| |
| |||||||
Log-Analyse und Auswertung: Keine RückmeldungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.09.2011, 12:48
| #16 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Keine Rückmeldung "Patcher" und "Trainer" sind riskantes Zeug, lass die Finger davon! Zitat:
Ich empfehle die umgehende Deinstallation und Nutzung eines reinen Virenscanners plus Windows-Firewall. Deinstallier es aber erstmal nur, wenn wir durch sind hier kannst du dich um einen anderen Virenscanner kümmern. Mach danach ein neues OTL-Log und poste es mit CODE-Tags.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.09.2011, 14:31
| #17 |
  | Keine Rückmeldung dumme frage, aber was sind code tags?
__________________also ist deiner meinung nach, gdata sinnlos? was soll ich denn dann für ein virenprogramm haben? |
|
11.09.2011, 15:02
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Keine Rückmeldung Code-Tags sind diese hier => [code] [/code]
__________________Normalerweise sind die so gepostet nicht sichtbar. Zwischen diesen beiden Tags postet man die Logs. GDATA selbst ist nicht sinnlog, wohl aber jede fette Internet Security. Besser ist man mit reinen Virenscannern wie MSE oder Avast dran. Aber erstmal deinstallierst du nur GDATA IS, erst wenn wir hier durch sind kommt so ein Scanner wieder rauf.
__________________ |
|
11.09.2011, 15:08
| #19 |
| | Keine RückmeldungCode:
ATTFilter OTL logfile created on: 11.09.2011 15:34:04 - Run 3 OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Admin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,55% Memory free 8,00 Gb Paging File | 6,19 Gb Available in Paging File | 77,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1397,17 Gb Total Space | 1013,04 Gb Free Space | 72,51% Space Free | Partition Type: NTFS Computer Name: ENERMAX | User Name: Cedric | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.08 15:05:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe PRC - [2011.08.11 22:29:16 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.08.10 17:02:45 | 001,505,800 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2011.05.20 14:50:48 | 000,368,136 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe PRC - [2011.05.20 14:50:36 | 001,540,616 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe PRC - [2011.05.11 12:18:59 | 000,923,144 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe PRC - [2011.03.28 14:15:10 | 000,380,736 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe PRC - [2011.03.04 20:56:12 | 000,381,448 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe PRC - [2010.11.20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.08.10 15:23:36 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2011.07.28 23:35:34 | 000,204,288 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.06.13 22:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc) SRV:64bit: - [2011.01.05 07:03:30 | 002,610,952 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent) SRV:64bit: - [2011.01.05 07:03:20 | 002,266,376 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine) SRV - [2011.09.10 14:22:11 | 000,411,432 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.08.11 22:29:16 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.08.10 17:02:45 | 001,505,800 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2011.08.10 15:31:08 | 002,027,840 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.08.10 15:23:30 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011.08.10 14:21:10 | 001,556,816 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc) SRV - [2011.06.17 09:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.05.26 03:11:13 | 001,929,104 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe -- (AVKWCtl) SRV - [2011.05.20 14:50:48 | 000,368,136 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2011.03.04 20:56:12 | 000,381,448 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.11 13:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.11.12 19:08:00 | 003,403,420 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen) SRV - [2000.01.01 00:00:00 | 000,271,360 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\DTProTS\DTProTS.exe -- (DTProTS) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.08.15 22:08:24 | 000,059,256 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2011.08.15 14:05:45 | 000,110,968 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2011.08.15 14:05:45 | 000,050,552 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2011.08.15 14:05:44 | 000,065,912 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.07.28 22:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.07.02 14:47:10 | 000,106,488 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:64bit: - [2011.06.29 13:23:20 | 000,051,576 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2011.06.29 13:23:11 | 000,031,448 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.06.07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.04.30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.04.30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.08.11 08:10:06 | 000,138,256 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009.12.06 12:24:22 | 000,224,920 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus) DRV:64bit: - [2009.11.23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.09.30 16:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.09.23 10:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.10 12:14:36 | 000,043,264 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus) DRV:64bit: - [2009.06.10 12:14:36 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini) DRV:64bit: - [2009.02.03 17:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV:64bit: - [2007.05.01 16:48:56 | 000,171,144 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH5F0D.sys -- (SaiH5F0D) DRV:64bit: - [2007.05.01 16:48:56 | 000,034,304 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiU5F0D.sys -- (SaiU5F0D) DRV:64bit: - [2007.02.08 19:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV:64bit: - [2007.01.26 10:04:36 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\whfltr2k.sys -- (whfltr2k) DRV:64bit: - [2006.12.05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207) DRV:64bit: - [2006.11.10 15:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool) DRV:64bit: - [2006.08.25 14:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv) DRV:64bit: - [2006.07.10 18:21:22 | 000,022,936 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV:64bit: - [2006.06.14 16:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2011.06.25 15:08:55 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD) DRV - [2010.12.18 14:50:08 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys -- (WinRing0_1_2_0) DRV - [2010.11.29 20:27:40 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.02 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/hypercam/{30556029-374E-4F2E-890B-121038B58BE0} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.88.251:800 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.6 FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q=" FF - prefs.js..network.proxy.ftp: "192.168.88.251" FF - prefs.js..network.proxy.ftp_port: 800 FF - prefs.js..network.proxy.gopher: "192.168.88.251" FF - prefs.js..network.proxy.gopher_port: 800 FF - prefs.js..network.proxy.http: "192.168.88.251" FF - prefs.js..network.proxy.http_port: 800 FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "192.168.88.251" FF - prefs.js..network.proxy.socks_port: 800 FF - prefs.js..network.proxy.ssl: "192.168.88.251" FF - prefs.js..network.proxy.ssl_port: 800 FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.bigseekpro.com/search/toolbar/hypercam/{88ED4A72-8717-53BE-8E7E-30BA070DAF61}?q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Admin\Program Files (x86)\DNA\plugins\npbtdna.dll File not found FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Admin\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\components [2011.09.11 12:55:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Admin\Program Files (x86)\DNA [2011.03.19 13:47:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2011.08.09 18:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions [2011.08.09 18:20:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.19 13:43:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.09.10 17:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions [2011.08.09 18:20:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.09.10 17:38:44 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions\battlefieldplay4free@ea.com [2011.04.30 09:45:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.04.30 09:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2011.09.06 12:30:22 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2010.06.09 21:52:18 | 000,002,224 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\webblog.xml O1 HOSTS File: ([2000.01.01 00:00:00 | 000,000,794 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 secure.disc-soft.com O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIEx64.dll (G Data Software AG) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIEx64.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files (x86)\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.64.2.cab (Battlefield Play4Free Updater) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.116 192.168.123.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD5AE1E4-714D-4E03-920D-ABE9EE787A4C}: DhcpNameServer = 195.50.140.116 192.168.123.254 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell - "" = AutoRun O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\AutoRun\command - "" = V:\SETUP.EXE O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\configure\command - "" = V:\SETUP.EXE O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\install\command - "" = V:\SETUP.EXE O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\cdstart.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\cdstart.exe O34 - HKLM BootExecute: (PDBoot.exe) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) MsConfig:64bit - StartUpFolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe - (Leader Technologies/Logitech) MsConfig:64bit - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) MsConfig:64bit - StartUpReg: AshSnap - hkey= - key= - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 4\ashsnap.exe (ashampoo GmbH & Co. KG) MsConfig:64bit - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: PlusService - hkey= - key= - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) MsConfig:64bit - StartUpReg: RocketDock - hkey= - key= - C:\Program Files (x86)\RocketDock\RocketDock.exe () MsConfig:64bit - StartUpReg: snpstd3 - hkey= - key= - C:\Windows\vsnpstd3.exe () MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) MsConfig:64bit - StartUpReg: XboxStat - hkey= - key= - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) MsConfig:64bit - State: "bootini" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.09.11 15:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reader 10.0 [2011.09.11 15:29:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Utilities - CS5 [2011.09.11 15:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Photoshop CS5 [2011.09.11 15:28:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Help [2011.09.11 15:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Extension Manager CS5 [2011.09.11 15:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Device Central CS5 [2011.09.11 15:27:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Bridge CS5 [2011.09.11 13:28:21 | 000,000,000 | ---D | C] -- C:\81ecbee7fd739ac95739 [2011.09.11 12:55:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{849A75FF-FA5A-4ADD-AC24-5467763406AC} [2011.09.10 11:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2011.09.10 11:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2011.09.10 11:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2011.09.10 10:54:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Activision [2011.09.10 10:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Black Ops [2011.09.10 10:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Call of Duty Black Ops [2011.09.10 10:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes [2011.09.10 10:18:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\War Maps [2011.09.09 20:47:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.09.09 20:17:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2F296230-4C89-410F-AB92-C7EE145C52EF} [2011.09.09 20:16:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{ECAA6DBF-DEF9-4236-8121-27CD5161B41E} [2011.09.08 21:22:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2011.09.08 21:22:17 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.09.08 21:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.09.08 21:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.09.08 21:22:14 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.09.08 21:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.09.08 15:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2011.09.08 15:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2011.09.08 15:05:46 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2011.09.08 13:05:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{172BF5AA-5ADB-47A8-8261-9440F4413DE3} [2011.09.07 14:13:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E82D38B0-A1C6-4FC1-A459-795D3DAF58FF} [2011.09.07 14:13:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{83C7A11A-8EAA-41B2-8B7C-75C320DE0FFE} [2011.09.06 22:10:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\FixItCenter [2011.09.06 22:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center [2011.09.06 22:04:54 | 000,000,000 | ---D | C] -- C:\Windows\MATS [2011.09.06 12:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.09.06 12:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\facemoods.com [2011.09.06 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2011.09.06 12:06:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{14746336-DACA-441B-8C0E-5F1049B11284} [2011.09.06 