Keine Rückmeldung

fondorking · 08.09.2011, 12:17

Hallo alle zusammen
ich habe ein kleines Problem, undzwar hängt sich mein PC in letzter zeit gerne mal so für ca 5sek auf und bei allen geöffneten Fenstern (außer spielen) kommt ziemlich oft die meldung "keine rückmeldung".
Nach und nach kommen immer mehr von solchen kleinen Problemen und ich würde gerne mal wissen was da mit meinem PC los ist.
Vielleicht bring euch ja ein HijackThis File etwas:

ZWISCHENDURCH KAM BEI HijackThis DIE MELDUNG: For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:12:25, on 08.09.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe
C:\Users\Admin\Desktop\Alles Mögliche\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/hypercam/{30556029-374E-4F2E-890B-121038B58BE0}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.88.251:800
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AvkWebIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G Data BankGuard - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AvkWebIE.dll
O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.64.2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
O23 - Service: G Data Dateisystem Wächter (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Eyeline Video System (EyelineService) - Unknown owner - C:\Program Files (x86)\NCH Software\Eyeline\eyeline.exe (file missing)
O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Sicherheitskonto-Manager (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8918 bytes

cosinus · 08.09.2011, 13:51

Zitat:

Vielleicht bring euch ja ein HijackThis File etwas:

Bitte beachten

=> http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html

fondorking · 08.09.2011, 14:39

Oh, sry, das wusste ich nicht.

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 08.09.2011 15:11:01 - Run 1
OTL by OldTimer - Version 3.2.27.0     Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,80 Gb Available Physical Memory | 69,95% Memory free
8,00 Gb Paging File | 6,63 Gb Available in Paging File | 82,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397,17 Gb Total Space | 1014,22 Gb Free Space | 72,59% Space Free | Partition Type: NTFS
 
Computer Name: ENERMAX | User Name: Cedric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.08 15:05:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2011.08.11 22:29:16 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.08.10 17:02:45 | 001,505,800 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2011.05.20 14:50:48 | 000,368,136 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2011.05.20 14:50:36 | 001,540,616 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2011.05.11 12:18:59 | 000,923,144 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2011.03.04 20:56:12 | 000,381,448 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.08.10 15:23:36 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2011.07.28 23:35:34 | 000,204,288 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.06.13 22:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV:64bit: - [2011.01.05 07:03:30 | 002,610,952 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV:64bit: - [2011.01.05 07:03:20 | 002,266,376 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2011.08.11 22:29:16 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.08.10 17:02:45 | 001,505,800 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2011.08.10 15:31:08 | 002,027,840 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.08.10 15:23:30 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.08.10 14:21:10 | 001,556,816 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2011.06.17 09:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.05.26 03:11:13 | 001,929,104 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe -- (AVKWCtl)
SRV - [2011.05.20 14:50:48 | 000,368,136 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2011.03.04 20:56:12 | 000,381,448 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.11 13:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.11.12 19:08:00 | 003,403,420 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)
SRV - [2000.01.01 00:00:00 | 000,271,360 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\DTProTS\DTProTS.exe -- (DTProTS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.08.15 22:08:24 | 000,059,256 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2011.08.15 14:05:45 | 000,110,968 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2011.08.15 14:05:45 | 000,050,552 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2011.08.15 14:05:44 | 000,065,912 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.07.28 22:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.07.02 14:47:10 | 000,106,488 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2011.06.29 13:23:20 | 000,051,576 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2011.06.29 13:23:11 | 000,031,448 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.06.07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.04.30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.04.30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.08.11 08:10:06 | 000,138,256 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.12.06 12:24:22 | 000,224,920 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV:64bit: - [2009.11.23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.09.30 16:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.23 10:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.10 12:14:36 | 000,043,264 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2009.06.10 12:14:36 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2009.02.03 17:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV:64bit: - [2007.05.01 16:48:56 | 000,171,144 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiH5F0D.sys -- (SaiH5F0D)
DRV:64bit: - [2007.05.01 16:48:56 | 000,034,304 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiU5F0D.sys -- (SaiU5F0D)
DRV:64bit: - [2007.02.08 19:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV:64bit: - [2007.01.26 10:04:36 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\whfltr2k.sys -- (whfltr2k)
DRV:64bit: - [2006.12.05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV:64bit: - [2006.11.10 15:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV:64bit: - [2006.08.25 14:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV:64bit: - [2006.07.10 18:21:22 | 000,022,936 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV:64bit: - [2006.06.14 16:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2011.06.25 15:08:55 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD)
DRV - [2010.12.18 14:50:08 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2010.11.29 20:27:40 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.02 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/hypercam/{30556029-374E-4F2E-890B-121038B58BE0}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.88.251:800
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.6
FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.0
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q="
FF - prefs.js..network.proxy.ftp: "192.168.88.251"
FF - prefs.js..network.proxy.ftp_port: 800
FF - prefs.js..network.proxy.gopher: "192.168.88.251"
FF - prefs.js..network.proxy.gopher_port: 800
FF - prefs.js..network.proxy.http: "192.168.88.251"
FF - prefs.js..network.proxy.http_port: 800
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.88.251"
FF - prefs.js..network.proxy.socks_port: 800
FF - prefs.js..network.proxy.ssl: "192.168.88.251"
FF - prefs.js..network.proxy.ssl_port: 800
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.bigseekpro.com/search/toolbar/hypercam/{88ED4A72-8717-53BE-8E7E-30BA070DAF61}?q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Admin\Program Files (x86)\DNA\plugins\npbtdna.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Admin\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\components [2011.08.27 10:37:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Admin\Program Files (x86)\DNA
 
[2011.03.19 13:47:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2011.08.09 18:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions
[2011.08.09 18:20:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.19 13:43:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.09.08 15:09:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions
[2011.08.09 18:20:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.23 10:58:39 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions\battlefieldplay4free@ea.com
[2011.04.30 09:45:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.04.30 09:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2011.09.06 12:30:22 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2010.06.09 21:52:18 | 000,002,224 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\webblog.xml
 
