011.06.01 21:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 15
[2011.06.01 21:06:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Projects
[2011.06.01 20:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pegasus Imaging
[2011.06.01 20:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Yahoo!
[2011.06.01 20:48:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Studio 15
[2011.06.01 20:48:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Plus
[2011.06.01 20:48:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle
[2011.06.01 17:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2011.06.01 17:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\Pinnacle
[2011.06.01 16:49:36 | 000,000,000 | ---D | C] -- C:\Users\Nienaber\AppData\Roaming\Windows Live Writer
[2011.06.01 16:49:36 | 000,000,000 | ---D | C] -- C:\Users\Nienaber\AppData\Local\Windows Live Writer
[2011.06.01 15:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Companion
[2011.06.01 15:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2011.06.01 15:52:48 | 000,000,000 | ---D | C] -- C:\Users\Nienaber\AppData\Roaming\TuneUpMedia
[2011.06.01 15:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2011.05.30 19:03:36 | 000,000,000 | ---D | C] -- C:\Users\Nienaber\AppData\Local\{E9466DB2-8E20-4021-B78B-6C9B13C8EC94}
[2011.05.29 21:35:31 | 000,000,000 | ---D | C] -- C:\Users\Nienaber\Desktop\Flex und Flo 2
[2011.03.08 19:27:05 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCQhcp.dll
[2011.03.08 19:27:04 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcqusb1.dll
[2011.03.08 19:27:04 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcqinpa.dll
[2011.03.08 19:27:04 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcqiesc.dll
[2011.03.08 19:27:03 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcqserv.dll
[2011.03.08 19:27:03 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcqpmui.dll
[2011.03.08 19:27:03 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcqprox.dll
[2011.03.08 19:27:03 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcqpplc.dll
[2011.03.08 19:27:02 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcqlmpm.dll
[2011.03.08 19:27:01 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxcqih.exe
[2011.03.08 19:27:00 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcqhbn3.dll
[2011.03.08 19:26:58 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcqcomc.dll
[2011.03.08 19:26:58 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxcqcoms.exe
[2011.03.08 19:26:58 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcqcomm.dll
[2011.03.08 19:26:57 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxcqcfg.exe
[2008.08.21 12:46:20 | 000,184,320 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Nienaber\AppData\Local\CDRip.dll
[2007.07.04 16:28:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Nienaber\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Nienaber\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Nienaber\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.28 17:22:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Nienaber\Desktop\OTL.exe
[2011.06.28 17:20:12 | 000,002,489 | ---- | M] () -- C:\Users\Nienaber\Documents\!!!.rtf
[2011.06.28 14:23:57 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.28 14:23:57 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.28 14:14:40 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2011.06.28 14:14:12 | 000,012,984 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2011.06.28 14:13:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.28 14:13:37 | 294,288,231 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.06.28 14:13:36 | 804,118,528 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.24 22:14:53 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ixdn.sys
[2011.06.24 18:48:50 | 000,696,132 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.24 18:48:50 | 000,651,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.24 18:48:50 | 000,147,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.24 18:48:50 | 000,120,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.23 12:28:59 | 000,003,416 | ---- | M] () -- C:\bootsqm.dat
[2011.06.22 17:20:22 | 000,003,284 | ---- | M] () -- C:\Windows\System32\FlowerClock3DScreensaver.html
[2011.06.21 18:31:31 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.06.16 15:47:03 | 000,011,264 | ---- | M] () -- C:\Users\Nienaber\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.08 17:38:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.06.04 12:06:01 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.04 12:06:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.02 21:26:10 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011.06.02 19:15:23 | 000,359,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.05.30 19:01:07 | 000,000,110 | -H-- | M] () -- C:\Users\Nienaber\Desktop\.~lock.Keramiksachen Verkaufszahlen.ods#
 