12:06:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3D70A804-54FC-47ED-8AA6-A1698C4069A3} [2011.09.05 21:24:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C44B8BA1-1FB9-4E88-B8B9-A8725D62618A} [2011.09.05 21:24:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{11A1E4A7-F635-462E-B944-BA3598A6256B} [2011.09.04 23:33:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7F2AA41F-D387-4510-81B4-DA6DC9273BDF} [2011.09.04 23:32:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{55FCB4AB-E781-46E0-BE1E-30D2B9B41F40} [2011.09.04 13:01:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7B98AC6C-99FB-4F8A-8E14-C951129E7C6A} [2011.09.03 11:32:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B1565BF-26B0-4CCC-86C8-654F2B6F89F0} [2011.09.03 11:32:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{329CA473-720C-438B-8C4F-26E89AAC7666} [2011.09.02 17:44:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A47BB6AD-5FB2-4A4A-8865-EF2E815AF228} [2011.09.02 17:44:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{ADD2BD61-D7C0-4E5B-A1EB-0C68931E9DF9} [2011.09.02 00:28:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Heroglyph [2011.09.02 00:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft [2011.09.02 00:24:06 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll [2011.09.02 00:24:05 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax [2011.09.02 00:24:05 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll [2011.09.02 00:24:05 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax [2011.09.02 00:24:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax [2011.09.02 00:24:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax [2011.09.02 00:24:05 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax [2011.09.02 00:24:05 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll [2011.09.02 00:24:03 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax [2011.09.02 00:24:02 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax [2011.09.02 00:24:00 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax [2011.09.02 00:24:00 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax [2011.09.02 00:14:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AIM [2011.09.01 23:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USM [2011.09.01 23:50:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USM [2011.09.01 15:53:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4F10A6E8-1485-429F-9EB4-A39AE6D317AB} [2011.09.01 15:53:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FA1A7ED0-77A0-46BF-9E14-D47E02DA70E9} [2011.08.31 21:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualCloneDrive [2011.08.31 20:59:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011 [2011.08.31 20:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011 [2011.08.31 13:51:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Rockstar Games [2011.08.31 10:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011 old [2011.08.30 17:25:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011.08.30 17:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011.08.30 17:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2011.08.30 17:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011.08.30 13:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Raxco [2011.08.30 13:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco [2011.08.30 13:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raxco [2011.08.30 13:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MARKEMENT [2011.08.30 13:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MARKEMENT [2011.08.30 13:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetObjects [2011.08.30 13:44:50 | 001,056,768 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\ROBOEX32.DLL [2011.08.30 13:44:50 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\INETWH32.DLL [2011.08.30 13:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetObjects [2011.08.30 13:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD [2011.08.30 13:38:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\proDAD [2011.08.30 13:38:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\proDAD [2011.08.30 13:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\proDAD [2011.08.30 13:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo [2011.08.30 13:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo [2011.08.30 13:28:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts-Simulator 2009 [2011.08.30 12:37:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F55E9736-313E-40C0-BC6B-9CA6FEC825C5} [2011.08.30 12:36:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{48EA303D-918E-4C32-9033-29E2CE6B0935} [2011.08.30 00:36:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5116F0B2-6235-42F0-8612-748BF908F93C} [2011.08.30 00:35:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BB40D063-E0F3-4038-BF3C-988F8C849EAD} [2011.08.29 12:35:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{771406CF-9BEC-4961-BDB3-61A447D15B75} [2011.08.29 12:34:53 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{633392F9-FDBA-4A38-9DA2-EF6118DA163B} [2011.08.28 18:33:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{09F21C33-BB39-4DE5-890D-A98BDADDD95E} [2011.08.28 18:33:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F48C2731-4273-4342-B2CB-ED61E27BB434} [2011.08.26 10:33:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C3D444AD-8C01-4557-BE90-97C9C5EB2900} [2011.08.26 10:32:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0A10A479-5E02-46D9-BAFD-A177AA364A35} [2011.08.25 19:40:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E4670A46-F6FA-4BF6-9C9F-E03427DF4168} [2011.08.25 19:40:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{EB8EAEFB-170C-4A3B-B6EA-529F9EF42D85} [2011.08.22 22:52:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0E59175E-0A07-4F91-813F-B358A25E5905} [2011.08.22 22:52:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4BA577DF-DAF8-43EA-A31D-34DF89156365} [2011.08.21 22:51:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{49836AC0-1733-453D-90FA-E4AAAEC597EA} [2011.08.21 22:51:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{463FE74F-D03C-42E3-B9FE-C9F149AAB57C} [2011.08.21 16:17:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2011.08.21 16:16:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Games for Windows - LIVE Demos [2011.08.21 16:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2011.08.21 15:16:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5BE79326-6376-4A8B-AE21-72EE39B8FA36} [2011.08.21 01:02:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2011.08.21 01:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2011.08.20 12:56:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{890DE418-921E-4EF1-9AC2-5549BD8D5FAF} [2011.08.20 12:55:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FFEDC646-63BD-4E05-B3FA-5522DCCCB0A0} [2011.08.19 15:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2011.08.19 15:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys [2011.08.19 15:26:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{72679341-0CEA-47D4-B1B3-6769388E5075} [2011.08.19 15:26:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{26A52CF0-5935-4284-826F-19B20352A8B1} [2011.08.18 23:21:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B8B0B62-B541-431E-A5F3-51E27F806EC6} [2011.08.18 23:21:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{316F0DD2-A4B8-48DF-9366-39567B99DACA} [2011.08.18 11:20:42 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D63FFDBA-1FF1-4491-BC70-12209157C7BC} [2011.08.18 11:20:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6DCA4F1B-1C23-422D-833D-7AF449267013} [2011.08.17 20:01:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3AF3FFA1-182D-476F-87DA-FFEEDAD68456} [2011.08.17 20:01:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{822BC328-35D5-4D8C-B66A-B31F2163182E} [2011.08.17 16:54:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F7D3B46A-CF2E-46AD-ADB4-CE0435A6EEB3} [2011.08.17 15:06:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\LogiShrd [2011.08.17 00:31:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1512B213-5DB2-4AD4-A508-0BCEF0A47D99} [2011.08.17 00:31:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4DA65401-F87A-477D-94CC-650F4E4449E8} [2011.08.16 12:30:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E278CF71-0AF9-4D6B-BBBC-E28E2D66CB0B} [2011.08.16 12:30:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{77AA5B2D-3263-4AEE-9868-65DB7DFF7F8E} [2011.08.15 20:33:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Leadertech [2011.08.15 20:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd [2011.08.15 20:32:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd [2011.08.15 20:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SetPointG [2011.08.15 20:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SetPointP [2011.08.15 20:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd [2011.08.15 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logitech [2011.08.15 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logishrd [2011.08.15 13:54:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{95699DE0-1CB8-4A02-A770-8C798A5DEED6} [2011.08.15 13:53:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6ADFB87B-7BC9-471A-B118-C5F4EE421A98} [2011.08.14 22:15:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3C5D5897-4164-4D28-B1AA-8C4A61A342E8} [2011.08.14 22:15:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0319BB12-57BC-471F-A2A6-66C6A72CB9B4} [2011.08.14 01:06:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{872383BC-F599-4C23-8E36-E563ADC1FBCD} [2011.08.14 01:06:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{8E11992A-9555-4A10-BFC7-1E2817AFFF13} [2011.08.13 13:05:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4A96BF3F-4886-40DD-A397-45C796CFD460} [2011.08.13 13:05:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4C91BF1E-0B0F-47BB-AE11-B491C576907E} [2011.08.12 22:00:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{44D524A1-7A06-4157-91A6-1A2B0D615DB9} [2010.04.29 19:06:43 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll [2010.04.29 19:06:43 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll [2010.04.29 19:06:43 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll [5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.11 15:32:53 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2011.09.11 14:46:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.09.11 13:32:01 | 000,020,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.11 13:32:01 | 000,020,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.11 12:58:26 | 000,403,663 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2011.09.11 12:58:26 | 000,032,592 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2011.09.11 12:53:09 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.09.11 12:52:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.11 12:52:52 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2011.09.10 17:46:10 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.09.10 17:46:10 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.09.10 10:51:23 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty Black Ops.lnk [2011.09.10 10:44:54 | 000,001,210 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk [2011.09.10 10:17:26 | 000,000,797 | ---- | M] () -- C:\Users\Admin\Desktop\Flatout2.lnk [2011.09.08 15:05:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2011.09.08 15:04:39 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe [2011.09.06 21:58:30 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.09.06 21:58:30 | 000,655,802 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.09.06 21:58:30 | 000,616,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.09.06 21:58:30 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.09.06 21:58:30 | 000,106,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.09.06 17:32:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf [2011.08.30 20:44:54 | 396,636,636 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.08.30 17:27:15 | 000,002,020 | ---- | M] () -- C:\Users\Admin\Desktop\Catalyst Control Center.lnk [2011.08.21 01:01:24 | 000,002,156 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk [2011.08.17 12:58:45 | 000,001,448 | ---- | M] () -- C:\Users\Admin\Desktop\Command Prompt.lnk [2011.08.15 22:08:24 | 000,059,256 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2011.08.15 14:05:45 | 000,110,968 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys [2011.08.15 14:05:45 | 000,050,552 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2011.08.15 14:05:44 | 000,065,912 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys [2011.08.13 21:33:01 | 000,002,103 | ---- | M] () -- C:\Users\Admin\Desktop\Logitech G-series Key Profiler.lnk [5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.11 15:32:53 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2011.09.10 10:51:23 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty Black Ops.lnk [2011.09.10 10:44:54 | 000,001,210 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk [2011.09.10 10:17:26 | 000,000,797 | ---- | C] () -- C:\Users\Admin\Desktop\Flatout2.lnk [2011.09.08 15:04:38 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe [2011.09.06 22:04:56 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Fix it Center.lnk [2011.09.06 17:32:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf [2011.09.02 00:24:05 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax [2011.09.02 00:24:05 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011.09.02 00:24:05 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax [2011.09.02 00:24:04 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax [2011.09.02 00:24:03 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax [2011.09.02 00:24:02 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax [2011.09.02 00:24:01 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax [2011.09.02 00:24:00 