|
Plagegeister aller Art und deren Bekämpfung: quartänte .was ist das.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.01.2012, 17:37 | #1 |
| quartänte .was ist das. hallo ich habe wieder pech gehapt auf eienr seite da ich jetz virus pegommen habe avira hats angezeigt hats hab dan nochmal den pc gescannt un hatte viren gefunden die jetz bei quarantäne drin was soll ich jetz machen was ist das? sind die viren noch da avira und ein anderes malware programm zeigt an das mein pc sicher ist ist mein pc wirklich sicher |
02.01.2012, 19:26 | #2 |
/// Malware-holic | quartänte .was ist das. hi
__________________was ist wo gefunden worden? gehts auch noch mal auf deutsch und mit logfiles? du warst doch schon mal hier also kennst du doch die infos die wir wollen. otl logs, avira bericht,....
__________________ |
02.01.2012, 20:40 | #3 |
| quartänte .was ist das. VON AVIRA
__________________Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 x64 Windowsversion : (plain) [6.1.7600] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : -PASCAL-PC Versionsinformationen: BUILD.DAT : 12.0.0.872 41826 Bytes 15.12.2011 16:24:00 AVSCAN.EXE : 12.1.0.18 490448 Bytes 22.11.2011 13:20:05 AVSCAN.DLL : 12.1.0.17 65744 Bytes 22.11.2011 13:20:27 LUKE.DLL : 12.1.0.17 68304 Bytes 22.11.2011 13:20:14 AVSCPLR.DLL : 12.1.0.21 99536 Bytes 22.11.2011 13:20:05 AVREG.DLL : 12.1.0.27 227536 Bytes 10.12.2011 14:32:23 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 15:29:26 VBASE003.VDF : 7.11.19.171 2048 Bytes 20.12.2011 15:29:34 VBASE004.VDF : 7.11.19.172 2048 Bytes 20.12.2011 15:29:34 VBASE005.VDF : 7.11.19.173 2048 Bytes 20.12.2011 15:29:34 VBASE006.VDF : 7.11.19.174 2048 Bytes 20.12.2011 15:29:34 VBASE007.VDF : 7.11.19.175 2048 Bytes 20.12.2011 15:29:35 VBASE008.VDF : 7.11.19.176 2048 Bytes 20.12.2011 15:29:35 VBASE009.VDF : 7.11.19.177 2048 Bytes 20.12.2011 15:29:35 VBASE010.VDF : 7.11.19.178 2048 Bytes 20.12.2011 15:29:35 VBASE011.VDF : 7.11.19.179 2048 Bytes 20.12.2011 15:29:35 VBASE012.VDF : 7.11.19.180 2048 Bytes 20.12.2011 15:29:35 VBASE013.VDF : 7.11.19.217 182784 Bytes 22.12.2011 14:39:26 VBASE014.VDF : 7.11.19.255 148480 Bytes 24.12.2011 14:39:25 VBASE015.VDF : 7.11.20.29 164352 Bytes 27.12.2011 14:39:14 VBASE016.VDF : 7.11.20.70 180224 Bytes 29.12.2011 14:40:27 VBASE017.VDF : 7.11.20.71 2048 Bytes 29.12.2011 14:40:28 VBASE018.VDF : 7.11.20.72 2048 Bytes 29.12.2011 14:40:28 VBASE019.VDF : 7.11.20.73 2048 Bytes 29.12.2011 14:40:28 VBASE020.VDF : 7.11.20.74 2048 Bytes 29.12.2011 14:40:28 VBASE021.VDF : 7.11.20.75 2048 Bytes 29.12.2011 14:40:28 VBASE022.VDF : 7.11.20.76 2048 Bytes 29.12.2011 14:40:28 VBASE023.VDF : 7.11.20.77 2048 Bytes 29.12.2011 14:40:28 VBASE024.VDF : 7.11.20.78 2048 Bytes 29.12.2011 14:40:28 VBASE025.VDF : 7.11.20.79 2048 Bytes 29.12.2011 14:40:28 VBASE026.VDF : 7.11.20.80 2048 Bytes 29.12.2011 14:40:28 VBASE027.VDF : 7.11.20.81 2048 Bytes 29.12.2011 14:40:28 VBASE028.VDF : 7.11.20.82 2048 Bytes 29.12.2011 14:40:28 VBASE029.VDF : 7.11.20.83 2048 Bytes 29.12.2011 14:40:28 VBASE030.VDF : 7.11.20.84 2048 Bytes 29.12.2011 14:40:29 VBASE031.VDF : 7.11.20.97 132608 Bytes 30.12.2011 14:39:51 Engineversion : 8.2.8.18 AEVDF.DLL : 8.1.2.2 106868 Bytes 22.11.2011 13:20:02 AESCRIPT.DLL : 8.1.3.95 479612 Bytes 28.12.2011 14:40:59 AESCN.DLL : 8.1.7.2 127349 Bytes 01.09.2011 21:46:02 AESBX.DLL : 8.2.4.5 434549 Bytes 08.12.2011 17:16:06 AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06 AEPACK.DLL : 8.2.15.1 770423 Bytes 13.12.2011 14:31:58 AEOFFICE.DLL : 8.1.2.25 201084 Bytes 30.12.2011 14:41:08 AEHEUR.DLL : 8.1.3.14 4260216 Bytes 30.12.2011 14:41:03 AEHELP.DLL : 8.1.18.0 254327 Bytes 22.11.2011 13:19:58 AEGEN.DLL : 8.1.5.17 405877 Bytes 09.12.2011 14:08:17 AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01 AECORE.DLL : 8.1.24.3 201079 Bytes 28.12.2011 14:39:34 AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01 AVWINLL.DLL : 12.1.0.17 27344 Bytes 22.11.2011 13:20:07 AVPREF.DLL : 12.1.0.17 51920 Bytes 22.11.2011 13:20:04 AVREP.DLL : 12.1.0.17 179408 Bytes 22.11.2011 13:20:05 AVARKT.DLL : 12.1.0.19 208848 Bytes 22.11.2011 13:20:02 AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 22.11.2011 13:20:03 SQLITE3.DLL : 3.7.0.0 398288 Bytes 22.11.2011 13:20:19 AVSMTP.DLL : 12.1.0.17 62928 Bytes 22.11.2011 13:20:06 NETNT.DLL : 12.1.0.17 17104 Bytes 22.11.2011 13:20:15 RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 22.11.2011 13:20:31 RCTEXT.DLL : 12.1.0.16 98512 Bytes 22.11.2011 13:20:31 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, P:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Sonntag, 1. Januar 2012 14:43 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD1 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'P:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. Eine Instanz der ARK Library läuft bereits. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '77' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '107' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamservice.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'SteamService.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'KMProcess.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'KMConfig.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'StartAutorun.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamgui.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'WGClientService.exe' - '12' Modul(e) wurden durchsucht Durchsuche Prozess 'SeaPort.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'pdfsvc.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'LSSrvc.exe' - '25' Modul(e) wurden durchsucht Durchsuche Prozess 'TeaTimer.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'ICQ.exe' - '111' Modul(e) wurden durchsucht Durchsuche Prozess 'Skype.exe' - '89' Modul(e) wurden durchsucht Durchsuche Prozess 'iChat.