========== Files Created - No Company Name ==========
 
[2011.06.24 22:14:53 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\ixdn.sys
[2011.06.24 14:05:43 | 294,288,231 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.06.23 12:28:59 | 000,003,416 | ---- | C] () -- C:\bootsqm.dat
[2011.06.22 17:44:09 | 000,001,794 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2011.06.22 17:20:21 | 000,003,284 | ---- | C] () -- C:\Windows\System32\FlowerClock3DScreensaver.html
[2011.06.22 17:20:20 | 008,622,080 | ---- | C] () -- C:\Windows\System32\Flower Clock 3D Screensaver.scr
[2011.06.21 18:31:31 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.06.08 17:38:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.06.01 20:38:33 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011.05.30 19:01:07 | 000,000,110 | -H-- | C] () -- C:\Users\Nienaber\Desktop\.~lock.Keramiksachen Verkaufszahlen.ods#
[2011.05.21 16:13:16 | 000,012,984 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2011.05.07 14:35:45 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011.05.07 14:35:45 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011.05.06 18:30:20 | 000,001,485 | ---- | C] () -- C:\Users\Nienaber\AppData\Local\RecConfig.xml
[2011.04.27 17:16:58 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2011.04.27 14:08:25 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.04.23 12:51:00 | 000,077,664 | ---- | C] () -- C:\Windows\System32\IR21_R.DLL
[2011.04.23 12:50:59 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2011.04.23 12:50:55 | 000,180,736 | ---- | C] () -- C:\Windows\System32\vfcodec.dll
[2011.04.23 12:50:48 | 000,202,240 | ---- | C] () -- C:\Windows\System32\XviD.dll
[2011.04.23 12:50:45 | 000,039,936 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll
[2011.04.21 19:17:00 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.04.21 19:16:56 | 000,631,808 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.04.21 19:16:56 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.04.21 19:16:54 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.04.09 15:57:38 | 000,102,400 | ---- | C] () -- C:\Windows\System32\st50220.dll
[2011.04.07 19:27:14 | 000,011,264 | ---- | C] () -- C:\Users\Nienaber\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.30 20:10:24 | 000,000,113 | ---- | C] () -- C:\Windows\mgboss_reg.ini
[2011.03.30 20:08:08 | 000,000,021 | ---- | C] () -- C:\Windows\mgboss_win.ini
[2011.03.14 19:52:18 | 000,033,792 | ---- | C] () -- C:\Windows\System32\rgbacodec.dll
[2011.03.08 19:34:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcqcoin.dll
[2011.03.08 19:28:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\lxcqpmon.dll
[2011.03.08 19:28:02 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXCQFXPU.DLL
[2011.03.08 19:27:18 | 000,000,031 | ---- | C] () -- C:\Windows\System32\lxcqrwrd.ini
[2011.03.08 19:27:05 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCQinst.dll
[2011.03.08 19:27:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\lxcqgrd.dll
[2011.03.07 18:53:05 | 000,000,048 | ---- | C] () -- C:\Windows\WinInit.Ini
[2011.02.26 17:26:11 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011.02.26 17:06:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.02.17 21:04:31 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL
[2011.02.17 21:02:50 | 000,028,672 | ---- | C] () -- C:\Windows\hookdllX.dll
[2011.02.17 21:02:22 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2011.02.17 20:59:14 | 000,012,288 | ---- | C] () -- C:\Windows\System32\lxcqpmrc.dll
[2010.02.11 07:30:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.09.09 19:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009.07.14 10:47:43 | 000,696,132 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,147,428 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,359,256 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,651,450 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,120,382 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.04.24 00:29:16 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.04.22 14:46:42 | 003,482,112 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.07.16 09:59:38 | 000,027,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Nienaber\AppData\Local\lame_enc.dll
[2006.10.27 09:26:56 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Nienaber\AppData\Local\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Nienaber\AppData\Local\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Nienaber\AppData\Local\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Nienaber\AppData\Local\ogg.dll
[2006.10.23 16:54:08 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcqdrs.dll
[2006.09.29 09:28:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcqcaps.dll
[2006.05.19 10:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2006.05.09 12:10:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcqcnv4.dll
[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Nienaber\AppData\Local\no23xwrapper.dll
[2005.06.24 04:37:48 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcqvs.dll
 