O1 HOSTS File: ([2000.01.01 00:00:00 | 000,000,794 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 secure.disc-soft.com 
O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIEx64.dll (G Data Software AG)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIEx64.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files (x86)\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.64.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.116 192.168.123.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD5AE1E4-714D-4E03-920D-ABE9EE787A4C}: DhcpNameServer = 195.50.140.116 192.168.123.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell - "" = AutoRun
O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\AutoRun\command - "" = V:\SETUP.EXE
O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\configure\command - "" = V:\SETUP.EXE
O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\install\command - "" = V:\SETUP.EXE
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\cdstart.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\cdstart.exe
O34 - HKLM BootExecute: (PDBoot.exe) -  File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.08 15:05:46 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2011.09.08 13:05:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{172BF5AA-5ADB-47A8-8261-9440F4413DE3}
[2011.09.07 14:13:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E82D38B0-A1C6-4FC1-A459-795D3DAF58FF}
[2011.09.07 14:13:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{83C7A11A-8EAA-41B2-8B7C-75C320DE0FFE}
[2011.09.06 22:10:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\FixItCenter
[2011.09.06 22:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2011.09.06 22:04:54 | 000,000,000 | ---D | C] -- C:\Windows\MATS
[2011.09.06 21:35:19 | 000,771,016 | ---- | C] (proDAD GmbH) -- C:\uninstall.exe
[2011.09.06 12:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.09.06 12:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\facemoods.com
[2011.09.06 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2011.09.06 12:06:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{14746336-DACA-441B-8C0E-5F1049B11284}
[2011.09.06 12:06:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3D70A804-54FC-47ED-8AA6-A1698C4069A3}
[2011.09.05 21:24:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C44B8BA1-1FB9-4E88-B8B9-A8725D62618A}
[2011.09.05 21:24:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{11A1E4A7-F635-462E-B944-BA3598A6256B}
[2011.09.04 23:33:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7F2AA41F-D387-4510-81B4-DA6DC9273BDF}
[2011.09.04 23:32:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{55FCB4AB-E781-46E0-BE1E-30D2B9B41F40}
[2011.09.04 13:01:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7B98AC6C-99FB-4F8A-8E14-C951129E7C6A}
[2011.09.03 11:32:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B1565BF-26B0-4CCC-86C8-654F2B6F89F0}
[2011.09.03 11:32:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{329CA473-720C-438B-8C4F-26E89AAC7666}
[2011.09.02 17:44:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A47BB6AD-5FB2-4A4A-8865-EF2E815AF228}
[2011.09.02 17:44:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{ADD2BD61-D7C0-4E5B-A1EB-0C68931E9DF9}
[2011.09.02 00:28:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Heroglyph
[2011.09.02 00:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
[2011.09.02 00:24:06 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2011.09.02 00:24:05 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2011.09.02 00:24:05 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2011.09.02 00:24:05 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2011.09.02 00:24:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2011.09.02 00:24:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2011.09.02 00:24:05 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2011.09.02 00:24:05 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2011.09.02 00:24:03 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2011.09.02 00:24:02 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax
[2011.09.02 00:24:00 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2011.09.02 00:24:00 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2011.09.02 00:14:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AIM
[2011.09.01 23:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USM
[2011.09.01 23:50:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USM
[2011.09.01 15:53:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4F10A6E8-1485-429F-9EB4-A39AE6D317AB}
[2011.09.01 15:53:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FA1A7ED0-77A0-46BF-9E14-D47E02DA70E9}
[2011.08.31 21:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualCloneDrive
[2011.08.31 20:59:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011
[2011.08.31 20:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011
[2011.08.31 13:51:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Rockstar Games
[2011.08.31 10:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011 old
[2011.08.30 17:25:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.08.30 17:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.08.30 17:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011.08.30 17:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.08.30 13:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Raxco
[2011.08.30 13:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco
[2011.08.30 13:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raxco
[2011.08.30 13:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MARKEMENT
[2011.08.30 13:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MARKEMENT
[2011.08.30 13:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetObjects
[2011.08.30 13:44:50 | 001,056,768 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\ROBOEX32.DLL
[2011.08.30 13:44:50 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\INETWH32.DLL
[2011.08.30 13:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetObjects
[2011.08.30 13:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD
[2011.08.30 13:38:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\proDAD
[2011.08.30 13:38:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\proDAD
[2011.08.30 13:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\proDAD
[2011.08.30 13:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2011.08.30 13:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2011.08.30 13:28:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts-Simulator 2009
[2011.08.30 12:37:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F55E9736-313E-40C0-BC6B-9CA6FEC825C5}
[2011.08.30 12:36:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{48EA303D-918E-4C32-9033-29E2CE6B0935}
[2011.08.30 00:36:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5116F0B2-6235-42F0-8612-748BF908F93C}
[2011.08.30 00:35:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BB40D063-E0F3-4038-BF3C-988F8C849EAD}
[2011.08.29 12:35:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{771406CF-9BEC-4961-BDB3-61A447D15B75}
[2011.08.29 12:34:53 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{633392F9-FDBA-4A38-9DA2-EF6118DA163B}
[2011.08.28 18:33:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{09F21C33-BB39-4DE5-890D-A98BDADDD95E}
[2011.08.28 18:33:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F48C2731-4273-4342-B2CB-ED61E27BB434}
[2011.08.26 10:33:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C3D444AD-8C01-4557-BE90-97C9C5EB2900}
[2011.08.26 10:32:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0A10A479-5E02-46D9-BAFD-A177AA364A35}
[2011.08.25 19:40:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E4670A46-F6FA-4BF6-9C9F-E03427DF4168}
[2011.08.25 19:40:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{EB8EAEFB-170C-4A3B-B6EA-529F9EF42D85}
[2011.08.22 22:52:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0E59175E-0A07-4F91-813F-B358A25E5905}
[2011.08.22 22:52:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4BA577DF-DAF8-43EA-A31D-34DF89156365}
[2011.08.21 22:51:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{49836AC0-1733-453D-90FA-E4AAAEC597EA}
[2011.08.21 22:51:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{463FE74F-D03C-42E3-B9FE-C9F149AAB57C}
[2011.08.21 16:17:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2011.08.21 16:16:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Games for Windows - LIVE Demos
[2011.08.21 16:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011.08.21 15:16:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5BE79326-6376-4A8B-AE21-72EE39B8FA36}
[2011.08.21 01:02:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011.08.21 01:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011.08.20 12:56:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{890DE418-921E-4EF1-9AC2-5549BD8D5FAF}
[2011.08.20 12:55:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FFEDC646-63BD-4E05-B3FA-5522DCCCB0A0}
[2011.08.19 15:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2011.08.19 15:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2011.08.19 15:26:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{72679341-0CEA-47D4-B1B3-6769388E5075}
[2011.08.19 15:26:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{26A52CF0-5935-4284-826F-19B20352A8B1}
[2011.08.18 23:21:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B8B0B62-B541-431E-A5F3-51E27F806EC6}
[2011.08.18 23:21:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{316F0DD2-A4B8-48DF-9366-39567B99DACA}
[2011.08.18 11:20:42 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D63FFDBA-1FF1-4491-BC70-12209157C7BC}
[2011.08.18 11:20:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6DCA4F1B-1C23-422D-833D-7AF449267013}
[2011.08.17 20:01:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3AF3FFA1-182D-476F-87DA-FFEEDAD68456}
[2011.08.17 20:01:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{822BC328-35D5-4D8C-B66A-B31F2163182E}
[2011.08.17 16:54:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F7D3B46A-CF2E-46AD-ADB4-CE0435A6EEB3}
[2011.08.17 15:06:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\LogiShrd