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'Steam.exe' - '126' Modul(e) wurden durchsucht Durchsuche Prozess 'hpsysdrv.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'KMWDSrv.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'ezSharedSvcHost.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'DBService.exe' - '25' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '72' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '2163' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <OS> C:\Users\-Pascal-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\45eb23dc-1c002d71 [0] Archivtyp: ZIP --> Translate.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.AJ C:\Users\-Pascal-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\45eb23dc-2f1b3660 [0] Archivtyp: ZIP --> Market.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.AK C:\Users\-Pascal-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\30047aa4-19e331b3 [FUND] Ist das Trojanische Pferd TR/Offend.kdv.498105 C:\Users\-Pascal-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\7eb0b4be-2dbf8254 [FUND] Ist das Trojanische Pferd TR/Ransom.EJ.6 Beginne mit der Suche in 'D:\' <HP_RECOVERY> Beginne mit der Suche in 'P:\' <Volume> Beginne mit der Desinfektion: C:\Users\-Pascal-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\7eb0b4be-2dbf8254 [FUND] Ist das Trojanische Pferd TR/Ransom.EJ.6 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a26d0cd.qua' verschoben! C:\Users\-Pascal-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\30047aa4-19e331b3 [FUND] Ist das Trojanische Pferd TR/Offend.kdv.498105 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '52e3ffbd.qua' verschoben! C:\Users\-Pascal-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\45eb23dc-2f1b3660 [FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.AK [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '00e9a552.qua' verschoben! C:\Users\-Pascal-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\45eb23dc-1c002d71 [FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.AJ [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '66deea90.qua' verschoben! Ende des Suchlaufs: Sonntag, 1. Januar 2012 15:52 Benötigte Zeit: 1:09:03 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 38086 Verzeichnisse wurden überprüft 957651 Dateien wurden geprüft 4 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 4 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 957647 Dateien ohne Befall 4398 Archive wurden durchsucht 0 Warnungen 4 Hinweise MALWARE SCANNER Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 911122701 Windows 6.1.7600 Internet Explorer 9.0.8112.16421 27.12.2011 13:26:48 mbam-log-2011-12-27 (13-26-48).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 191466 Laufzeit: 1 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\-Pascal-\downloads\softonicdownloader_fuer_orbit-downloader.exe (PUP.BundleOffer.Downloader.S) -> Quarantined and deleted successfully. c:\Users\-Pascal-\downloads\softonicdownloader_fuer_windows-live-movie-maker.exe (PUP.BundleOffer.Downloader.S) -> Quarantined and deleted successfully. c:\Users\-Pascal-\downloads\softonicdownloader_fuer_windows-movie-maker.exe (PUP.BundleOffer.Downloader.S) -> Quarantined and deleted successfully. c:\Users\-Pascal-\downloads\softonicdownloader_fuer_wink.exe (PUP.BundleOffer.Downloader.S) -> Quarantined and deleted successfully. WEN ES DAS FALSCHE IST BITTE ERKLÄREN WAS SONS Geändert von virushasser8 (02.01.2012 um 21:10 Uhr) Grund: FALSCHE LOG DATA |
02.01.2012, 20:42 | #4 |
| quartänte .was ist das. ich habe diese viirus von eienr wbsite wo ich eigentlich miis für den 3ds holen wollte und da hat plötzlich mein virus programm avira arlam geschlagen und das andere virusprogramm |
03.01.2012, 08:42 | #5 | |
| quartänte .was ist das.Zitat:
aber ich habe mehrere aber das müssen die richtigen sein |
03.01.2012, 13:29 | #6 |
/// Malware-holic | quartänte .was ist das. "und das andere virusprogramm " welches meinst du? malwarebytes? Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ --> quartänte .was ist das. |
03.01.2012, 15:07 | #7 |
| quartänte .was ist das. DANKE ICH HABE ES GEMACHT WAS MEINEN SIE MIT ALLES PROGRAMME BEENDEN ICH HABE ELIDER AM ANFANG DES SCANNEN GEMRKT DAS DAS INTERNET NOCH ANWAR DAS ICH BEENDET HABE IST DAS JETZ RICGTIG? OTL Logfile: Code:
ATTFilter OTL logfile created on: 1/3/2012 2:59:49 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\-Pascal-\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6.00 Gb Total Physical Memory | 4.58 Gb Available Physical Memory | 76.29% Memory free 12.00 Gb Paging File | 10.45 Gb Available in Paging File | 87.08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 464.74 Gb Total Space | 330.64 Gb Free Space | 71.15% Space Free | Partition Type: NTFS Drive D: | 13.60 Gb Total Space | 1.67 Gb Free Space | 12.30% Space Free | Partition Type: NTFS Drive E: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive P: | 453.08 Gb Total Space | 449.82 Gb Free Space | 99.28% Space Free | Partition Type: NTFS Computer Name: -PASCAL-PC | User Name: -Pascal- | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/01/03 14:58:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\-Pascal-\Downloads\OTL.exe PRC - [2012/01/03 09:42:01 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2011/12/21 15:50:01 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011/10/11 15:05:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011/10/11 15:05:48 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2011/10/11 15:05:46 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011/10/11 15:05:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011/07/28 09:52:06 | 000,018,472 | ---- | M] (WeGame.com, Inc.) -- C:\Program Files (x86)\WeGame\WGClientService.exe PRC - [2011/03/01 