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax [2011.09.02 00:24:00 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax [2011.09.02 00:24:00 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax [2011.09.02 00:14:33 | 000,000,696 | ---- | C] () -- C:\Windows\SysWow64\jetodbc.rsp [2011.08.30 20:44:54 | 396,636,636 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.08.30 17:27:15 | 000,002,020 | ---- | C] () -- C:\Users\Admin\Desktop\Catalyst Control Center.lnk [2011.08.30 13:49:07 | 000,002,781 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerfectDisk 11.lnk [2011.08.30 13:44:50 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll [2011.08.21 01:01:24 | 000,002,156 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk [2011.08.13 21:33:01 | 000,002,103 | ---- | C] () -- C:\Users\Admin\Desktop\Logitech G-series Key Profiler.lnk [2011.08.13 20:43:32 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.08.11 22:29:15 | 002,484,592 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_p4f.exe [2011.07.17 23:54:02 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.06.30 15:52:19 | 000,403,663 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2011.06.29 19:32:19 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.06.09 13:52:22 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{E40E4B56-8C05-487F-A732-9A2EC3768E9C} [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.02.11 19:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2011.02.11 19:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2011.02.11 19:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2011.01.28 21:19:44 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2010.12.12 14:43:42 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.11.29 21:35:57 | 000,000,008 | -HS- | C] () -- C:\ProgramData\CCDD932493.sys [2010.11.29 21:35:56 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.09.25 18:53:24 | 000,013,312 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.18 16:21:13 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.05.07 16:31:06 | 000,196,096 | ---- | C] () -- C:\Windows\SysWow64\nY.exe [2010.04.29 19:06:44 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2010.04.29 19:06:44 | 000,356,352 | ---- | C] () -- C:\Windows\tsnpstd3.exe [2010.04.29 19:06:44 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe [2010.04.29 19:06:44 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2010.04.22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileOut.cns [2010.04.22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileIn.cns [2010.03.17 19:29:35 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE [2010.02.19 21:18:20 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2010.02.19 21:18:20 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2010.02.19 21:18:20 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2010.02.14 20:52:39 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll [2010.01.02 17:37:17 | 000,001,015 | ---- | C] () -- C:\Windows\disney.ini [2009.12.22 22:21:05 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2009.12.04 01:19:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2007.04.27 11:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2006.11.02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI [2005.01.25 15:15:42 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\PA207USD.DLL ========== LOP Check ========== [2009.12.22 22:24:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Atari [2011.04.30 09:48:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon [2011.04.03 16:23:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bioshock [2010.09.03 19:48:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\bizarre creations [2010.02.06 00:59:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Blender Foundation [2010.02.21 14:02:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\concept design [2010.04.14 19:47:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Cuttermaran [2010.12.06 14:28:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite [2011.04.30 10:54:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Pro [2010.01.02 17:50:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Disney Interactive Studios [2010.02.28 12:25:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DNA [2011.08.22 01:44:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft [2011.08.09 18:20:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.15 20:11:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Engelmann Media [2009.12.30 17:12:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FarmingSimulator2008 [2010.05.08 12:02:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0 [2011.04.29 18:54:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ImTOO [2011.08.15 20:33:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech [2010.12.20 16:20:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAGIX [2010.02.21 13:53:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NCH Swift Sound [2010.11.02 17:36:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Need for Speed World [2011.09.11 15:45:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NetSpeedMonitor [2010.02.28 12:25:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++ [2010.07.11 13:52:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Panasonic [2011.09.06 21:35:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\proDAD [2010.09.26 09:24:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProtectDisc [2011.09.02 14:01:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony [2010.11.06 22:26:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer [2011.09.02 18:15:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client [2010.12.19 15:35:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software [2010.11.06 21:39:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft [2011.09.06 19:52:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent [2011.01.07 18:43:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\wbtooltb [2010.12.29 13:07:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer [2011.09.08 23:37:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinPump [2011.08.30 20:38:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.07.01 22:27:06 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.09.11 13:29:54 | 000,000,000 | ---D | M] -- C:\81ecbee7fd739ac95739 [2010.11.08 16:58:56 | 000,000,000 | ---D | M] -- C:\Advanced Wheel Mouse [2011.01.03 15:26:36 | 000,000,000 | ---D | M] -- C:\AMD [2009.12.04 01:17:12 | 000,000,000 | ---D | M] -- C:\ATI [2011.09.11 01:41:07 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.12.04 01:12:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.05.28 13:24:14 | 000,000,000 | ---D | M] -- C:\Graphics [2011.08.08 18:59:59 | 000,000,000 | ---D | M] -- C:\Intel [2010.07.11 13:52:08 | 000,000,000 | ---D | M] -- C:\MC_TMP [2009.12.15 14:45:31 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.09.06 22:04:54 | 000,000,000 | R--D | M] -- C:\Program Files [2011.09.11 15:29:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2011.09.08 21:22:17 | 000,000,000 | ---D | M] -- C:\ProgramData [2009.12.04 01:12:37 | 000,000,000 | -HSD | M] -- C:\Programme [2009.12.04 01:12:37 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.04.12 16:26:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.07.01 22:26:54 | 000,000,000 | R--D | M] -- C:\Users [2011.09.06 22:04:54 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > [5 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > < End of report > |
|
11.09.2011, 15:16
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Keine Rückmeldung Du solltest GDATA doch vorher deinstallieren!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.09.2011, 16:30
| #21 |
| | Keine Rückmeldung Sry Code:
ATTFilter OTL logfile created on: 11.09.2011 17:19:46 - Run 4 OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Admin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,82 Gb Available Physical Memory | 70,45% Memory free 8,00 Gb Paging File | 6,77 Gb Available in Paging File | 84,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1397,17 Gb Total Space | 1013,63 Gb Free Space | 72,55% Space Free | Partition Type: NTFS Computer Name: ENERMAX | User Name: Cedric | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.08 15:05:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe PRC - [2011.08.11 22:29:16 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.03.28 14:15:10 | 000,380,736 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.08.10 15:23:36 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2011.07.28 23:35:34 | 000,204,288 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.06.13 22:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc) SRV:64bit: - [2011.01.05 07:03:30 | 002,610,952 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent) SRV:64bit: - [2011.01.05 07:03:20 | 002,266,376 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine) SRV - [2011.09.10 14:22:11 | 000,411,432 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.08.11 22:29:16 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.08.10 15:31:08 | 002,027,840 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.08.10 15:23:30 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011.06.17 09:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.11 13:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.11.12 19:08:00 | 003,403,420 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen) SRV - [2000.01.01 00:00:00 | 000,271,360 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\DTProTS\DTProTS.exe -- (DTProTS) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.07.28 22:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.06.07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.04.30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.04.30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.08.11 08:10:06 | 000,138,256 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009.12.06 12:24:22 | 000,224,920 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus) DRV:64bit: - [2009.11.23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.09.30 16:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.09.23 10:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.10 12:14:36 | 000,043,264 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus) DRV:64bit: - [2009.06.10 12:14:36 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini) DRV:64bit: - [2009.02.03 17:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV:64bit: - [2007.05.01 16:48:56 | 000,171,144 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH5F0D.sys -- (SaiH5F0D) DRV:64bit: - [2007.05.01 16:48:56 | 000,034,304 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiU5F0D.sys -- (SaiU5F0D) DRV:64bit: - [2007.02.08 19:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV:64bit: - [2007.01.26 10:04:36 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\whfltr2k.sys -- (whfltr2k) DRV:64bit: - [2006.12.05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207) DRV:64bit: - [2006.11.10 15:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool) DRV:64bit: - [2006.08.25 14:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv) DRV:64bit: - [2006.07.10 18:21:22 | 000,022,936 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV:64bit: - [2006.06.14 16:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2010.12.18 14:50:08 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys -- (WinRing0_1_2_0) DRV - [2010.11.29 20:27:40 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.02 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/hypercam/{30556029-374E-4F2E-890B-121038B58BE0} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.88.251:800 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.6 FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q=" FF - prefs.js..network.proxy.ftp: "192.168.88.251" FF - prefs.js..network.proxy.ftp_port: 800 FF - prefs.js..network.proxy.gopher: "192.168.88.251" FF - prefs.js..network.proxy.gopher_port: 800 FF - prefs.js..network.proxy.http: "192.168.88.251" FF - prefs.js..network.proxy.http_port: 800 FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "192.168.88.251" FF - prefs.js..network.proxy.socks_port: 800 FF - prefs.js..network.proxy.ssl: "192.168.88.251" FF - prefs.js..network.proxy.ssl_port: 800 FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.bigseekpro.com/search/toolbar/hypercam/{88ED4A72-8717-53BE-8E7E-30BA070DAF61}?q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Admin\Program Files (x86)\DNA\plugins\npbtdna.dll File not found FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Admin\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\components [2011.09.11 12:55:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Admin\Program Files (x86)\DNA [2011.03.19 13:47:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2011.08.09 18:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions [2011.08.09 18:20:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.19 13:43:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.09.10 17:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions [2011.08.09 18:20:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.09.10 17:38:44 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions\battlefieldplay4free@ea.com [2011.04.30 09:45:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.04.30 09:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2011.09.06 12:30:22 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2010.06.09 21:52:18 | 000,002,224 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\webblog.xml O1 HOSTS File: ([2000.01.01 00:00:00 | 000,000,794 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 secure.disc-soft.com O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.) O2 - BHO: (no name) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files (x86)\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.64.2.cab (Battlefield Play4Free Updater) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.116 192.168.123.