[2011.08.17 00:31:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1512B213-5DB2-4AD4-A508-0BCEF0A47D99}
[2011.08.17 00:31:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4DA65401-F87A-477D-94CC-650F4E4449E8}
[2011.08.16 12:30:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E278CF71-0AF9-4D6B-BBBC-E28E2D66CB0B}
[2011.08.16 12:30:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{77AA5B2D-3263-4AEE-9868-65DB7DFF7F8E}
[2011.08.15 20:33:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Leadertech
[2011.08.15 20:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2011.08.15 20:32:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2011.08.15 20:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SetPointG
[2011.08.15 20:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SetPointP
[2011.08.15 20:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2011.08.15 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logitech
[2011.08.15 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logishrd
[2011.08.15 13:54:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{95699DE0-1CB8-4A02-A770-8C798A5DEED6}
[2011.08.15 13:53:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6ADFB87B-7BC9-471A-B118-C5F4EE421A98}
[2011.08.14 22:15:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3C5D5897-4164-4D28-B1AA-8C4A61A342E8}
[2011.08.14 22:15:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0319BB12-57BC-471F-A2A6-66C6A72CB9B4}
[2011.08.14 01:06:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{872383BC-F599-4C23-8E36-E563ADC1FBCD}
[2011.08.14 01:06:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{8E11992A-9555-4A10-BFC7-1E2817AFFF13}
[2011.08.13 13:05:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4A96BF3F-4886-40DD-A397-45C796CFD460}
[2011.08.13 13:05:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4C91BF1E-0B0F-47BB-AE11-B491C576907E}
[2011.08.12 22:00:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{44D524A1-7A06-4157-91A6-1A2B0D615DB9}
[2011.08.12 01:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011.08.12 01:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2011.08.11 18:20:35 | 000,107,008 | ---- | C] (uc-forum.com) -- C:\Users\Admin\Desktop\BFP4F Loader.exe
[2011.08.11 13:07:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4C3A4B98-3043-4CA9-B866-00DDEA32D31E}
[2011.08.11 13:07:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F65D0D17-2D06-4BA5-801F-2CEFDEB9DE39}
[2011.08.09 18:20:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.09 18:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011.08.09 18:19:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2011.08.09 18:19:34 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\DVDVideoSoft
[2011.08.09 18:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010.04.29 19:06:43 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll
[2010.04.29 19:06:43 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll
[2010.04.29 19:06:43 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.08 15:14:26 | 000,020,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.08 15:14:26 | 000,020,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.08 15:08:46 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.08 15:06:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.08 15:06:56 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.08 15:05:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2011.09.08 15:05:22 | 000,000,198 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2011.09.08 15:04:39 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe
[2011.09.08 14:40:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.08 13:02:49 | 000,401,659 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2011.09.08 13:02:49 | 000,032,535 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2011.09.06 21:58:30 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.09.06 21:58:30 | 000,655,802 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.09.06 21:58:30 | 000,616,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.09.06 21:58:30 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.09.06 21:58:30 | 000,106,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.09.06 17:32:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2011.08.31 21:44:44 | 000,001,740 | ---- | M] () -- C:\Users\Admin\Desktop\Landwirtschafts Simulator 2011.lnk
[2011.08.30 20:44:54 | 396,636,636 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.08.30 17:27:15 | 000,002,020 | ---- | M] () -- C:\Users\Admin\Desktop\Catalyst Control Center.lnk
[2011.08.21 01:01:24 | 000,002,156 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
[2011.08.17 17:51:41 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.08.17 17:51:41 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.08.17 12:58:45 | 000,001,448 | ---- | M] () -- C:\Users\Admin\Desktop\Command Prompt.lnk
[2011.08.15 22:08:24 | 000,059,256 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2011.08.15 14:05:45 | 000,110,968 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2011.08.15 14:05:45 | 000,050,552 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2011.08.15 14:05:44 | 000,065,912 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2011.08.13 21:33:01 | 000,002,103 | ---- | M] () -- C:\Users\Admin\Desktop\Logitech G-series Key Profiler.lnk
[2011.08.11 22:29:16 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.08.10 15:32:14 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011.08.10 15:23:44 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011.08.10 15:23:40 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011.08.10 15:23:36 | 000,036,160 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2011.08.10 15:23:30 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.08 15:05:20 | 000,000,198 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2011.09.08 15:04:38 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe
[2011.09.06 22:04:56 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Fix it Center.lnk
[2011.09.06 17:32:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2011.09.02 00:24:05 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax
[2011.09.02 00:24:05 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.09.02 00:24:05 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2011.09.02 00:24:04 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2011.09.02 00:24:03 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2011.09.02 00:24:02 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2011.09.02 00:24:01 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2011.09.02 00:24:00 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2011.09.02 00:24:00 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2011.09.02 00:24:00 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2011.09.02 00:14:33 | 000,000,696 | ---- | C] () -- C:\Windows\SysWow64\jetodbc.rsp
[2011.08.31 21:44:44 | 000,001,740 | ---- | C] () -- C:\Users\Admin\Desktop\Landwirtschafts Simulator 2011.lnk
[2011.08.30 20:44:54 | 396,636,636 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.08.30 17:27:15 | 000,002,020 | ---- | C] () -- C:\Users\Admin\Desktop\Catalyst Control Center.lnk
[2011.08.30 13:49:07 | 000,002,781 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerfectDisk 11.lnk
[2011.08.30 13:44:50 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll
[2011.08.21 01:01:24 | 000,002,156 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
[2011.08.13 21:33:01 | 000,002,103 | ---- | C] () -- C:\Users\Admin\Desktop\Logitech G-series Key Profiler.lnk
[2011.08.13 20:43:32 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.08.11 22:29:15 | 002,484,592 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_p4f.exe
[2011.07.17 23:54:02 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.06.30 15:52:19 | 000,401,659 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2011.06.29 19:32:19 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.06.09 13:52:22 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{E40E4B56-8C05-487F-A732-9A2EC3768E9C}
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.02.11 19:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011.02.11 19:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011.02.11 19:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2011.01.28 21:19:44 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.12.12 14:43:42 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.11.29 21:35:57 | 000,000,008 | -HS- | C] () -- C:\ProgramData\CCDD932493.sys
[2010.11.29 21:35:56 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.09.25 18:53:24 | 000,013,312 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.15 19:34:41 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\H@tKeysH@@k.DLL
[2010.05.18 16:21:13 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.05.07 16:31:06 | 000,196,096 | ---- | C] () -- C:\Windows\SysWow64\nY.exe
[2010.04.29 19:06:44 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2010.04.29 19:06:44 | 000,356,352 | ---- | C] () -- C:\Windows\tsnpstd3.exe
[2010.04.29 19:06:44 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2010.04.29 19:06:44 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2010.04.22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileOut.cns
[2010.04.22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileIn.cns
[2010.03.17 19:29:35 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE
[2010.02.19 21:18:20 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010.02.19 21:18:20 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2010.02.19 21:18:20 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2010.02.14 20:52:39 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2010.01.02 17:37:17 | 000,001,015 | ---- | C] () -- C:\Windows\disney.ini
[2009.12.22 22:21:05 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009.12.04 01:19:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007.04.27 11:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2006.11.02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI
[2005.01.25 15:15:42 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\PA207USD.DLL
[2003.05.18 18:23:35 | 000,045,056 | ---- | C] () -- C:\Program Files (x86)\fraps.dll
 