14:28:49 | 000,119,608 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.4\ICQ.exe PRC - [2011/02/12 17:17:26 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010/04/25 11:45:28 | 000,328,704 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Mouse Driver\KMProcess.exe PRC - [2010/04/23 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/19 15:12:14 | 001,823,744 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe PRC - [2009/10/15 00:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2009/01/26 15:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/01/08 15:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe PRC - [2008/11/20 19:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe PRC - [2008/07/21 00:14:38 | 000,401,408 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Mouse Driver\KMConfig.exe PRC - [2008/05/30 01:22:38 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Mouse Driver\StartAutorun.exe PRC - [2001/05/14 20:28:46 | 001,095,680 | ---- | M] (AlexSoft) -- C:\Program Files (x86)\IChat\iChat.exe ========== Modules (No Company Name) ========== MOD - [2011/12/21 15:50:01 | 000,849,368 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll MOD - [2010/04/25 11:26:42 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Mouse Driver\MouseHook.dll MOD - [2007/03/29 12:17:42 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Mouse Driver\keydll.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/05/17 14:03:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/03/05 02:25:36 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV:64bit: - [2010/03/05 02:25:34 | 000,496,232 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012/01/03 09:42:01 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011/12/10 15:32:17 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/10/11 15:05:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/10/11 15:05:48 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011/10/11 15:05:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/07/28 09:52:06 | 000,018,472 | ---- | M] (WeGame.com, Inc.) [Auto | Running] -- C:\Program Files (x86)\WeGame\WGClientService.exe -- (WeGameClientService) SRV - [2011/02/12 17:17:26 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010/09/30 22:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010/04/19 15:12:14 | 001,823,744 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE) SRV - [2009/10/15 00:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/01/08 15:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe -- (DBService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/01/03 09:42:03 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011/11/22 14:20:32 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011/11/22 14:20:31 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011/10/04 14:30:34 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011/03/03 14:10:41 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010/12/02 01:59:02 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010/12/02 01:59:02 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/05/17 14:35:30 | 006,853,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010/05/17 13:30:28 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/04/16 15:26:38 | 000,022,016 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2010/04/08 00:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010/03/04 12:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2010/02/24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2003/04/19 00:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\tandpl.sys -- (tandpl) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Hotmail und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 2F 3F 5D 26 C0 CC 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results) IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Search-Results" FF - prefs.js..browser.search.defaultenginename: "Search-Results" FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search-Results" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2304157&SearchSource=13" FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0 FF - prefs.js..extensions.enabledItems: {22e03916-85c5-44b0-8dc9-1830c11238d9}:3.3.0.19 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.18132 FF - prefs.js..extensions.enabledItems: ffxtlbr@incredibar.com:1.5.0 FF - prefs.js..extensions.enabledItems: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.45.0 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.14 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7 FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.8.1.0 FF - prefs.js..keyword.URL: "hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=STC-SRS&o=41648033&locale=de_DE&apn_uid=CF2CB85E-6205-488F-B203-91DE7077CCE6&apn_ptnrs=96&apn_sauid=8726ABEA-AE9B-44AD-823B-04216B9D0BC8&apn_dtid=YYYYYYYYDE&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox [2010/12/02 01:43:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/02 01:43:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\-Pascal-\AppData\Local\RewardsArcade\498\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/21 15:50:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/21 15:50:02 | 000,000,000 | ---D | M] [2011/01/02 17:09:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Extensions [2012/01/02 17:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions [2011/01/08 21:13:16 | 000,000,000 | ---D | M] (Elf 1 Community Toolbar) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9} [2011/12/28 10:02:04 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2011/03/04 19:25:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011/12/09 16:41:02 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2011/12/10 16:41:02 