========== LOP Check ==========
 
[2011.03.28 16:48:59 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\.minecraft
[2011.03.30 20:34:10 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\4t Niagara Software
[2011.02.26 17:21:02 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\9300 Series
[2011.04.17 15:59:42 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Ashampoo
[2011.06.22 20:47:19 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Azureus
[2011.06.28 17:34:55 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\BitTorrent
[2011.03.20 13:24:23 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Canneverbe Limited
[2011.04.27 13:25:05 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\CheckPoint
[2011.04.20 13:20:13 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\DAEMON Tools Lite
[2011.03.07 22:19:00 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\DeepBurner Pro
[2011.04.28 16:30:03 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\DVDVideoSoft
[2011.04.28 16:11:48 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.01 14:43:33 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Echo Software
[2011.06.25 17:26:47 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\FOG Downloader
[2011.04.16 12:07:15 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\FreeFLVConverter
[2011.03.07 20:12:07 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\GetRightToGo
[2011.04.27 13:42:03 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\GrabPro
[2011.06.11 19:45:11 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\ICQ
[2011.05.08 18:08:59 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Imperium Romanum
[2011.04.09 15:46:58 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Leadertech
[2011.06.22 18:31:16 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Marine Aquarium 3
[2011.04.28 15:57:40 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\MediaProSoft Free WMV to AVI MPEG Converter
[2011.03.07 20:43:17 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\NCH Swift Sound
[2011.03.07 18:46:15 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\NewSoft
[2011.04.10 14:41:48 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\OpenOffice.org
[2011.06.23 12:32:53 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Orbit
[2011.04.09 15:26:29 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\PC Speed Maximizer
[2011.06.02 21:23:50 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\proDAD
[2011.04.27 13:40:02 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\ProgSense
[2011.05.28 19:11:05 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Publish Providers
[2011.03.15 14:44:50 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\REINER SCT
[2011.05.28 19:09:57 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Sony
[2011.05.07 15:40:14 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Stellarium
[2011.02.26 17:21:06 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\TuneUp Software
[2011.06.08 10:35:51 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\TuneUpMedia
[2011.04.17 15:18:38 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Video DVD Maker FREE
[2011.06.01 16:49:36 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Windows Live Writer
[2011.02.26 18:28:16 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Windows SideBar
[2011.05.21 13:15:34 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.06.28 14:14:40 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\SlimDrivers Startup.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.03.28 16:48:59 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\.minecraft
[2011.03.30 20:34:10 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\4t Niagara Software
[2011.02.26 17:21:02 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\9300 Series
[2011.04.10 14:56:22 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Adobe
[2011.04.17 15:59:42 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Ashampoo
[2011.03.28 16:44:32 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\ATI
[2011.06.22 20:47:19 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Azureus
[2011.06.28 17:34:55 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\BitTorrent
[2011.03.20 13:24:23 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Canneverbe Limited
[2011.04.27 13:25:05 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\CheckPoint
[2011.04.20 13:20:13 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\DAEMON Tools Lite
[2011.03.07 22:19:00 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\DeepBurner Pro
[2011.04.09 15:06:02 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\DivX
[2011.04.28 16:30:03 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\DVDVideoSoft
[2011.04.28 16:11:48 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.01 14:43:33 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Echo Software
[2011.06.25 17:26:47 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\FOG Downloader
[2011.04.16 12:07:15 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\FreeFLVConverter
[2011.03.07 20:12:07 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\GetRightToGo
[2011.02.26 17:21:02 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Google
[2011.04.27 13:42:03 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\GrabPro
[2011.06.11 19:45:11 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\ICQ
[2011.06.01 16:50:01 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Identities
[2011.05.08 18:08:59 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Imperium Romanum
[2011.04.09 15:55:48 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\InstallShield
[2011.04.09 15:46:58 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Leadertech
[2011.04.09 15:43:14 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Logishrd
[2011.04.09 15:47:18 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Logitech
[2011.02.26 17:21:02 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Macromedia