========== LOP Check ==========
 
[2009.12.22 22:24:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Atari
[2011.04.30 09:48:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon
[2011.04.03 16:23:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bioshock
[2010.09.03 19:48:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\bizarre creations
[2010.02.06 00:59:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Blender Foundation
[2010.02.21 14:02:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\concept design
[2010.04.14 19:47:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Cuttermaran
[2010.12.06 14:28:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
[2011.04.30 10:54:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Pro
[2010.01.02 17:50:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Disney Interactive Studios
[2010.02.28 12:25:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DNA
[2011.08.22 01:44:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2011.08.09 18:20:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.15 20:11:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Engelmann Media
[2009.12.30 17:12:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FarmingSimulator2008
[2010.05.08 12:02:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0
[2011.04.29 18:54:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ImTOO
[2011.08.15 20:33:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech
[2010.12.20 16:20:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAGIX
[2010.02.21 13:53:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NCH Swift Sound
[2010.11.02 17:36:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Need for Speed World
[2011.09.08 15:20:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NetSpeedMonitor
[2010.02.28 12:25:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++
[2010.07.11 13:52:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Panasonic
[2011.09.06 21:35:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\proDAD
[2010.09.26 09:24:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProtectDisc
[2011.09.02 14:01:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony
[2010.11.06 22:26:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer
[2011.09.02 18:15:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2010.12.19 15:35:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
[2010.11.06 21:39:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft
[2011.09.06 19:52:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2011.01.07 18:43:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\wbtooltb
[2010.12.29 13:07:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer
[2011.04.30 09:45:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinPump
[2011.08.30 20:38:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< defogger_disable by jpshortstuff (23.02.10.1) >
 
< Log created at 15:05 on 08/09/2011 (***) >
Invalid Switch: 2011 (***)

 
<  >
 
< Checking for autostart values... >
 
< HKCU\~\Run values retrieved. >
 
< HKLM\~\Run values retrieved. >
 
< HKCU:DAEMON Tools Pro Agent -> Removed >
 
<  >
 
< Checking for services/drivers... >
Invalid Switch: drivers...

 
< SPTD -> Disabled (Service running -> reboot required) >
 
<  >
 
<  >
 
< -=E.O.F=- >

< End of report >

--- --- ---
Anhang 22138

cosinus · 08.09.2011, 16:05

Log wurde falsch erstellt, du hast den falschen Text in die untere Box bei OTL reinkopiert. Bitte die Anweisung genau lesen und umsetzen.

fondorking · 08.09.2011, 16:42

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 08.09.2011 17:25:12 - Run 2
OTL by OldTimer - Version 3.2.27.0     Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,70% Memory free
8,00 Gb Paging File | 6,52 Gb Available in Paging File | 81,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397,17 Gb Total Space | 1014,20 Gb Free Space | 72,59% Space Free | Partition Type: NTFS
 