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/07/04 15:54:25 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2011/12/02 15:18:49 | 000,000,000 | ---D | M] (Incredibar Toolbar) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\ffxtlbr@incredibar.com [2011/12/03 20:05:09 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\toolbar@ask.com [2011/03/26 19:51:36 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-2.xml [2011/05/07 07:52:48 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-3.xml [2011/07/19 11:22:40 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-4.xml [2011/08/31 15:33:23 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-5.xml [2011/09/01 20:38:59 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-6.xml [2011/12/02 13:09:54 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-7.xml [2011/12/28 10:22:26 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-8.xml [2010/05/12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin.xml [2011/12/02 15:18:46 | 000,002,201 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\MyStart Search.xml [2012/01/02 15:29:38 | 000,003,367 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\search-results.xml [2011/12/03 09:10:54 | 000,002,270 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\SearchTheWeb.xml [2012/01/02 17:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011/01/06 20:47:45 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de [2008/02/22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll [2011/11/20 17:16:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/11/20 17:16:17 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011/11/20 17:16:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011/11/20 17:16:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011/11/20 17:16:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll (Montera Technologeis LTD) O3 - HKCU\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [KMCONFIG] "C:\Program Files (x86)\Mouse Driver\StartAutorun.exe" KMConfig.exe File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [iChat] C:\Program Files (x86)\IChat\iChat.exe (AlexSoft) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2602F395-FC82-414A-919C-E03F3E080502}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/12/07 14:45:03 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007/03/07 16:49:40 | 012,723,728 | R--- | M] (Ubisoft) - E:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2003/10/06 08:52:36 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{c4b539d2-fdc5-11df-af4a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c4b539d2-fdc5-11df-af4a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2007/03/07 16:49:40 | 012,723,728 | R--- | M] (Ubisoft) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk - C:\PROGRA~2\PICTUR~1\Bin\PICTUR~1.EXE - (Hewlett-Packard Company) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WeGame.lnk - C:\PROGRA~2\WeGame\wegame.exe - (WeGame.com, Inc.) MsConfig:64bit - StartUpFolder: C:^Users^-Pascal-^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\PROGRA~2\OpenOffice.org 3\program\quickstart.exe - () MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Search-Results) MsConfig:64bit - StartUpReg: EA Core - hkey= - key= - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts) MsConfig:64bit - StartUpReg: Easybits Recovery - hkey= - key= - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) MsConfig:64bit - StartUpReg: HPAdvisorDock - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe () MsConfig:64bit - StartUpReg: iChat - hkey= - key= - C:\Program Files (x86)\IChat\iChat.exe (AlexSoft) MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - File not found MsConfig:64bit - StartUpReg: PDF Complete - hkey= - key= - C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: SmartMenu - hkey= - key= - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/01/03 09:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011/12/30 19:27:26 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\grafiti [2011/12/28 10:14:03 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\xfire [2011/12/28 10:02:00 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Local\Conduit [2011/12/28 10:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2011/12/28 09:54:00 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps [2011/12/28 09:27:40 | 000,000,000 | ---D | C] -- C:\Fraps [2011/12/27 13:37:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2011/12/26 11:57:45 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gamigo Games [2011/12/26 11:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gamigo Games [2011/12/26 11:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gamigo Games [2011/12/25 14:09:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2011/12/25 10:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Driver [2011/12/25 10:57:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mouse Driver [2011/12/24 12:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft [2011/12/23 14:40:15 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\musik [2011/12/23 11:47:19 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Documents\Cross Fire [2011/12/23 11:47:19 | 000,000,000 | ---D | C] -- C:\CFLog [2011/12/23 11:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Z8Games [2011/12/23 11:41:04 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2011/12/23 11:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bohemia Interactive [2011/12/23 11:12:30 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\CrossFire_1082 [2011/12/20 17:33:22 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Malwarebytes [2011/12/20 17:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/12/20 17:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/12/20 17:32:57 