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD5AE1E4-714D-4E03-920D-ABE9EE787A4C}: DhcpNameServer = 195.50.140.116 192.168.123.254 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell - "" = AutoRun O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\AutoRun\command - "" = V:\SETUP.EXE O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\configure\command - "" = V:\SETUP.EXE O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\install\command - "" = V:\SETUP.EXE O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\cdstart.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\cdstart.exe O34 - HKLM BootExecute: (PDBoot.exe) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) MsConfig:64bit - StartUpFolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe - (Leader Technologies/Logitech) MsConfig:64bit - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) MsConfig:64bit - StartUpReg: AshSnap - hkey= - key= - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 4\ashsnap.exe (ashampoo GmbH & Co. KG) MsConfig:64bit - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: PlusService - hkey= - key= - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) MsConfig:64bit - StartUpReg: RocketDock - hkey= - key= - C:\Program Files (x86)\RocketDock\RocketDock.exe () MsConfig:64bit - StartUpReg: snpstd3 - hkey= - key= - C:\Windows\vsnpstd3.exe () MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) MsConfig:64bit - StartUpReg: XboxStat - hkey= - key= - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) MsConfig:64bit - State: "bootini" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.09.11 15:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reader 10.0 [2011.09.11 15:29:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Utilities - CS5 [2011.09.11 15:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Photoshop CS5 [2011.09.11 15:28:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Help [2011.09.11 15:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Extension Manager CS5 [2011.09.11 15:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Device Central CS5 [2011.09.11 15:27:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Bridge CS5 [2011.09.11 12:55:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{849A75FF-FA5A-4ADD-AC24-5467763406AC} [2011.09.10 11:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2011.09.10 11:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2011.09.10 11:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2011.09.10 10:54:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Activision [2011.09.10 10:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Black Ops [2011.09.10 10:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Call of Duty Black Ops [2011.09.10 10:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes [2011.09.10 10:18:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\War Maps [2011.09.09 20:47:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.09.09 20:17:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2F296230-4C89-410F-AB92-C7EE145C52EF} [2011.09.09 20:16:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{ECAA6DBF-DEF9-4236-8121-27CD5161B41E} [2011.09.08 21:22:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2011.09.08 21:22:17 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.09.08 21:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.09.08 21:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.09.08 21:22:14 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.09.08 21:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.09.08 15:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2011.09.08 15:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2011.09.08 15:05:46 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2011.09.08 13:05:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{172BF5AA-5ADB-47A8-8261-9440F4413DE3} [2011.09.07 14:13:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E82D38B0-A1C6-4FC1-A459-795D3DAF58FF} [2011.09.07 14:13:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{83C7A11A-8EAA-41B2-8B7C-75C320DE0FFE} [2011.09.06 22:10:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\FixItCenter [2011.09.06 22:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center [2011.09.06 22:04:54 | 000,000,000 | ---D | C] -- C:\Windows\MATS [2011.09.06 12:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.09.06 12:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\facemoods.com [2011.09.06 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2011.09.06 12:06:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{14746336-DACA-441B-8C0E-5F1049B11284} [2011.09.06 12:06:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3D70A804-54FC-47ED-8AA6-A1698C4069A3} [2011.09.05 21:24:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C44B8BA1-1FB9-4E88-B8B9-A8725D62618A} [2011.09.05 21:24:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{11A1E4A7-F635-462E-B944-BA3598A6256B} [2011.09.04 23:33:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7F2AA41F-D387-4510-81B4-DA6DC9273BDF} [2011.09.04 23:32:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{55FCB4AB-E781-46E0-BE1E-30D2B9B41F40} [2011.09.04 13:01:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7B98AC6C-99FB-4F8A-8E14-C951129E7C6A} [2011.09.03 11:32:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B1565BF-26B0-4CCC-86C8-654F2B6F89F0} [2011.09.03 11:32:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{329CA473-720C-438B-8C4F-26E89AAC7666} [2011.09.02 17:44:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A47BB6AD-5FB2-4A4A-8865-EF2E815AF228} [2011.09.02 17:44:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{ADD2BD61-D7C0-4E5B-A1EB-0C68931E9DF9} [2011.09.02 00:28:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Heroglyph [2011.09.02 00:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft [2011.09.02 00:24:06 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll [2011.09.02 00:24:05 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax [2011.09.02 00:24:05 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll [2011.09.02 00:24:05 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax [2011.09.02 00:24:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax [2011.09.02 00:24:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax [2011.09.02 00:24:05 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax [2011.09.02 00:24:05 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll [2011.09.02 00:24:03 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax [2011.09.02 00:24:02 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax [2011.09.02 00:24:00 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax [2011.09.02 00:24:00 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax [2011.09.02 00:14:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AIM [2011.09.01 23:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USM [2011.09.01 23:50:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USM [2011.09.01 15:53:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4F10A6E8-1485-429F-9EB4-A39AE6D317AB} [2011.09.01 15:53:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FA1A7ED0-77A0-46BF-9E14-D47E02DA70E9} [2011.08.31 21:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualCloneDrive [2011.08.31 20:59:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011 [2011.08.31 20:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011 [2011.08.31 13:51:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Rockstar Games [2011.08.31 10:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011 old [2011.08.30 17:25:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011.08.30 17:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011.08.30 17:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2011.08.30 17:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011.08.30 13:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Raxco [2011.08.30 13:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco [2011.08.30 13:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raxco [2011.08.30 13:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MARKEMENT [2011.08.30 13:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MARKEMENT [2011.08.30 13:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetObjects [2011.08.30 13:44:50 | 001,056,768 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\ROBOEX32.DLL [2011.08.30 13:44:50 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\INETWH32.DLL [2011.08.30 13:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetObjects [2011.08.30 13:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD [2011.08.30 13:38:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\proDAD [2011.08.30 13:38:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\proDAD [2011.08.30 13:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\proDAD [2011.08.30 13:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo [2011.08.30 13:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo [2011.08.30 13:28:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts-Simulator 2009 [2011.08.30 12:37:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F55E9736-313E-40C0-BC6B-9CA6FEC825C5} [2011.08.30 12:36:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{48EA303D-918E-4C32-9033-29E2CE6B0935} [2011.08.30 00:36:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5116F0B2-6235-42F0-8612-748BF908F93C} [2011.08.30 00:35:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BB40D063-E0F3-4038-BF3C-988F8C849EAD} [2011.08.29 12:35:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{771406CF-9BEC-4961-BDB3-61A447D15B75} [2011.08.29 12:34:53 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{633392F9-FDBA-4A38-9DA2-EF6118DA163B} [2011.08.28 18:33:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{09F21C33-BB39-4DE5-890D-A98BDADDD95E} [2011.08.28 18:33:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F48C2731-4273-4342-B2CB-ED61E27BB434} [2011.08.26 10:33:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C3D444AD-8C01-4557-BE90-97C9C5EB2900} [2011.08.26 10:32:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0A10A479-5E02-46D9-BAFD-A177AA364A35} [2011.08.25 19:40:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E4670A46-F6FA-4BF6-9C9F-E03427DF4168} [2011.08.25 19:40:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{EB8EAEFB-170C-4A3B-B6EA-529F9EF42D85} [2011.08.22 22:52:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0E59175E-0A07-4F91-813F-B358A25E5905} [2011.08.22 22:52:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4BA577DF-DAF8-43EA-A31D-34DF89156365} [2011.08.21 22:51:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{49836AC0-1733-453D-90FA-E4AAAEC597EA} [2011.08.21 22:51:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{463FE74F-D03C-42E3-B9FE-C9F149AAB57C} [2011.08.21 16:17:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2011.08.21 16:16:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Games for Windows - LIVE Demos [2011.08.21 16:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2011.08.21 15:16:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5BE79326-6376-4A8B-AE21-72EE39B8FA36} [2011.08.21 01:02:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2011.08.21 01:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2011.08.20 12:56:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{890DE418-921E-4EF1-9AC2-5549BD8D5FAF} [2011.08.20 12:55:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FFEDC646-63BD-4E05-B3FA-5522DCCCB0A0} [2011.08.19 15:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2011.08.19 15:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys [2011.08.19 15:26:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{72679341-0CEA-47D4-B1B3-6769388E5075} [2011.08.19 15:26:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{26A52CF0-5935-4284-826F-19B20352A8B1} [2011.08.18 23:21:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B8B0B62-B541-431E-A5F3-51E27F806EC6} [2011.08.18 23:21:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{316F0DD2-A4B8-48DF-9366-39567B99DACA} [2011.08.18 11:20:42 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D63FFDBA-1FF1-4491-BC70-12209157C7BC} [2011.08.18 11:20:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6DCA4F1B-1C23-422D-833D-7AF449267013} [2011.08.17 20:01:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3AF3FFA1-182D-476F-87DA-FFEEDAD68456} [2011.08.17 20:01:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{822BC328-35D5-4D8C-B66A-B31F2163182E} [2011.08.17 16:54:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F7D3B46A-CF2E-46AD-ADB4-CE0435A6EEB3} [2011.08.17 15:06:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\LogiShrd [2011.08.17 00:31:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1512B213-5DB2-4AD4-A508-0BCEF0A47D99} [2011.08.17 00:31:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4DA65401-F87A-477D-94CC-650F4E4449E8} [2011.08.16 12:30:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E278CF71-0AF9-4D6B-BBBC-E28E2D66CB0B} [2011.08.16 12:30:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{77AA5B2D-3263-4AEE-9868-65DB7DFF7F8E} [2011.08.15 20:33:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Leadertech [2011.08.15 20:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd [2011.08.15 20:32:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd [2011.08.15 20:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SetPointG [2011.08.15 20:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SetPointP [2011.08.15 20:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd [2011.08.15 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logitech [2011.08.15 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logishrd [2011.08.15 13:54:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{95699DE0-1CB8-4A02-A770-8C798A5DEED6} [2011.08.15 13:53:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6ADFB87B-7BC9-471A-B118-C5F4EE421A98} [2011.08.14 22:15:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3C5D5897-4164-4D28-B1AA-8C4A61A342E8} [2011.08.14 