Computer Name: ENERMAX | User Name: Cedric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.08 15:05:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2011.08.11 22:29:16 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.08.10 17:02:45 | 001,505,800 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2011.05.20 14:50:48 | 000,368,136 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2011.05.20 14:50:36 | 001,540,616 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2011.05.11 12:18:59 | 000,923,144 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2011.03.28 14:15:10 | 000,380,736 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2011.03.04 20:56:12 | 000,381,448 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.08.10 15:23:36 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2011.07.28 23:35:34 | 000,204,288 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.06.13 22:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV:64bit: - [2011.01.05 07:03:30 | 002,610,952 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV:64bit: - [2011.01.05 07:03:20 | 002,266,376 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2011.08.11 22:29:16 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.08.10 17:02:45 | 001,505,800 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2011.08.10 15:31:08 | 002,027,840 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.08.10 15:23:30 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.08.10 14:21:10 | 001,556,816 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2011.06.17 09:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.05.26 03:11:13 | 001,929,104 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe -- (AVKWCtl)
SRV - [2011.05.20 14:50:48 | 000,368,136 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2011.03.04 20:56:12 | 000,381,448 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.11 13:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.11.12 19:08:00 | 003,403,420 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)
SRV - [2000.01.01 00:00:00 | 000,271,360 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\DTProTS\DTProTS.exe -- (DTProTS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.08.15 22:08:24 | 000,059,256 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2011.08.15 14:05:45 | 000,110,968 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2011.08.15 14:05:45 | 000,050,552 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2011.08.15 14:05:44 | 000,065,912 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.07.28 22:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.07.02 14:47:10 | 000,106,488 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2011.06.29 13:23:20 | 000,051,576 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2011.06.29 13:23:11 | 000,031,448 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.06.07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.04.30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.04.30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.08.11 08:10:06 | 000,138,256 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.12.06 12:24:22 | 000,224,920 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV:64bit: - [2009.11.23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.09.30 16:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.23 10:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.10 12:14:36 | 000,043,264 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2009.06.10 12:14:36 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2009.02.03 17:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV:64bit: - [2007.05.01 16:48:56 | 000,171,144 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiH5F0D.sys -- (SaiH5F0D)
DRV:64bit: - [2007.05.01 16:48:56 | 000,034,304 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiU5F0D.sys -- (SaiU5F0D)
DRV:64bit: - [2007.02.08 19:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV:64bit: - [2007.01.26 10:04:36 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\whfltr2k.sys -- (whfltr2k)
DRV:64bit: - [2006.12.05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV:64bit: - [2006.11.10 15:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV:64bit: - [2006.08.25 14:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV:64bit: - [2006.07.10 18:21:22 | 000,022,936 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV:64bit: - [2006.06.14 16:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2011.06.25 15:08:55 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD)
DRV - [2010.12.18 14:50:08 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2010.11.29 20:27:40 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.02 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/hypercam/{30556029-374E-4F2E-890B-121038B58BE0}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.88.251:800
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.6
FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.0
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q="
FF - prefs.js..network.proxy.ftp: "192.168.88.251"
FF - prefs.js..network.proxy.ftp_port: 800
FF - prefs.js..network.proxy.gopher: "192.168.88.251"
FF - prefs.js..network.proxy.gopher_port: 800
FF - prefs.js..network.proxy.http: "192.168.88.251"
FF - prefs.js..network.proxy.http_port: 800
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.88.251"
FF - prefs.js..network.proxy.socks_port: 800
FF - prefs.js..network.proxy.ssl: "192.168.88.251"
FF - prefs.js..network.proxy.ssl_port: 800
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.bigseekpro.com/search/toolbar/hypercam/{88ED4A72-8717-53BE-8E7E-30BA070DAF61}?q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Admin\Program Files (x86)\DNA\plugins\npbtdna.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Admin\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 16:32:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Admin\Program Files (x86)\DNA
 
[2011.03.19 13:47:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2011.08.09 18:20:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions
[2011.08.09 18:20:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.19 13:43:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\kr7kwnm2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.09.08 15:09:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions
[2011.08.09 18:20:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.23 10:58:39 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\o4751zle.default\extensions\battlefieldplay4free@ea.com
[2011.04.30 09:45:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.04.30 09:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2011.09.06 12:30:22 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2010.06.09 21:52:18 | 000,002,224 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\webblog.xml
 