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/12/20 17:32:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/12/18 15:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bau-Simulator 2012 Demo [2011/12/18 15:31:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bau-Simulator 2012 Demo [2011/12/18 11:42:21 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Documents\Kalypso Media [2011/12/18 11:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Airline Tycoon 2-Demo [2011/12/18 11:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso Media [2011/12/18 11:11:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kalypso Media [2011/12/18 10:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\RTL Winter Sports 2009 [2011/12/18 10:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RTL Sports [2011/12/18 10:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tank Simulation Demo [2011/12/18 10:22:29 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\Tank Simulation Demo [2011/12/17 16:15:11 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Local\Criterion Games [2011/12/17 12:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2011/12/17 12:05:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2011/12/17 11:09:24 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\OpenCandy [2011/12/17 11:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2011/12/17 10:56:36 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Local\GamersFirst LIVE! [2011/12/17 10:56:29 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Local\PMB Files [2011/12/17 10:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2011/12/17 10:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2011/12/17 10:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamersFirst [2011/12/17 10:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamersFirst [2011/12/17 10:29:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Biathlon 2004 [2011/12/17 10:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biathlon 2004 [2011/12/17 10:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts [2011/12/15 16:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Biathlon 2009 (Demo) [2011/12/15 16:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MTA San Andreas All [2011/12/15 16:50:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MTA San Andreas 1.1 [2011/12/15 16:39:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewFreeScreensavers [2011/12/14 19:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tetris Unlimited [2011/12/14 19:30:45 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\PROGRAM [2011/12/14 19:11:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion [2011/12/11 12:41:24 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2011/12/10 18:03:14 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\meine 3ds bilder [2011/12/10 16:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics [2011/12/10 16:46:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics [2011/12/10 16:44:32 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\DeepBurner [2011/12/10 16:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeepBurner [2011/12/10 16:44:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Astonsoft [2011/12/10 16:41:13 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\DVDVideoSoft [2011/12/10 16:41:02 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\DVDVideoSoftIEHelpers [2011/12/10 16:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2011/12/10 16:40:56 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Documents\DVDVideoSoft [2011/12/10 16:40:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2011/12/10 16:40:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2011/12/09 11:53:53 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\kikin [2011/12/09 11:53:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kikin [2011/12/09 11:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 2D [2011/12/09 11:53:48 | 000,000,000 | ---D | C] -- C:\Counter-Strike 2D [2011/12/08 19:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011/12/08 19:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011/12/08 18:20:46 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Avira [2011/12/08 18:15:00 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011/12/08 18:15:00 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011/12/08 18:15:00 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011/12/08 18:14:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011/12/08 18:14:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011/12/07 14:44:48 | 000,000,000 | ---D | C] -- C:\sh4ldr [2011/12/07 14:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2011/12/06 18:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security [2011/12/06 18:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2011/12/06 18:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011/12/05 21:03:53 | 000,000,000 | RH-D | C] -- C:\Users\-Pascal-\AppData\Roaming\SecuROM [2011/12/05 20:40:33 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Documents\ArmA [2011/12/05 20:40:33 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Local\ArmA [2011/12/05 20:39:36 | 000,431,104 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2011/12/05 20:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2011/12/05 20:39:35 | 000,409,600 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2011/12/05 20:39:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL [2011/12/05 13:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra [2011/12/04 19:37:29 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Documents\Battlefield 2 [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/01/03 15:03:28 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/03 15:03:28 