22:15:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0319BB12-57BC-471F-A2A6-66C6A72CB9B4} [2011.08.14 01:06:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{872383BC-F599-4C23-8E36-E563ADC1FBCD} [2011.08.14 01:06:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{8E11992A-9555-4A10-BFC7-1E2817AFFF13} [2011.08.13 13:05:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4A96BF3F-4886-40DD-A397-45C796CFD460} [2011.08.13 13:05:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4C91BF1E-0B0F-47BB-AE11-B491C576907E} [2011.08.12 22:00:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{44D524A1-7A06-4157-91A6-1A2B0D615DB9} [2010.04.29 19:06:43 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll [2010.04.29 19:06:43 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll [2010.04.29 19:06:43 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll [5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.11 17:14:41 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.09.11 17:14:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.11 17:14:18 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2011.09.11 16:46:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.09.11 15:32:53 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2011.09.11 13:32:01 | 000,020,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.11 13:32:01 | 000,020,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.11 12:58:26 | 000,403,663 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2011.09.11 12:58:26 | 000,032,592 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2011.09.10 17:46:10 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.09.10 17:46:10 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.09.10 10:51:23 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty Black Ops.lnk [2011.09.10 10:44:54 | 000,001,210 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk [2011.09.10 10:17:26 | 000,000,797 | ---- | M] () -- C:\Users\Admin\Desktop\Flatout2.lnk [2011.09.08 15:05:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2011.09.08 15:04:39 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe [2011.09.06 21:58:30 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.09.06 21:58:30 | 000,655,802 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.09.06 21:58:30 | 000,616,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.09.06 21:58:30 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.09.06 21:58:30 | 000,106,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.09.06 17:32:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf [2011.08.30 20:44:54 | 396,636,636 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.08.30 17:27:15 | 000,002,020 | ---- | M] () -- C:\Users\Admin\Desktop\Catalyst Control Center.lnk [2011.08.21 01:01:24 | 000,002,156 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk [2011.08.17 12:58:45 | 000,001,448 | ---- | M] () -- C:\Users\Admin\Desktop\Command Prompt.lnk [2011.08.15 22:08:24 | 000,059,256 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2011.08.15 14:05:45 | 000,110,968 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys [2011.08.15 14:05:45 | 000,050,552 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2011.08.15 14:05:44 | 000,065,912 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys [2011.08.13 21:33:01 | 000,002,103 | ---- | M] () -- C:\Users\Admin\Desktop\Logitech G-series Key Profiler.lnk [5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.11 15:32:53 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2011.09.10 10:51:23 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty Black Ops.lnk [2011.09.10 10:44:54 | 000,001,210 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk [2011.09.10 10:17:26 | 000,000,797 | ---- | C] () -- C:\Users\Admin\Desktop\Flatout2.lnk [2011.09.08 15:04:38 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe [2011.09.06 22:04:56 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Fix it Center.lnk [2011.09.06 17:32:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf [2011.09.02 00:24:05 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax [2011.09.02 00:24:05 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011.09.02 00:24:05 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax [2011.09.02 00:24:04 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax [2011.09.02 00:24:03 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax [2011.09.02 00:24:02 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax [2011.09.02 00:24:01 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax [2011.09.02 00:24:00 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax [2011.09.02 00:24:00 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax [2011.09.02 00:24:00 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax [2011.09.02 00:14:33 | 000,000,696 | ---- | C] () -- C:\Windows\SysWow64\jetodbc.rsp [2011.08.30 20:44:54 | 396,636,636 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.08.30 17:27:15 | 000,002,020 | ---- | C] () -- C:\Users\Admin\Desktop\Catalyst Control Center.lnk [2011.08.30 13:49:07 | 000,002,781 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerfectDisk 11.lnk [2011.08.30 13:44:50 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll [2011.08.21 01:01:24 | 000,002,156 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk [2011.08.13 21:33:01 | 000,002,103 | ---- | C] () -- C:\Users\Admin\Desktop\Logitech G-series Key Profiler.lnk [2011.08.13 20:43:32 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.08.11 22:29:15 | 002,484,592 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_p4f.exe [2011.07.17 23:54:02 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.06.30 15:52:19 | 000,403,663 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2011.06.29 19:32:19 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.06.09 13:52:22 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{E40E4B56-8C05-487F-A732-9A2EC3768E9C} [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.02.11 19:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2011.02.11 19:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2011.02.11 19:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2011.01.28 21:19:44 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2010.12.12 14:43:42 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.11.29 21:35:57 | 000,000,008 | -HS- | C] () -- C:\ProgramData\CCDD932493.sys [2010.11.29 21:35:56 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.09.25 18:53:24 | 000,013,312 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.18 16:21:13 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.05.07 16:31:06 | 000,196,096 | ---- | C] () -- C:\Windows\SysWow64\nY.exe [2010.04.29 19:06:44 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2010.04.29 19:06:44 | 000,356,352 | ---- | C] () -- C:\Windows\tsnpstd3.exe [2010.04.29 19:06:44 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe [2010.04.29 19:06:44 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2010.04.22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileOut.cns [2010.04.22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileIn.cns [2010.03.17 19:29:35 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE [2010.02.19 21:18:20 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2010.02.19 21:18:20 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2010.02.19 21:18:20 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2010.02.14 20:52:39 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll [2010.01.02 17:37:17 | 000,001,015 | ---- | C] () -- C:\Windows\disney.ini [2009.12.22 22:21:05 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2009.12.04 01:19:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2007.04.27 11:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2006.11.02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI [2005.01.25 15:15:42 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\PA207USD.DLL ========== LOP Check ========== [2009.12.22 22:24:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Atari [2011.04.30 09:48:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon [2011.04.03 16:23:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bioshock [2010.09.03 19:48:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\bizarre creations [2010.02.06 00:59:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Blender Foundation [2010.02.21 14:02:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\concept design [2010.04.14 19:47:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Cuttermaran [2010.12.06 14:28:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite [2011.04.30 10:54:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Pro [2010.01.02 17:50:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Disney Interactive Studios [2010.02.28 12:25:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DNA [2011.08.22 01:44:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft [2011.08.09 18:20:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.15 20:11:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Engelmann Media [2009.12.30 17:12:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FarmingSimulator2008 [2010.05.08 12:02:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0 [2011.04.29 18:54:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ImTOO [2011.08.15 20:33:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech [2010.12.20 16:20:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAGIX [2010.02.21 13:53:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NCH Swift Sound [2010.11.02 17:36:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Need for Speed World [2011.09.11 17:22:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NetSpeedMonitor [2010.02.28 12:25:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++ [2010.07.11 13:52:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Panasonic [2011.09.06 21:35:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\proDAD [2010.09.26 09:24:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProtectDisc [2011.09.02 14:01:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony [2010.11.06 22:26:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer [2011.09.02 18:15:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client [2010.12.19 15:35:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software [2010.11.06 21:39:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft [2011.09.06 19:52:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent [2011.01.07 18:43:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\wbtooltb [2010.12.29 13:07:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer [2011.09.08 23:37:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinPump [2011.08.30 20:38:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.07.01 22:27:06 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.11.08 16:58:56 | 000,000,000 | ---D | M] -- C:\Advanced Wheel Mouse [2011.01.03 15:26:36 | 000,000,000 | ---D | M] -- C:\AMD [2009.12.04 01:17:12 | 000,000,000 | ---D | M] -- C:\ATI [2011.09.11 17:14:18 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.12.04 01:12:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.05.28 13:24:14 | 000,000,000 | ---D | M] -- C:\Graphics [2011.08.08 18:59:59 | 000,000,000 | ---D | M] -- C:\Intel [2010.07.11 13:52:08 | 000,000,000 | ---D | M] -- C:\MC_TMP [2009.12.15 14:45:31 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.09.06 22:04:54 | 000,000,000 | R--D | M] -- C:\Program Files [2011.09.11 17:16:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2011.09.08 21:22:17 | 000,000,000 | ---D | M] -- C:\ProgramData [2009.12.04 01:12:37 | 000,000,000 | -HSD | M] -- C:\Programme [2009.12.04 01:12:37 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.04.12 16:26:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.07.01 22:26:54 | 000,000,000 | R--D | M] -- C:\Users [2011.09.06 22:04:54 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > |
|
11.09.2011, 16:41
| #22 |
| | Keine Rückmeldung Jetzt hab ich aber kein einziges virenprogramm... |
|
11.09.2011, 17:37
| #23 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Keine RückmeldungZitat:
Ein im Hintergrund laufender Virenscanner ist ein ziemlich unbedeutender Bestandteil im Sicherheitskonzept. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{30556029-374E-4F2E-890B-121038B58BE0}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.88.251:800
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.0
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q="
FF - prefs.js..network.proxy.ftp: "192.168.88.251"
FF - prefs.js..network.proxy.ftp_port: 800
FF - prefs.js..network.proxy.gopher: "192.168.88.251"
FF - prefs.js..network.proxy.gopher_port: 800
FF - prefs.js..network.proxy.http: "192.168.88.251"
FF - prefs.js..network.proxy.http_port: 800
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.88.251"
FF - prefs.js..network.proxy.socks_port: 800
FF - prefs.js..network.proxy.ssl: "192.168.88.251"
FF - prefs.js..network.proxy.ssl_port: 800
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://www.bigseekpro.com/search/toolbar/hypercam/{88ED4A72-8717-53BE-8E7E-30BA070DAF61}?q="
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)
O2 - BHO: (no name) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell - "" = AutoRun
O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\AutoRun\command - "" = V:\SETUP.EXE
O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\configure\command - "" = V:\SETUP.EXE
O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\install\command - "" = V:\SETUP.EXE
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\cdstart.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\cdstart.exe
O34 - HKLM BootExecute: (PDBoot.exe) - File not found
[2011.09.06 12:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\facemoods.com
[2011.04.30 09:48:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.09.2011, 17:49
| #24 |
| | Keine RückmeldungCode:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ deleted successfully.