O1 HOSTS File: ([2000.01.01 00:00:00 | 000,000,794 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 secure.disc-soft.com 
O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIEx64.dll (G Data Software AG)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIEx64.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSof2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files (x86)\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.64.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.116 192.168.123.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD5AE1E4-714D-4E03-920D-ABE9EE787A4C}: DhcpNameServer = 195.50.140.116 192.168.123.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell - "" = AutoRun
O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\AutoRun\command - "" = V:\SETUP.EXE
O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\configure\command - "" = V:\SETUP.EXE
O33 - MountPoints2\{14b1b4e4-e977-11de-9627-002511d83983}\Shell\install\command - "" = V:\SETUP.EXE
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\cdstart.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\cdstart.exe
O34 - HKLM BootExecute: (PDBoot.exe) -  File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
MsConfig:64bit - StartUpFolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe - (Leader Technologies/Logitech)
MsConfig:64bit - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
MsConfig:64bit - StartUpReg: AshSnap - hkey= - key= - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 4\ashsnap.exe (ashampoo GmbH & Co. KG)
MsConfig:64bit - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: PlusService - hkey= - key= - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
MsConfig:64bit - StartUpReg: RocketDock - hkey= - key= - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
MsConfig:64bit - StartUpReg: snpstd3 - hkey= - key= - C:\Windows\vsnpstd3.exe ()
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: XboxStat - hkey= - key= - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.08 15:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.09.08 15:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2011.09.08 15:05:46 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2011.09.08 13:05:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{172BF5AA-5ADB-47A8-8261-9440F4413DE3}
[2011.09.07 14:13:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E82D38B0-A1C6-4FC1-A459-795D3DAF58FF}
[2011.09.07 14:13:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{83C7A11A-8EAA-41B2-8B7C-75C320DE0FFE}
[2011.09.06 22:10:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\FixItCenter
[2011.09.06 22:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2011.09.06 22:04:54 | 000,000,000 | ---D | C] -- C:\Windows\MATS
[2011.09.06 21:35:19 | 000,771,016 | ---- | C] (proDAD GmbH) -- C:\uninstall.exe
[2011.09.06 12:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.09.06 12:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\facemoods.com
[2011.09.06 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2011.09.06 12:06:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{14746336-DACA-441B-8C0E-5F1049B11284}
[2011.09.06 12:06:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3D70A804-54FC-47ED-8AA6-A1698C4069A3}
[2011.09.05 21:24:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C44B8BA1-1FB9-4E88-B8B9-A8725D62618A}
[2011.09.05 21:24:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{11A1E4A7-F635-462E-B944-BA3598A6256B}
[2011.09.04 23:33:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7F2AA41F-D387-4510-81B4-DA6DC9273BDF}
[2011.09.04 23:32:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{55FCB4AB-E781-46E0-BE1E-30D2B9B41F40}
[2011.09.04 13:01:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7B98AC6C-99FB-4F8A-8E14-C951129E7C6A}
[2011.09.03 11:32:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B1565BF-26B0-4CCC-86C8-654F2B6F89F0}
[2011.09.03 11:32:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{329CA473-720C-438B-8C4F-26E89AAC7666}
[2011.09.02 17:44:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A47BB6AD-5FB2-4A4A-8865-EF2E815AF228}
[2011.09.02 17:44:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{ADD2BD61-D7C0-4E5B-A1EB-0C68931E9DF9}
[2011.09.02 00:28:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Heroglyph
[2011.09.02 00:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
[2011.09.02 00:24:06 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2011.09.02 00:24:05 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2011.09.02 00:24:05 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2011.09.02 00:24:05 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2011.09.02 00:24:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2011.09.02 00:24:05 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2011.09.02 00:24:05 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2011.09.02 00:24:05 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2011.09.02 00:24:03 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2011.09.02 00:24:02 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax
[2011.09.02 00:24:00 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2011.09.02 00:24:00 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2011.09.02 00:14:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AIM
[2011.09.01 23:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USM
[2011.09.01 23:50:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USM
[2011.09.01 15:53:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4F10A6E8-1485-429F-9EB4-A39AE6D317AB}
[2011.09.01 15:53:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FA1A7ED0-77A0-46BF-9E14-D47E02DA70E9}
[2011.08.31 21:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualCloneDrive
[2011.08.31 20:59:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011
[2011.08.31 20:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011
[2011.08.31 13:51:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Rockstar Games
[2011.08.31 10:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011 old
[2011.08.30 17:25:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.08.30 17:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.08.30 17:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011.08.30 17:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.08.30 13:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Raxco
[2011.08.30 13:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco
[2011.08.30 13:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raxco
[2011.08.30 13:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MARKEMENT
[2011.08.30 13:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MARKEMENT
[2011.08.30 13:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetObjects
[2011.08.30 13:44:50 | 001,056,768 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\ROBOEX32.DLL
[2011.08.30 13:44:50 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\INETWH32.DLL
[2011.08.30 13:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetObjects
[2011.08.30 13:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD
[2011.08.30 13:38:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\proDAD
[2011.08.30 13:38:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\proDAD
[2011.08.30 13:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\proDAD
[2011.08.30 13:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2011.08.30 13:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2011.08.30 13:28:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts-Simulator 2009
[2011.08.30 12:37:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F55E9736-313E-40C0-BC6B-9CA6FEC825C5}
[2011.08.30 12:36:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{48EA303D-918E-4C32-9033-29E2CE6B0935}
[2011.08.30 00:36:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5116F0B2-6235-42F0-8612-748BF908F93C}
[2011.08.30 00:35:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BB40D063-E0F3-4038-BF3C-988F8C849EAD}
[2011.08.29 12:35:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{771406CF-9BEC-4961-BDB3-61A447D15B75}
[2011.08.29 12:34:53 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{633392F9-FDBA-4A38-9DA2-EF6118DA163B}
[2011.08.28 18:33:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{09F21C33-BB39-4DE5-890D-A98BDADDD95E}
[2011.08.28 18:33:00 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F48C2731-4273-4342-B2CB-ED61E27BB434}
[2011.08.26 10:33:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C3D444AD-8C01-4557-BE90-97C9C5EB2900}
[2011.08.26 10:32:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0A10A479-5E02-46D9-BAFD-A177AA364A35}
[2011.08.25 19:40:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E4670A46-F6FA-4BF6-9C9F-E03427DF4168}
[2011.08.25 19:40:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{EB8EAEFB-170C-4A3B-B6EA-529F9EF42D85}
[2011.08.22 22:52:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0E59175E-0A07-4F91-813F-B358A25E5905}
[2011.08.22 22:52:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4BA577DF-DAF8-43EA-A31D-34DF89156365}
[2011.08.21 22:51:30 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{49836AC0-1733-453D-90FA-E4AAAEC597EA}
[2011.08.21 22:51:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{463FE74F-D03C-42E3-B9FE-C9F149AAB57C}
[2011.08.21 16:17:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2011.08.21 16:16:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Games for Windows - LIVE Demos
[2011.08.21 16:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011.08.21 15:16:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5BE79326-6376-4A8B-AE21-72EE39B8FA36}
[2011.08.21 01:02:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011.08.21 01:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011.08.20 12:56:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{890DE418-921E-4EF1-9AC2-5549BD8D5FAF}
[2011.08.20 12:55:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FFEDC646-63BD-4E05-B3FA-5522DCCCB0A0}
[2011.08.19 15:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2011.08.19 15:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2011.08.19 15:26:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{72679341-0CEA-47D4-B1B3-6769388E5075}
[2011.08.19 15:26:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{26A52CF0-5935-4284-826F-19B20352A8B1}
[2011.08.18 23:21:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B8B0B62-B541-431E-A5F3-51E27F806EC6}
[2011.08.18 23:21:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{316F0DD2-A4B8-48DF-9366-39567B99DACA}
[2011.08.18 11:20:42 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D63FFDBA-1FF1-4491-BC70-12209157C7BC}
[2011.08.18 11:20:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6DCA4F1B-1C23-422D-833D-7AF449267013}