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/03 14:56:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/01/03 14:55:57 | 536,322,047 | -HS- | M] () -- C:\hiberfil.sys [2012/01/03 09:55:05 | 000,000,082 | ---- | M] () -- C:\Users\-Pascal-\Documents\cc_20120103_095502.reg [2012/01/03 09:42:03 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012/01/03 09:39:33 | 000,002,132 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/01/02 15:53:02 | 000,000,219 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Counter-Strike Source Beta.url [2011/12/31 12:35:08 | 000,001,218 | ---- | M] () -- C:\Users\-Pascal-\Desktop\flagge-deutschland.gif [2011/12/30 19:27:32 | 000,004,544 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Neues Journal-Dokument.jnt [2011/12/30 17:03:44 | 000,009,216 | ---- | M] () -- C:\Users\-Pascal-\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/28 09:54:00 | 000,000,574 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Fraps.lnk [2011/12/27 13:37:42 | 000,001,003 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Audacity.lnk [2011/12/24 12:17:21 | 000,002,262 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Ubi Soft Product Registration.lnk [2011/12/24 12:14:18 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Splinter Cell spielen.lnk [2011/12/23 11:42:15 | 000,025,395 | ---- | M] () -- C:\Users\-Pascal-\Desktop\CrossFire_1082.dlbt [2011/12/23 11:41:04 | 000,431,104 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2011/12/23 11:41:03 | 000,409,600 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2011/12/20 17:33:00 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/12/18 15:29:10 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000D59.LCS [2011/12/18 14:07:23 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000CE8.LCS [2011/12/18 10:22:42 | 000,001,655 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Tank Simulation Demo.lnk [2011/12/17 11:18:55 | 000,001,233 | ---- | M] () -- C:\Users\Public\Desktop\War Rock.lnk [2011/12/17 11:13:09 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2011/12/17 11:13:04 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2011/12/17 10:56:22 | 000,001,222 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk [2011/12/17 10:56:22 | 000,001,188 | ---- | M] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk [2011/12/17 10:01:37 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk [2011/12/17 10:01:25 | 000,005,214 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg [2011/12/15 05:41:14 | 000,028,056 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll [2011/12/11 12:41:25 | 000,001,798 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Day of Defeat Source.lnk [2011/12/11 12:41:25 | 000,001,796 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Half-Life 2 Deathmatch.lnk [2011/12/11 12:41:25 | 000,001,796 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Counter-Strike Source.lnk [2011/12/10 19:50:24 | 000,003,367 | ---- | M] () -- C:\Users\-Pascal-\Documents\Data CD#1.dbr [2011/12/10 16:46:11 | 000,001,320 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Auslogics Disk Defrag.lnk [2011/12/10 16:44:25 | 000,001,145 | ---- | M] () -- C:\Users\-Pascal-\Desktop\DeepBurner.lnk [2011/12/10 16:41:00 | 000,001,498 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Free YouTube to MP3 Converter.lnk [2011/12/10 16:41:00 | 000,001,311 | ---- | M] () -- C:\Users\-Pascal-\Desktop\DVDVideoSoft Free Studio.lnk [2011/12/09 12:21:06 | 000,000,696 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Counter-Strike 2D.lnk [2011/12/08 18:15:19 | 001,188,624 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2011/12/07 14:45:03 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2011/12/07 14:42:26 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/12/07 14:42:26 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011/12/07 14:42:26 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/12/07 14:42:26 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011/12/07 14:42:26 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/12/05 13:44:30 | 000,002,296 | ---- | M] () -- C:\Users\-Pascal-\Desktop\SWAT 4.lnk [2011/12/04 20:36:56 | 000,001,882 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Battlefield 2 spielen.lnk [2011/12/04 19:37:46 | 000,002,168 | ---- | M] () -- C:\Users\Public\Desktop\BF2 jetzt online spielen!.lnk [2011/12/04 19:37:46 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 2.lnk [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/01/03 09:55:05 | 000,000,082 | ---- | C] () -- C:\Users\-Pascal-\Documents\cc_20120103_095502.reg [2012/01/02 15:53:02 | 000,000,219 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Counter-Strike Source Beta.url [2011/12/31 12:36:43 | 000,001,218 | ---- | C] () -- C:\Users\-Pascal-\Desktop\flagge-deutschland.gif [2011/12/30 19:27:32 | 000,004,544 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Neues Journal-Dokument.jnt [2011/12/28 09:27:40 | 000,000,574 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Fraps.lnk [2011/12/27 13:37:42 | 000,001,015 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2011/12/27 13:37:42 | 000,001,003 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Audacity.lnk [2011/12/24 12:17:21 | 000,002,262 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Ubi Soft Product Registration.lnk [2011/12/24 12:14:06 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Splinter Cell spielen.lnk [2011/12/23 11:42:15 | 000,025,395 | ---- | C] () -- C:\Users\-Pascal-\Desktop\CrossFire_1082.dlbt [2011/12/20 17:33:00 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/12/18 10:47:36 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00000D59.LCS [2011/12/18 10:22:42 | 000,001,655 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Tank