C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: info@djzig.com:1.2.0 removed from extensions.enabledItems
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q=" removed from keyword.URL
Prefs.js: "192.168.88.251" removed from network.proxy.ftp
Prefs.js: 800 removed from network.proxy.ftp_port
Prefs.js: "192.168.88.251" removed from network.proxy.gopher
Prefs.js: 800 removed from network.proxy.gopher_port
Prefs.js: "192.168.88.251" removed from network.proxy.http
Prefs.js: 800 removed from network.proxy.http_port
Prefs.js: "localhost,127.0.0.1" removed from network.proxy.no_proxies_on
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "192.168.88.251" removed from network.proxy.socks
Prefs.js: 800 removed from network.proxy.socks_port
Prefs.js: "192.168.88.251" removed from network.proxy.ssl
Prefs.js: 800 removed from network.proxy.ssl_port
Prefs.js: "hxxp://www.bigseekpro.com/search/toolbar/hypercam/{88ED4A72-8717-53BE-8E7E-30BA070DAF61}?q=" removed from sweetim.toolbar.previous.keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA3295CF-17ED-4F49-9E95-D999A0ADBFDC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA3295CF-17ED-4F49-9E95-D999A0ADBFDC}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14b1b4e4-e977-11de-9627-002511d83983}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14b1b4e4-e977-11de-9627-002511d83983}\ not found.
File V:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14b1b4e4-e977-11de-9627-002511d83983}\ not found.
File V:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14b1b4e4-e977-11de-9627-002511d83983}\ not found.
File V:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\cdstart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\cdstart.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:PDBoot.exe deleted successfully.
C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7 folder moved successfully.
C:\Program Files (x86)\facemoods.com\facemoods folder moved successfully.
C:\Program Files (x86)\facemoods.com folder moved successfully.
C:\Users\Admin\AppData\Roaming\Babylon folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Admin
->Temp folder emptied: 2778909 bytes
->Temporary Internet Files folder emptied: 895286272 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 183557097 bytes
->Flash cache emptied: 57246 bytes
User: Administrator
->Temp folder emptied: 162923 bytes
->Temporary Internet Files folder emptied: 33036 bytes
->Flash cache emptied: 56502 bytes
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33036 bytes
->Flash cache emptied: 56502 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ladmin
->Temp folder emptied: 113839 bytes
->Temporary Internet Files folder emptied: 33036 bytes
->Flash cache emptied: 56502 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3221600 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10811 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67966 bytes
RecycleBin emptied: 526 bytes
Total Files Cleaned = 1.035,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.27.0 log created on 09112011_184422
Files\Folders moved on Reboot...
C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
11.09.2011, 17:55
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Keine Rückmeldung Mach zur Kontrolle bitte ein neues OTl-Custom-Log.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.09.2011, 17:57
| #26 |
| | Keine Rückmeldung also meinst du nen ganz normalen quick scan? |
|
11.09.2011, 17:58
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Keine Rückmeldung Na, das hier: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.09.2011, 18:11
| #28 |
| | Keine RückmeldungCode:
ATTFilter OTL logfile created on: 11.09.2011 18:59:42 - Run 5 OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Admin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,82 Gb Available Physical Memory | 70,55% Memory free 8,00 Gb Paging File | 6,64 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1397,17 Gb Total Space | 1014,61 Gb Free Space | 72,62% Space Free | Partition Type: NTFS Computer Name: ENERMAX | User Name: Cedric | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.08 15:05:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe PRC - [2011.08.11 22:29:16 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.03.28 14:15:10 | 000,380,736 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe ========== Modules (No Company Name) ========== MOD - [2011.03.02 11:11:18 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\Detoured.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.08.10 15:23:36 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2011.07.28 23:35:34 | 000,204,288 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.06.13 22:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc) SRV:64bit: - [2011.01.05 07:03:30 | 002,610,952 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent) SRV:64bit: - [2011.01.05 07:03:20 | 002,266,376 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine) SRV - [2011.09.10 14:22:11 | 000,411,432 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.08.11 22:29:16 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.08.10 15:31:08 | 002,027,840 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.08.10 15:23:30 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011.06.17 09:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.11 13:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.11.12 19:08:00 | 003,403,420 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen) SRV - [2000.01.01 00:00:00 | 000,271,360 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\DTProTS\DTProTS.exe -- (DTProTS) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.07.28 22:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.06.07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.04.30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.04.30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.08.11 08:10:06 | 000,138,256 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009.12.06 12:24:22 | 000,224,920 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus) DRV:64bit: - [2009.11.23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.09.30 16:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.09.23 10:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.10 12:14:36 | 000,043,264 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus) DRV:64bit: - [2009.06.10 12:14:36 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini) DRV:64bit: - [2009.02.03 17:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV:64bit: - [2007.05.01 16:48:56 | 000,171,144 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH5F0D.sys -- (SaiH5F0D) DRV:64bit: - [2007.05.01 16:48:56 | 000,034,304 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiU5F0D.sys -- (SaiU5F0D) DRV:64bit: - [2007.02.08 19:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV:64bit: - [2007.01.26 10:04:36 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\whfltr2k.sys -- (whfltr2k) DRV:64bit: - [2006.12.05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207) DRV:64bit: - [2006.11.10 15:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool) DRV:64bit: - [2006.08.25 14:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv) DRV:64bit: - [2006.07.10 18:21:22 | 000,022,936 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV:64bit: - [2006.06.14 16:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2010.12.18 14:50:08 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys -- (WinRing0_1_2_0) DRV - [2010.11.29 20:27:40 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005.01.02 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.6 FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q=" FF - prefs.js..network.proxy.ftp: "192.168.88.251" FF - prefs.js..network.proxy.ftp_port: 800 FF - prefs.js..network.proxy.gopher: "192.168.88.251" FF - prefs.js..network.proxy.gopher_port: 800 FF - prefs.js..network.proxy.http: "192.168.88.251" FF - prefs.js..network.proxy.http_port: 800 FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "192.168.88.251" FF - prefs.js..network.proxy.socks_port: 800 FF - prefs.js..network.proxy.ssl: "192.168.88.251" FF - prefs.js..network.proxy.ssl_port: 800 FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.bigseekpro.com/search/toolbar/hypercam/{88ED4A72-8717-53BE-8E7E-30BA070DAF61}?q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Admin\Program Files (x86)\DNA\plugins\npbtdna.dll File not found FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Admin\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\components [2011.09.11 12:55:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Admin\Program Files (x86)\DNA [2011.03.19 13:47:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2011.08.09 18:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions [2011.08.09 18:20:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.19 13:43:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.09.10 17:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions [2011.08.09 18:20:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.09.10 17:38:44 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions\battlefieldplay4free@ea.com [2011.04.30 09:45:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.04.30 09:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2011.09.06 12:30:22 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2010.06.09 21:52:18 | 000,002,224 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\webblog.xml O1 HOSTS File: ([2011.09.11 18:45:13 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files (x86)\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.64.2.cab (Battlefield Play4Free Updater) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.116 192.168.123.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD5AE1E4-714D-4E03-920D-ABE9EE787A4C}: DhcpNameServer = 195.50.140.116 192.168.123.254 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) MsConfig:64bit - StartUpFolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe - (Leader Technologies/Logitech) MsConfig:64bit - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) MsConfig:64bit - StartUpReg: AshSnap - hkey= - key= - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 4\ashsnap.exe (ashampoo GmbH & Co. KG) MsConfig:64bit - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) MsConfig:64bit - StartUpReg: PlusService - hkey= - key= - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) MsConfig:64bit - StartUpReg: RocketDock - hkey= - key= - C:\Program Files (x86)\RocketDock\RocketDock.exe () MsConfig:64bit - StartUpReg: snpstd3 - hkey= - key= - C:\Windows\vsnpstd3.exe () MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) MsConfig:64bit - StartUpReg: XboxStat - hkey= - key= - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) MsConfig:64bit - State: "bootini" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation) Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.09.11 18:44:22 | 000,000,000 | ---D | C] -- C:\_OTL [2011.09.11 17:54:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{46227295-8F4C-4B3C-AE43-554F925A200D} [2011.09.11 17:53:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{51861B51-93B3-4723-8769-8DA784622C2A} [2011.09.11 15:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reader 10.0 [2011.09.11 15:29:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Utilities - CS5 [2011.09.11 15:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Photoshop CS5 [2011.09.11 15:28:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Help [2011.09.11 15:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Extension Manager CS5 [2011.09.11 15:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Device Central CS5 [2011.09.11 15:27:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Bridge CS5 [2011.09.11 12:55:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{849A75FF-FA5A-4ADD-AC24-5467763406AC} [2011.09.10 11:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2011.09.10 11:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2011.09.10 11:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2011.09.10 10:54:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Activision [2011.09.10 10:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Black Ops [2011.09.10 10:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Call of Duty Black Ops [2011.09.10 10:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes [2011.09.10 10:18:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\War Maps [2011.09.09 20:47:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.09.09 20:17:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2F296230-4C89-410F-AB92-C7EE145C52EF} [2011.09.09 20:16:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{ECAA6DBF-DEF9-4236-8121-27CD5161B41E} [2011.09.08 21:22:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2011.09.08 21:22:17 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.09.08 21:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.09.08 21:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.09.08 21:22:14 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.09.08 21:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.09.08 15:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2011.09.08 15:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2011.09.08 15:05:46 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2011.09.08 13:05:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{172BF5AA-5ADB-47A8-8261-9440F4413DE3} [2011.09.07 14:13:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E82D38B0-A1C6-4FC1-A459-795D3DAF58FF} [2011.09.07 14:13:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{83C7A11A-8EAA-41B2-8B7C-75C320DE0FFE} [2011.09.06 