[2011.02.26 17:21:03 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Malwarebytes
[2011.06.22 18:31:16 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Marine Aquarium 3
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Media Center Programs
[2011.04.28 15:57:40 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\MediaProSoft Free WMV to AVI MPEG Converter
[2011.04.10 14:56:22 | 000,000,000 | --SD | M] -- C:\Users\Nienaber\AppData\Roaming\Microsoft
[2011.06.08 10:35:40 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Mozilla
[2011.03.07 20:43:17 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\NCH Swift Sound
[2011.03.07 18:46:15 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\NewSoft
[2011.04.10 14:41:48 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\OpenOffice.org
[2011.06.23 12:32:53 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Orbit
[2011.04.09 15:26:29 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\PC Speed Maximizer
[2011.06.02 21:23:50 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\proDAD
[2011.04.27 13:40:02 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\ProgSense
[2011.05.28 19:11:05 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Publish Providers
[2011.03.07 19:17:20 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Real
[2011.03.15 14:44:50 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\REINER SCT
[2011.06.12 19:22:34 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Skype
[2011.06.12 18:12:13 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\skypePM
[2011.05.28 19:09:57 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Sony
[2011.05.07 15:40:14 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Stellarium
[2011.02.26 17:21:06 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\TuneUp Software
[2011.06.08 10:35:51 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\TuneUpMedia
[2011.04.17 15:18:38 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Video DVD Maker FREE
[2011.06.08 17:07:39 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\vlc
[2011.06.01 16:49:36 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Windows Live Writer
[2011.02.26 18:28:16 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\Windows SideBar
[2011.03.20 11:55:16 | 000,000,000 | ---D | M] -- C:\Users\Nienaber\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.06.22 17:45:36 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Nienaber\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2011.01.03 15:30:14 | 000,054,272 | ---- | M] () -- C:\Users\Nienaber\AppData\Roaming\BitTorrent\apps\VirusGuard\VirusGuard.exe
[2011.05.06 17:58:13 | 000,003,262 | R--- | M] () -- C:\Users\Nienaber\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\controlPanelIcon.exe
[2011.05.06 17:58:13 | 000,010,134 | R--- | M] () -- C:\Users\Nienaber\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\SystemFolder_msiexec.exe
[2011.04.09 15:46:57 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Nienaber\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2011.05.07 15:31:23 | 000,010,134 | R--- | M] () -- C:\Users\Nienaber\AppData\Roaming\Microsoft\Installer\{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}\_098231E8AF6507C191677C.exe
[2011.05.07 15:31:23 | 000,002,238 | R--- | M] () -- C:\Users\Nienaber\AppData\Roaming\Microsoft\Installer\{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}\_6FEFF9B68218417F98F549.exe
[2011.05.07 15:31:23 | 000,002,238 | R--- | M] () -- C:\Users\Nienaber\AppData\Roaming\Microsoft\Installer\{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}\_AC5D6544F4892BDBD4043C.exe
[2011.05.07 15:31:23 | 000,002,238 | R--- | M] () -- C:\Users\Nienaber\AppData\Roaming\Microsoft\Installer\{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}\_D28C1E9A54DE09F40958F2.exe
[2011.05.07 15:31:23 | 000,010,134 | R--- | M] () -- C:\Users\Nienaber\AppData\Roaming\Microsoft\Installer\{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}\_FDD89BD3451E0373300C7A.exe
[2011.06.01 21:18:49 | 000,029,926 | R--- | M] () -- C:\Users\Nienaber\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
[2011.03.28 16:38:34 | 000,010,134 | R--- | M] () -- C:\Users\Nienaber\AppData\Roaming\Microsoft\Installer\{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}\ARPPRODUCTICON.exe
[2011.05.07 15:27:54 | 000,048,590 | R--- | M] () -- C:\Users\Nienaber\AppData\Roaming\Microsoft\Installer\{B4D5287E-762E-4B80-8BA7-09D804BAF786}\ApplicationIcon.exe
[2011.04.20 13:52:37 | 000,010,134 | R--- | M] () -- C:\Users\Nienaber\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\Nienaber\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20110521T141732106445\internal_ide_channel\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\Nienaber\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20110521T141732106445\pci\ven_1106&dev_0571\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\Nienaber\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20110521T141732106445\pci\ven_1106&dev_5337\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
[2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_10aa509d6843c6fc\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_29af12c5857181b0\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.06.09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\kl1.sys
[2010.06.09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\kl2.sys
[2011.05.07 14:32:58 | 000,488,536 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\System32\drivers\klif.sys
[2010.04.22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\klim6.sys
[2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\System32\drivers\klmouflt.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010.02.11 07:32:36 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009.07.14 03:15:20 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\expsrv.dll
[2011.04.13 15:38:36 | 000,229,776 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\klogon.dll
[2009.07.14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll
 