Simulation Demo.lnk [2011/12/17 11:18:55 | 000,001,233 | ---- | C] () -- C:\Users\Public\Desktop\War Rock.lnk [2011/12/17 11:13:09 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2011/12/17 11:13:04 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2011/12/17 10:56:22 | 000,001,222 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk [2011/12/17 10:56:22 | 000,001,188 | ---- | C] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk [2011/12/17 10:01:25 | 000,005,214 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg [2011/12/15 16:58:48 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00000CE8.LCS [2011/12/15 16:39:49 | 008,782,382 | ---- | C] () -- C:\Windows\SysWow64\nfsFirePlace02.scr [2011/12/15 05:41:14 | 000,028,056 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll [2011/12/11 12:41:25 | 000,001,798 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Day of Defeat Source.lnk [2011/12/11 12:41:25 | 000,001,796 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Half-Life 2 Deathmatch.lnk [2011/12/11 12:41:25 | 000,001,796 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Counter-Strike Source.lnk [2011/12/10 19:50:24 | 000,003,367 | ---- | C] () -- C:\Users\-Pascal-\Documents\Data CD#1.dbr [2011/12/10 16:44:25 | 000,001,145 | ---- | C] () -- C:\Users\-Pascal-\Desktop\DeepBurner.lnk [2011/12/10 16:41:00 | 000,001,498 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Free YouTube to MP3 Converter.lnk [2011/12/10 16:41:00 | 000,001,311 | ---- | C] () -- C:\Users\-Pascal-\Desktop\DVDVideoSoft Free Studio.lnk [2011/12/09 12:21:06 | 000,000,696 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Counter-Strike 2D.lnk [2011/12/08 18:15:20 | 000,002,132 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011/12/07 14:45:03 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2011/12/06 18:45:47 | 001,188,624 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB [2011/12/05 13:44:30 | 000,002,296 | ---- | C] () -- C:\Users\-Pascal-\Desktop\SWAT 4.lnk [2011/12/04 20:36:56 | 000,001,882 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Battlefield 2 spielen.lnk [2011/12/04 19:37:46 | 000,002,168 | ---- | C] () -- C:\Users\Public\Desktop\BF2 jetzt online spielen!.lnk [2011/12/04 19:37:46 | 000,002,146 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2.lnk [2011/12/02 15:26:00 | 000,009,216 | ---- | C] () -- C:\Users\-Pascal-\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/02 15:18:49 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011/05/22 13:10:44 | 000,000,000 | ---- | C] () -- C:\Windows\EAREMOVE.INI [2011/03/28 13:51:43 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll [2011/03/28 13:51:43 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2011/03/28 13:48:55 | 000,185,344 | ---- | C] () -- C:\Windows\patchw32.dll [2011/03/28 13:30:11 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys [2011/03/28 13:30:11 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys [2011/03/19 13:52:57 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011/03/05 08:49:58 | 000,001,237 | ---- | C] () -- C:\Windows\eReg.dat [2011/03/04 14:25:32 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll [2011/03/04 14:24:33 | 000,000,266 | ---- | C] () -- C:\Windows\SIERRA.INI [2011/02/15 15:09:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/02/09 19:19:11 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011/02/09 19:19:07 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011/02/09 19:19:04 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2011/01/02 15:38:06 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010/12/02 02:02:20 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010/12/02 01:37:46 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2010/12/02 01:06:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010/02/10 03:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL [2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [1997/06/14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll ========== LOP Check ========== [2011/01/03 20:27:35 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Auslogics [2011/12/10 16:45:15 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\DeepBurner [2011/12/10 16:41:14 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\DVDVideoSoft [2011/12/10 16:41:02 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\DVDVideoSoftIEHelpers [2011/12/02 13:35:42 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\GrabPro [2011/12/20 17:29:38 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\ICQ [2011/12/09 16:41:02 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\kikin [2011/03/09 17:11:07 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\MysteryStudio [2011/12/17 11:09:26 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\OpenCandy [2011/01/16 13:39:25 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\OpenOffice.org [2011/12/08 18:24:14 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Orbit [2011/01/02 15:45:10 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\PictureMover [2011/12/02 13:35:45 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\ProgSense [2011/12/18 10:47:35 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\ProtectDisc [2011/01/15 08:31:17 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\QuickStoresToolbar [2011/01/06 19:10:45 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\RedDotGames [2011/01/09 10:11:28 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Tific [2011/03/28 13:48:56 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\ubi.com [2011/12/15 18:52:41 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Ubisoft [2011/06/04 20:38:25 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Wildlife Park 2 [2011/06/04 20:36:50 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Wildlife