[2011.08.17 20:01:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3AF3FFA1-182D-476F-87DA-FFEEDAD68456}
[2011.08.17 20:01:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{822BC328-35D5-4D8C-B66A-B31F2163182E}
[2011.08.17 16:54:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F7D3B46A-CF2E-46AD-ADB4-CE0435A6EEB3}
[2011.08.17 15:06:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\LogiShrd
[2011.08.17 00:31:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1512B213-5DB2-4AD4-A508-0BCEF0A47D99}
[2011.08.17 00:31:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4DA65401-F87A-477D-94CC-650F4E4449E8}
[2011.08.16 12:30:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E278CF71-0AF9-4D6B-BBBC-E28E2D66CB0B}
[2011.08.16 12:30:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{77AA5B2D-3263-4AEE-9868-65DB7DFF7F8E}
[2011.08.15 20:33:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Leadertech
[2011.08.15 20:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2011.08.15 20:32:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2011.08.15 20:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SetPointG
[2011.08.15 20:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SetPointP
[2011.08.15 20:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2011.08.15 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logitech
[2011.08.15 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Logishrd
[2011.08.15 13:54:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{95699DE0-1CB8-4A02-A770-8C798A5DEED6}
[2011.08.15 13:53:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6ADFB87B-7BC9-471A-B118-C5F4EE421A98}
[2011.08.14 22:15:39 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3C5D5897-4164-4D28-B1AA-8C4A61A342E8}
[2011.08.14 22:15:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{0319BB12-57BC-471F-A2A6-66C6A72CB9B4}
[2011.08.14 01:06:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{872383BC-F599-4C23-8E36-E563ADC1FBCD}
[2011.08.14 01:06:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{8E11992A-9555-4A10-BFC7-1E2817AFFF13}
[2011.08.13 13:05:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4A96BF3F-4886-40DD-A397-45C796CFD460}
[2011.08.13 13:05:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4C91BF1E-0B0F-47BB-AE11-B491C576907E}
[2011.08.12 22:00:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{44D524A1-7A06-4157-91A6-1A2B0D615DB9}
[2011.08.12 01:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011.08.12 01:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2011.08.11 18:20:35 | 000,107,008 | ---- | C] (uc-forum.com) -- C:\Users\Admin\Desktop\BFP4F Loader.exe
[2011.08.11 13:07:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{4C3A4B98-3043-4CA9-B866-00DDEA32D31E}
[2011.08.11 13:07:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F65D0D17-2D06-4BA5-801F-2CEFDEB9DE39}
[2011.08.09 18:20:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.09 18:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011.08.09 18:19:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2011.08.09 18:19:34 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\DVDVideoSoft
[2011.08.09 18:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010.04.29 19:06:43 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll
[2010.04.29 19:06:43 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll
[2010.04.29 19:06:43 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.08 16:40:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.08 16:00:54 | 000,029,237 | ---- | M] () -- C:\Users\Admin\Desktop\Microsoft Windows.jpg
[2011.09.08 15:14:26 | 000,020,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.08 15:14:26 | 000,020,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.08 15:08:46 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.08 15:06:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.08 15:06:56 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.08 15:05:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2011.09.08 15:05:22 | 000,000,198 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2011.09.08 15:04:39 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe
[2011.09.08 13:02:49 | 000,401,659 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2011.09.08 13:02:49 | 000,032,535 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2011.09.06 21:58:30 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.09.06 21:58:30 | 000,655,802 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.09.06 21:58:30 | 000,616,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.09.06 21:58:30 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.09.06 21:58:30 | 000,106,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.09.06 17:32:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2011.08.31 21:44:44 | 000,001,740 | ---- | M] () -- C:\Users\Admin\Desktop\Landwirtschafts Simulator 2011.lnk
[2011.08.30 20:44:54 | 396,636,636 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.08.30 17:27:15 | 000,002,020 | ---- | M] () -- C:\Users\Admin\Desktop\Catalyst Control Center.lnk
[2011.08.21 01:01:24 | 000,002,156 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
[2011.08.17 17:51:41 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.08.17 17:51:41 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.08.17 12:58:45 | 000,001,448 | ---- | M] () -- C:\Users\Admin\Desktop\Command Prompt.lnk
[2011.08.15 22:08:24 | 000,059,256 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2011.08.15 14:05:45 | 000,110,968 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2011.08.15 14:05:45 | 000,050,552 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2011.08.15 14:05:44 | 000,065,912 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2011.08.13 21:33:01 | 000,002,103 | ---- | M] () -- C:\Users\Admin\Desktop\Logitech G-series Key Profiler.lnk
[2011.08.11 22:29:16 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.08.10 15:32:14 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011.08.10 15:23:44 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011.08.10 15:23:40 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011.08.10 15:23:36 | 000,036,160 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2011.08.10 15:23:30 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.08 16:00:53 | 000,029,237 | ---- | C] () -- C:\Users\Admin\Desktop\Microsoft Windows.jpg
[2011.09.08 15:05:20 | 000,000,198 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2011.09.08 15:04:38 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe
[2011.09.06 22:04:56 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Fix it Center.lnk
[2011.09.06 17:32:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2011.09.02 00:24:05 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax
[2011.09.02 00:24:05 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.09.02 00:24:05 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2011.09.02 00:24:04 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2011.09.02 00:24:03 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2011.09.02 00:24:02 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2011.09.02 00:24:01 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2011.09.02 00:24:00 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2011.09.02 00:24:00 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2011.09.02 00:24:00 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2011.09.02 00:14:33 | 000,000,696 | ---- | C] () -- C:\Windows\SysWow64\jetodbc.rsp
[2011.08.31 21:44:44 | 000,001,740 | ---- | C] () -- C:\Users\Admin\Desktop\Landwirtschafts Simulator 2011.lnk
[2011.08.30 20:44:54 | 396,636,636 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.08.30 17:27:15 | 000,002,020 | ---- | C] () -- C:\Users\Admin\Desktop\Catalyst Control Center.lnk
[2011.08.30 13:49:07 | 000,002,781 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerfectDisk 11.lnk
[2011.08.30 13:44:50 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll
[2011.08.21 01:01:24 | 000,002,156 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
[2011.08.13 21:33:01 | 000,002,103 | ---- | C] () -- C:\Users\Admin\Desktop\Logitech G-series Key Profiler.lnk
[2011.08.13 20:43:32 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.08.11 22:29:15 | 002,484,592 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_p4f.exe
[2011.07.17 23:54:02 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.06.30 15:52:19 | 000,401,659 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2011.06.29 19:32:19 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.06.09 13:52:22 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{E40E4B56-8C05-487F-A732-9A2EC3768E9C}
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.02.11 19:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011.02.11 19:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011.02.11 19:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2011.01.28 21:19:44 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.12.12 14:43:42 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.11.29 21:35:57 | 000,000,008 | -HS- | C] () -- C:\ProgramData\CCDD932493.sys
[2010.11.29 21:35:56 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.09.25 18:53:24 | 000,013,312 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.15 19:34:41 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\H@tKeysH@@k.DLL
[2010.05.18 16:21:13 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.05.07 16:31:06 | 000,196,096 | ---- | C] () -- C:\Windows\SysWow64\nY.exe
[2010.04.29 19:06:44 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2010.04.29 19:06:44 | 000,356,352 | ---- | C] () -- C:\Windows\tsnpstd3.exe
[2010.04.29 19:06:44 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2010.04.29 19:06:44 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2010.04.22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileOut.cns
[2010.04.22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\FileIn.cns
[2010.03.17 19:29:35 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE
[2010.02.19 21:18:20 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010.02.19 21:18:20 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2010.02.19 21:18:20 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2010.02.14 20:52:39 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2010.01.02 17:37:17 | 000,001,015 | ---- | C] () -- C:\Windows\disney.ini
[2009.12.22 22:21:05 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009.12.04 01:19:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007.04.27 11:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2006.11.02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI
[2005.01.25 15:15:42 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\PA207USD.DLL
[2003.05.18 18:23:35 | 000,045,056 | ---- | C] () -- C:\Program Files (x86)\fraps.dll
 