<           >

< End of report >

--- --- ---

cosinus · 28.06.2011, 20:09

Zitat:

Okay, aber gebe ich nicht so meinen Namen Preis?

Vllt liest du hier auch mal die Anleitungen??

=> http://www.trojaner-board.de/69886-a...-beachten.html

Achte nun darauf das in deinen Beiträgen alle persönlichen Informationen
( Realnamen sowie Email-Adressen ) editiert werden

Realnamen sind so zu editieren:

C:\Dokumente und Einstellungen\Hans Mustermann\Eigene Dateien\Downloads\hijackthis\HijackThis.exe

ändern in:

C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\hijackthis\HijackThis.exe

Und lass bitte diese sinnfreien Fullquotes! Die blähen nur unnötig den Strang auf, die Übersicht geht verloren!

Superrene · 29.06.2011, 15:14

Zitat:

Zitat von cosinus

Vllt liest du hier auch mal die Anleitungen??

=> http://www.trojaner-board.de/69886-a...-beachten.html

Achte nun darauf das in deinen Beiträgen alle persönlichen Informationen
( Realnamen sowie Email-Adressen ) editiert werden

Realnamen sind so zu editieren:

C:\Dokumente und Einstellungen\Hans Mustermann\Eigene Dateien\Downloads\hijackthis\HijackThis.exe

ändern in:

C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\hijackthis\HijackThis.exe

Und lass bitte diese sinnfreien Fullquotes! Die blähen nur unnötig den Strang auf, die Übersicht geht verloren!

Ja, ich kenne die regeln, deswegen habe ich ja auch nochmal gerfragt, aber ich kann doch nicht tausendmal auf meinem Namen klicken, Markieren und dann ,,***´´ machen, dass dauert ja viel zu lange!

cosinus · 29.06.2011, 15:39

Und lass bitte diese sinnfreien Fullquotes! Die blähen nur unnötig den Strang auf, die Übersicht geht verloren!

Superrene · 01.07.2011, 14:40

Hallo?
Könnt ihr mir weiterhelfen?

cosinus · 01.07.2011, 14:45

Wenn du mal in der Lage bist die Hinweise und Regeln zu beachten und zu befolgen!
Wieo sollen wir unserer Zeit opfern wenn du zu faul bist einfachste Hinweise und Regeln zu folgen?

Bei so einem Verhalten hat keiner hier wirklich Lust dir zu helfen!

29.06.2011, 15:39	#13
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	avp.exe von Malewarebytes' Anti-Malware ,,geblockt´´ Und lass bitte diese sinnfreien Fullquotes! Die blähen nur unnötig den Strang auf, die Übersicht geht verloren! __________________ Logfiles bitte immer in CODE-Tags posten

01.07.2011, 14:45	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	avp.exe von Malewarebytes' Anti-Malware ,,geblockt´´ Wenn du mal in der Lage bist die Hinweise und Regeln zu beachten und zu befolgen! Wieo sollen wir unserer Zeit opfern wenn du zu faul bist einfachste Hinweise und Regeln zu folgen? Bei so einem Verhalten hat keiner hier wirklich Lust dir zu helfen! __________________ Logfiles bitte immer in CODE-Tags posten

avp.exe von Malewarebytes' Anti-Malware ,,geblockt´´

Log-Analyse und Auswertung: avp.exe von Malewarebytes' Anti-Malware ,,geblockt´´