22:10:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\FixItCenter [2011.09.06 22:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center [2011.09.06 22:04:54 | 000,000,000 | ---D | C] -- C:\Windows\MATS [2011.09.06 12:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.09.06 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2011.09.06 12:06:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{14746336-DACA-441B-8C0E-5F1049B11284} [2011.09.06 12:06:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3D70A804-54FC-47ED-8AA6-A1698C4069A3} [2011.09.05 21:24:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C44B8BA1-1FB9-4E88-B8B9-A8725D62618A} [2011.09.05 21:24:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{11A1E4A7-F635-462E-B944-BA3598A6256B} [2011.09.04 23:33:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7F2AA41F-D387-4510-81B4-DA6DC9273BDF} [2011.09.04 23:32:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{55FCB4AB-E781-46E0-BE1E-30D2B9B41F40} [2011.09.04 13:01:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7B98AC6C-99FB-4F8A-8E14-C951129E7C6A} [2011.09.03 11:32:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B1565BF-26B0-4CCC-86C8-654F2B6F89F0} [2011.09.03 11:32:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{329CA473-720C-438B-8C4F-26E89AAC7666} [2011.09.02 17:44:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A47BB6AD-5FB2-4A4A-8865-EF2E815AF228} [2011.09.02 17:44:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{ADD2BD61-D7C0-4E5B-A1EB-0C68931E9DF9} [2011.09.02 00:28:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Heroglyph [2011.09.02 00:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft [2011.09.02 00:24:06 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll [2011.09.02 00:24:05 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax [2011.09.02 00:24:05 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll [2011.09.02 00:24:05 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax [2011.09.02 00:24:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax [2011.09.02 00:24:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax [2011.09.02 00:24:05 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax [2011.09.02 00:24:05 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll [2011.09.02 00:24:03 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax [2011.09.02 00:24:02 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax [2011.09.02 00:24:00 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax [2011.09.02 00:24:00 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax [2011.09.02 00:14:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AIM [2011.09.01 23:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USM [2011.09.01 23:50:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USM [2011.09.01 15:53:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4F10A6E8-1485-429F-9EB4-A39AE6D317AB} [2011.09.01 15:53:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FA1A7ED0-77A0-46BF-9E14-D47E02DA70E9} [2011.08.31 21:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualCloneDrive [2011.08.31 20:59:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011 [2011.08.31 20:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011 [2011.08.31 13:51:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Rockstar Games [2011.08.31 10:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011 old [2011.08.30 17:25:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011.08.30 17:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011.08.30 17:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2011.08.30 17:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011.08.30 13:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Raxco [2011.08.30 13:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco [2011.08.30 13:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raxco [2011.08.30 13:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MARKEMENT [2011.08.30 13:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MARKEMENT [2011.08.30 13:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetObjects [2011.08.30 13:44:50 | 001,056,768 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\ROBOEX32.DLL [2011.08.30 13:44:50 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\INETWH32.DLL [2011.08.30 13:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetObjects [2011.08.30 13:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD [2011.08.30 13:38:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\proDAD [2011.08.30 13:38:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\proDAD [2011.08.30 13:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\proDAD [2011.08.30 13:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo [2011.08.30 13:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo [2011.08.30 13:28:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts-Simulator 2009 [2011.08.30 12:37:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F55E9736-313E-40C0-BC6B-9CA6FEC825C5} [2011.08.30 12:36:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{48EA303D-918E-4C32-9033-29E2CE6B0935} [2011.08.30 00:36:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5116F0B2-6235-42F0-8612-748BF908F93C} [2011.08.30 00:35:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BB40D063-E0F3-4038-BF3C-988F8C849EAD} [2011.08.29 12:35:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{771406CF-9BEC-4961-BDB3-61A447D15B75} [2011.08.29 12:34:53 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{633392F9-FDBA-4A38-9DA2-EF6118DA163B} [2011.08.28 18:33:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{09F21C33-BB39-4DE5-890D-A98BDADDD95E} [2011.08.28 18:33:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F48C2731-4273-4342-B2CB-ED61E27BB434} [2011.08.26 10:33:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C3D444AD-8C01-4557-BE90-97C9C5EB2900} [2011.08.26 10:32:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0A10A479-5E02-46D9-BAFD-A177AA364A35} [2011.08.25 19:40:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E4670A46-F6FA-4BF6-9C9F-E03427DF4168} [2011.08.25 19:40:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{EB8EAEFB-170C-4A3B-B6EA-529F9EF42D85} [2011.08.22 22:52:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0E59175E-0A07-4F91-813F-B358A25E5905} [2011.08.22 22:52:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4BA577DF-DAF8-43EA-A31D-34DF89156365} [2011.08.21 22:51:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{49836AC0-1733-453D-90FA-E4AAAEC597EA} [2011.08.21 22:51:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{463FE74F-D03C-42E3-B9FE-C9F149AAB57C} [2011.08.21 16:17:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2011.08.21 16:16:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Games for Windows - LIVE Demos [2011.08.21 16:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2011.08.21 15:16:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5BE79326-6376-4A8B-AE21-72EE39B8FA36} [2011.08.21 01:02:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2011.08.21 01:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2011.08.20 12:56:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{890DE418-921E-4EF1-9AC2-5549BD8D5FAF} [2011.08.20 12:55:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FFEDC646-63BD-4E05-B3FA-5522DCCCB0A0} [2011.08.19 15:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2011.08.19 15:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys [2011.08.19 15:26:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{72679341-0CEA-47D4-B1B3-6769388E5075} [2011.08.19 15:26:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{26A52CF0-5935-4284-826F-19B20352A8B1} [2011.08.18 23:21:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B8B0B62-B541-431E-A5F3-51E27F806EC6} [2011.08.18 23:21:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{316F0DD2-A4B8-48DF-9366-39567B99DACA} [2011.08.18 11:20:42 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D63FFDBA-1FF1-4491-BC70-12209157C7BC} [2011.08.18 11:20:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6DCA4F1B-1C23-422D-833D-7AF449267013} [2011.08.17 20:01:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3AF3FFA1-182D-476F-87DA-FFEEDAD68456} [2011.08.17 20:01:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{822BC328-35D5-4D8C-B66A-B31F2163182E} [2011.08.17 16:54:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F7D3B46A-CF2E-46AD-ADB4-CE0435A6EEB3} [2011.08.17 15:06:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\LogiShrd [2011.08.17 00:31:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1512B213-5DB2-4AD4-A508-0BCEF0A47D99} [2011.08.17 00:31:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4DA65401-F87A-477D-94CC-650F4E4449E8} [2011.08.16 12:30:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E278CF71-0AF9-4D6B-BBBC-E28E2D66CB0B} [2011.08.16 12:30:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{77AA5B2D-3263-4AEE-9868-65DB7DFF7F8E} [2011.08.15 20:33:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Leadertech [2011.08.15 20:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd [2011.08.15 20:32:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd [2011.08.15 20:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SetPointG [2011.08.15 20:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SetPointP [2011.08.15 20:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd [2011.08.15 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logitech [2011.08.15 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logishrd [2011.08.15 13:54:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{95699DE0-1CB8-4A02-A770-8C798A5DEED6} [2011.08.15 13:53:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6ADFB87B-7BC9-471A-B118-C5F4EE421A98} [2011.08.14 22:15:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3C5D5897-4164-4D28-B1AA-8C4A61A342E8} [2011.08.14 22:15:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0319BB12-57BC-471F-A2A6-66C6A72CB9B4} [2011.08.14 01:06:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{872383BC-F599-4C23-8E36-E563ADC1FBCD} [2011.08.14 01:06:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{8E11992A-9555-4A10-BFC7-1E2817AFFF13} [2011.08.13 13:05:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4A96BF3F-4886-40DD-A397-45C796CFD460} [2011.08.13 13:05:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4C91BF1E-0B0F-47BB-AE11-B491C576907E} [2011.08.12 22:00:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{44D524A1-7A06-4157-91A6-1A2B0D615DB9} [2010.04.29 19:06:43 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll [2010.04.29 19:06:43 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll [2010.04.29 19:06:43 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll ========== Files - Modified Within 30 Days ========== [2011.09.11 18:55:12 | 000,020,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.11 18:55:12 | 000,020,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.11 18:46:25 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.09.11 18:46:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.11 18:45:58 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2011.09.11 18:45:13 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2011.09.11 18:06:00 | 001,216,443 | ---- | M] () -- C:\Users\Admin\Desktop\TBR.rar [2011.09.11 17:46:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.09.11 15:32:53 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2011.09.11 12:58:26 | 000,403,663 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2011.09.11 12:58:26 | 000,032,592 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2011.09.10 17:46:10 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.09.10 17:46:10 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.09.10 10:51:23 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty Black Ops.lnk [2011.09.10 10:44:54 | 000,001,210 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk [2011.09.10 10:17:26 | 000,000,797 | ---- | M] () -- C:\Users\Admin\Desktop\Flatout2.lnk [2011.09.08 15:05:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2011.09.08 15:04:39 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe [2011.09.06 21:58:30 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.09.06 21:58:30 | 000,655,802 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.09.06 21:58:30 | 000,616,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.09.06 21:58:30 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.09.06 21:58:30 | 000,106,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.09.06 17:32:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf [2011.08.30 20:44:54 | 396,636,636 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.08.30 17:27:15 | 000,002,020 | ---- | M] () -- C:\Users\Admin\Desktop\Catalyst Control Center.lnk [2011.08.21 01:01:24 | 000,002,156 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk [2011.08.17 12:58:45 | 000,001,448 | ---- | M] () -- C:\Users\Admin\Desktop\Command Prompt.lnk [2011.08.15 22:08:24 | 000,059,256 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2011.08.15 14:05:45 | 000,110,968 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys [2011.08.15 14:05:45 | 000,050,552 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2011.08.15 14:05:44 | 000,065,912 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys [2011.08.13 21:33:01 | 000,002,103 | ---- | M] () -- C:\Users\Admin\Desktop\Logitech G-series Key Profiler.lnk ========== Files Created - No Company Name ========== [2011.09.11 18:06:46 | 001,216,443 | ---- | C] () -- C:\Users\Admin\Desktop\TBR.rar [2011.09.11 15:32:53 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2011.09.10 10:51:23 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty Black Ops.lnk [2011.09.10 10:44:54 | 000,001,210 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk [2011.09.10 10:17:26 | 000,000,797 | ---- | C] () -- C:\Users\Admin\Desktop\Flatout2.lnk [2011.09.08 15:04:38 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe [2011.09.06 22:04:56 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Fix it Center.lnk [2011.09.06 17:32:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf [2011.09.02 00:24:05 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax [2011.09.02 00:24:05 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2011.09.02 00:24:05 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax [2011.09.02 00:24:04 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax [2011.09.02 00:24:03 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax [2011.09.02 00:24:02 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax [2011.09.02 00:24:01 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax [2011.09.02 00:24:00 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax [2011.09.02 00:24:00 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax [2011.09.02 00:24:00 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax [2011.09.02 00:14:33 | 000,000,696 | ---- | C] () -- C:\Windows\SysWow64\jetodbc.rsp [2011.08.30 20:44:54 | 396,636,636 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.08.30 17:27:15 | 000,002,020 | ---- | C] () -- C:\Users\Admin\Desktop\Catalyst Control Center.lnk [2011.08.30 13:49:07 | 000,002,781 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerfectDisk 11.lnk [2011.08.30 13:44:50 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll [2011.08.21 01:01:24 | 000,002,156 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk [2011.08.13 21:33:01 | 000,002,103 | ---- | C] () -- C:\Users\Admin\Desktop\Logitech G-series Key Profiler.lnk [2011.08.13 20:43:32 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.08.11 22:29:15 | 002,484,592 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_p4f.exe [2011.07.17 23:54:02 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.06.30 15:52:19 | 000,403,663 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2011.06.29 19:32:19 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.06.09 13:52:22 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{E40E4B56-8C05-487F-A732-9A2EC3768E9C} [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.02.11 19:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2011.02.11 19:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2011.02.11 19:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2011.01.28 21:19:44 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2010.12.12 14:43:42 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.11.29 21:35:57 | 000,000,008 | -HS- | C] () -- C:\ProgramData\CCDD932493.sys [2010.11.29 21:35:56 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.09.25 18:53:24 | 000,013,312 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.18 16:21:13 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.05.07 16:31:06 | 000,196,096 | ---- | C] () -- C:\Windows\SysWow64\nY.exe [2010.04.29 19:06:44 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2010.04.29 19:06:44 | 000,356,352 | ---- | C] () -- C:\Windows\tsnpstd3.exe [2010.04.29 19:06:44 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe [2010.04.29 19:06:44 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2010.04.22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileOut.cns [2010.04.22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileIn.cns [2010.03.17 19:29:35 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE [2010.02.19 21:18:20 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2010.02.19 21:18:20 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2010.02.19 21:18:20 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2010.02.14 20:52:39 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll [2010.01.02 17:37:17 | 000,001,015 | ---- | C] () -- C:\Windows\disney.ini [2009.12.22 22:21:05 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2009.12.04 01:19:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2007.04.27 11:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2006.11.02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI [2005.01.25 15:15:42 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\PA207USD.DLL ========== LOP Check ========== [2009.12.22 22:24:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Atari [2011.04.03 16:23:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bioshock [2010.09.03 19:48:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\bizarre creations [2010.02.06 00:59:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Blender Foundation [2010.02.21 14:02:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\concept design [2010.04.14 19:47:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Cuttermaran [2010.12.06 14:28:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite [2011.04.30 10:54:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Pro [2010.01.02 17:50:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Disney Interactive Studios [2010.02.28 12:25:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DNA [2011.08.22 01:44:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft [2011.08.09 18:20:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.15 20:11:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Engelmann Media [2009.12.30 17:12:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FarmingSimulator2008 [2010.05.08 12:02:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0 [2011.04.29 18:54:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ImTOO [2011.08.15 20:33:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech [2010.12.20 16:20:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAGIX [2010.02.21 13:53:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NCH Swift Sound [2010.11.02 17:36:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Need for Speed World [2011.09.11 19:01:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NetSpeedMonitor [2010.02.28 12:25:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++ [2010.07.11 13:52:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Panasonic [2011.09.06 21:35:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\proDAD [2010.09.26 09:24:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProtectDisc [2011.09.02 14:01:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony [2010.11.06 22:26:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer [2011.09.02 18:15:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client [2010.12.19 15:35:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software [2010.11.06 21:39:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft [2011.09.06 19:52:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent [2011.01.07 18:43:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\wbtooltb [2010.12.29 13:07:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer [2011.09.08 23:37:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinPump [2011.08.30 20:38:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.09.11 15:26:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe [2009.12.22 22:24:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Atari [2009.12.04 01:19:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ATI [2011.04.03 16:23:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bioshock [2010.09.03 19:48:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\bizarre creations [2010.02.06 00:59:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Blender Foundation [2010.02.21 14:02:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\concept design [2010.04.14 19:47:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Cuttermaran [2010.04.14 20:11:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CyberLink [2010.12.06 14:28:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite [2011.04.30 10:54:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Pro [2010.01.02 17:50:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Disney Interactive Studios [2010.02.28 12:25:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DNA [2011.08.22 01:44:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft [2011.08.09 18:20:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.15 20:11:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Engelmann Media [2009.12.30 17:12:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FarmingSimulator2008 [2009.12.26 17:13:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Google [2010.05.08 12:02:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0 [2009.12.04 01:13:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities [2011.04.29 18:54:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ImTOO [2010.01.02 17:36:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\InstallShield [2009.12.15 13:19:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Jasc Software Inc [2011.08.15 20:33:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech [2011.08.15 20:31:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Logishrd [2011.08.15 20:34:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Logitech [2009.12.23 20:56:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia [2010.12.20 16:20:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAGIX [2011.09.08 21:22:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs [2011.02.08 22:24:24 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft [2011.03.19 13:47:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla [2010.02.21 13:54:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NCH Software [2010.02.21 13:53:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NCH Swift Sound [2010.11.02 17:36:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Need for Speed World [2010.12.20 15:47:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nero [2011.09.11 19:01:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NetSpeedMonitor [2010.02.28 12:25:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++ [2010.07.11 13:52:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Panasonic [2011.09.06 21:35:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\proDAD [2010.09.26 09:24:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProtectDisc [2011.03.23 13:24:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Real [2011.02.17 19:18:16 | 000,000,000 | RH-D | M] -- C:\Users\Admin\AppData\Roaming\SecuROM [2011.09.06 01:38:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Skype [2011.09.06 00:07:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\skypePM [2011.09.02 14:01:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony [2010.10.29 22:15:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\teamspeak2 [2010.11.06 22:26:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer [2011.09.02 18:15:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client [2010.12.19 15:35:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software [2010.11.06 21:39:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft [2011.09.06 19:52:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent [2011.01.07 18:43:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\wbtooltb [2010.12.29 13:07:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer [2011.09.08 23:37:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinPump [2009.12.23 23:39:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.09.04 10:25:19 | 010,274,313 | ---- | M] (Igor Pavlov) -- C:\Users\Admin\AppData\Roaming\bizarre creations\blur\BizUpdaterPack.exe [2011.09.02 00:20:36 | 034,614,074 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\ImTOO\Video Converter Ultimate 6\video-converter-ultimate6.exe [2011.08.15 20:33:38 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2011.02.17 19:15:57 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe [2010.12.06 14:38:26 | 000,010,134 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2011.08.11 18:15:48 | 001,005,512 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o4751zle.default\extensions\battlefieldplay4free@ea.com\plugins\BP4FUpdater.exe [2009.07.22 17:28:36 | 000,477,976 | ---- | M] (Protect GmbH) -- C:\Users\Admin\AppData\Roaming\ProtectDisc\License Helper v2\PDLicenseHelperBroker.exe [2010.09.26 09:24:03 | 000,059,043 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\ProtectDisc\License Helper v2\uninst.exe [2010.06.18 21:24:16 | 000,414,168 | ---- | M] (Visicom Media Inc.) -- C:\Users\Admin\AppData\Roaming\wbtooltb\wbbtool1_0dn.exe [2011.04.30 01:23:34 | 000,731,472 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\WinPump\extensions.exe [2011.04.30 09:44:57 | 000,032,449 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\WinPump\uninstall.exe [2011.05.14 17:20:24 | 000,000,000 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\WinPump\WinPump.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2009.01.29 19:12:50 | 000,032,768 | ---- | M] (Panasonic Corporation) MD5=86C7D345A9D6DA814DBA6F785FE49908 -- C:\Program Files (x86)\Panasonic\HD Writer AE 1\EventLog.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
11.09.2011, 18:21
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Keine Rückmeldung Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.09.2011, 18:31
| #30 |
| | Keine Rückmeldung da progi hat nichts gefunden |
|
| Themen zu Keine Rückmeldung |
| adobe, antivirus, bankguard, bho, browser, converter, dateisystem, desktop, explorer, file, firefox, firewall, google, hijack, hijackthis, hängt, internet, internet explorer, keine rückmeldung, mozilla, mp3, plug-in, problem, security, senden, softonic, softonic deutsch toolbar, software, spielen, system, windows, write |
Textbox.
.
Linear-Darstellung