========== LOP Check ==========
 
[2009.12.22 22:24:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Atari
[2011.04.30 09:48:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon
[2011.04.03 16:23:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bioshock
[2010.09.03 19:48:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\bizarre creations
[2010.02.06 00:59:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Blender Foundation
[2010.02.21 14:02:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\concept design
[2010.04.14 19:47:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Cuttermaran
[2010.12.06 14:28:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
[2011.04.30 10:54:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Pro
[2010.01.02 17:50:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Disney Interactive Studios
[2010.02.28 12:25:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DNA
[2011.08.22 01:44:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2011.08.09 18:20:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.15 20:11:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Engelmann Media
[2009.12.30 17:12:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FarmingSimulator2008
[2010.05.08 12:02:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0
[2011.04.29 18:54:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ImTOO
[2011.08.15 20:33:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech
[2010.12.20 16:20:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAGIX
[2010.02.21 13:53:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NCH Swift Sound
[2010.11.02 17:36:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Need for Speed World
[2011.09.08 17:34:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NetSpeedMonitor
[2010.02.28 12:25:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++
[2010.07.11 13:52:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Panasonic
[2011.09.06 21:35:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\proDAD
[2010.09.26 09:24:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProtectDisc
[2011.09.02 14:01:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony
[2010.11.06 22:26:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer
[2011.09.02 18:15:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2010.12.19 15:35:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
[2010.11.06 21:39:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft
[2011.09.06 19:52:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent
[2011.01.07 18:43:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\wbtooltb
[2010.12.29 13:07:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer
[2011.04.30 09:45:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinPump
[2011.08.30 20:38:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.07.01 22:27:06 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.11.08 16:58:56 | 000,000,000 | ---D | M] -- C:\Advanced Wheel Mouse
[2011.01.03 15:26:36 | 000,000,000 | ---D | M] -- C:\AMD
[2009.12.04 01:17:12 | 000,000,000 | ---D | M] -- C:\ATI
[2011.09.06 22:04:57 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.12.04 01:12:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.05.28 13:24:14 | 000,000,000 | ---D | M] -- C:\Graphics
[2011.08.08 18:59:59 | 000,000,000 | ---D | M] -- C:\Intel
[2010.07.11 13:52:08 | 000,000,000 | ---D | M] -- C:\MC_TMP
[2009.12.15 14:45:31 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.09.06 22:04:54 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.09.08 15:36:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2011.09.06 12:34:13 | 000,000,000 | ---D | M] -- C:\ProgramData
[2009.12.04 01:12:37 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.12.04 01:12:37 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.04.12 16:26:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.01 22:26:54 | 000,000,000 | R--D | M] -- C:\Users
[2011.09.06 22:04:54 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
[5 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<           >

< End of report >

--- --- ---

cosinus · 08.09.2011, 20:18

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

fondorking · 08.09.2011, 20:24

Was genau ist mit routinemäßig gemeint, jeden tag ein mal??

cosinus · 08.09.2011, 21:44

Häh? Wie kann man aus routinemäßig 1x am tag interpretieren?

Damit wird ausgedrückt, dass wir hier am Anfang immer die Routine durchlaufen lassen, also Vollscan Malwarebytes!

fondorking · 09.09.2011, 19:05

Sry hab was falsch verstanden

hier mal das Logfile von Malwarebytes:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7678

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

08.09.2011 23:37:27
mbam-log-2011-09-08 (23-37-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 538817
Laufzeit: 2 Stunde(n), 2 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Admin\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\JPPIX9QT\testbundle23w_1254[1].exe (Trojan.Agent) -> No action taken.
c:\Users\Admin\AppData\Roaming\WinPump\pumpa.exe (Trojan.BTManager) -> No action taken.
c:\Users\Admin\Desktop\alles mögliche\gta san andreas\trainer.exe (Trojan.Downloader) -> No action taken.
c:\Users\Admin\Desktop\alles mögliche\gta san andreas 2\trainer.exe (Trojan.Downloader) -> No action taken.
c:\program files (x86)\fraps.dll (Spyware.OnlineGames) -> No action taken.
c:\uninstall.exe (Trojan.Agent) -> No action taken.
c:\Windows\System32\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken.
c:\Windows\SysWOW64\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken.

cosinus · 09.09.2011, 19:31

Zitat:

-> No action taken.

Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

fondorking · 09.09.2011, 19:34

die sachen wurden alle in quarantäne geschickt und da hab ich sie dann über Malwarebytes gelöscht.. richtig so?

cosinus · 09.09.2011, 19:40

Dann ist ok. Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

fondorking · 09.09.2011, 23:20

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=79a5d7440aa0f943bd1a90f99d38f51d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-09 10:15:53
# local_time=2011-09-10 12:15:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=4096 16777215 100 0 16182203 16182203 0 0
# compatibility_mode=5893 16776574 100 94 5714102 67224078 0 0
# compatibility_mode=8192 67108863 100 0 182 182 0 0
# scanned=330289
# found=6
# cleaned=0
# scan_time=12324
C:\Program Files (x86)\eDgMt2\3d_config.exe Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\eDgMt2\eDgMt2.exe Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Admin\AppData\Roaming\WinPump\extensions.exe Win32/Adware.GoodMedia.C application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Admin\Desktop\Alles Mögliche\GTA San Andreas.rar probably a variant of Win32/Agent.LPHFBGW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Admin\Downloads\eDgMt2 Client v4.2 Patcher v1.3.0.1.exe Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\FixCamera.exe a variant of Win32/KillProc.A application (unable to clean) 00000000000000000000000000000000 I

cosinus · 10.09.2011, 00:24

Zitat:

C:\Program Files (x86)\eDgMt2\3d_config.exe Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\eDgMt2\eDgMt2.exe Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Admin\AppData\Roaming\WinPump\extensions.exe Win32/Adware.GoodMedia.C application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Admin\Desktop\Alles Mögliche\GTA San Andreas.rar probably a variant of Win32/Agent.LPHFBGW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Admin\Downloads\eDgMt2 Client v4.2 Patcher v1.3.0.1.exe Win32/Packed.Autoit.C.Gen

Was ist das für ein Schroot auf den Rechner??

Das hast du manuell runtegeladen!

fondorking · 10.09.2011, 09:14

edgmt2 ist nen metin 2 server

hab ich früher immer gespielt.

08.09.2011, 16:05	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Keine Rückmeldung Log wurde falsch erstellt, du hast den falschen Text in die untere Box bei OTL reinkopiert. Bitte die Anweisung genau lesen und umsetzen. __________________ Logfiles bitte immer in CODE-Tags posten

08.09.2011, 20:18	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Keine Rückmeldung Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! __________________ --> Keine Rückmeldung

08.09.2011, 21:44	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Keine Rückmeldung Häh? Wie kann man aus routinemäßig 1x am tag interpretieren? Damit wird ausgedrückt, dass wir hier am Anfang immer die Routine durchlaufen lassen, also Vollscan Malwarebytes! __________________ Logfiles bitte immer in CODE-Tags posten

Keine Rückmeldung

Log-Analyse und Auswertung: Keine Rückmeldung