Park 2 - Crazy Zoo [2011/06/04 20:37:30 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Wildlife Park 2 - Marine World [2011/01/02 17:02:51 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\WildTangent [2011/12/27 13:43:58 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\_MDLogs [2011/12/28 10:19:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011/02/14 17:09:49 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011/12/23 11:47:19 | 000,000,000 | ---D | M] -- C:\CFLog [2011/12/09 16:24:55 | 000,000,000 | ---D | M] -- C:\Counter-Strike 2D [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011/12/06 19:00:08 | 000,000,000 | ---D | M] -- C:\downloads [2011/12/28 09:38:44 | 000,000,000 | ---D | M] -- C:\Fraps [2010/12/02 01:38:08 | 000,000,000 | RHSD | M] -- C:\hp [2011/03/19 15:34:51 | 000,000,000 | ---D | M] -- C:\JANES [2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011/12/23 11:34:43 | 000,000,000 | R--D | M] -- C:\Program Files [2011/12/29 11:29:18 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011/12/28 10:21:14 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009/07/24 19:32:39 | 000,000,000 | -HSD | M] -- C:\Recovery [2011/12/08 19:48:03 | 000,000,000 | ---D | M] -- C:\sh4ldr [2011/03/04 14:24:45 | 000,000,000 | ---D | M] -- C:\SIERRA [2011/01/02 17:03:59 | 000,000,000 | ---D | M] -- C:\swsetup [2012/01/03 15:01:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011/01/02 15:43:44 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV [2011/02/14 17:09:35 | 000,000,000 | R--D | M] -- C:\Users [2012/01/03 14:56:01 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008/06/06 23:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2010/12/02 01:47:23 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe [2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2010/12/02 01:49:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2010/12/02 01:49:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2010/12/02 01:47:23 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe [2010/12/02 01:45:18 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2010/12/02 01:49:55 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe [2010/12/02 01:49:55 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010/12/02 01:45:18 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010/12/02 01:49:55 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010/12/02 01:45:18 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2010/12/02 01:49:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2010/12/02 01:47:23 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe [2010/12/02 01:45:18 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe [2010/12/02 01:47:23 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe < MD5 for: IASTORV.SYS > [2010/12/02 01:59:02 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\SysNative\drivers\iaStorV.sys [2010/12/02 01:59:02 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_c9199d57075f47a9\iaStorV.sys [2010/12/02 01:59:02 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [2010/12/02 01:59:02 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2010/12/02 01:59:02 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\SysNative\drivers\nvstor.sys [2010/12/02 01:59:02 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_c09ee40f078b4594\nvstor.sys [2010/12/02 01:59:02 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2010/12/02 01:59:02 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WINLOGON.EXE > [2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2010/12/02 01:49:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010/12/02 01:49:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2010/12/02 01:49:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2012/01/03 15:10:33 | 002,883,584 | -HS- | M] () -- C:\Users\-Pascal-\NTUSER.DAT [2012/01/03 15:10:32 | 000,262,144 | -HS- | M] () -- C:\Users\-Pascal-\ntuser.dat.LOG1 [2011/01/02 15:37:55 | 000,000,000 | -HS- | M] () -- C:\Users\-Pascal-\ntuser.dat.LOG2 [2011/01/02 18:22:33 | 000,065,536 | -HS- | M] () -- C:\Users\-Pascal-\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011/01/02 18:22:33 | 000,524,288 | -HS- | M] () -- C:\Users\-Pascal-\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011/01/02 18:22:33 | 000,524,288 | -HS- | M] () -- C:\Users\-Pascal-\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011/01/02 15:37:55 | 000,000,020 | -HS- | M] () -- C:\Users\-Pascal-\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2 < End of report > |
03.01.2012, 15:08 | #8 |
| quartänte .was ist das. DANKE ICH HABE ES GEMACHT WAS MEINEN SIE MIT ALLES PROGRAMME BEENDEN ICH HABE ELIDER AM ANFANG DES SCANNEN GEMRKT DAS DAS INTERNET NOCH ANWAR DAS ICH BEENDET HABE IST DAS JETZ RICGTIG? OTL Logfile: Code:
ATTFilter OTL logfile created on: 1/3/2012 2:59:49 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\-Pascal-\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6.00 Gb Total Physical Memory | 4.58 Gb Available Physical Memory | 76.29% Memory free 12.00 Gb Paging File | 10.45 Gb Available in Paging File | 87.08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 464.74 Gb Total Space | 330.64 Gb Free Space | 71.15% Space Free | Partition Type: NTFS Drive D: | 13.60 Gb Total Space | 1.67 Gb Free Space | 12.30% Space Free | Partition Type: NTFS Drive E: | 4.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive P: | 453.08 Gb Total Space | 449.82 Gb Free Space | 99.28% Space Free | Partition Type: NTFS Computer Name: -PASCAL-PC | User Name: -Pascal- | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/01/03 14:58:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\-Pascal-\Downloads\OTL.exe PRC - [2012/01/03 09:42:01 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2011/12/21 15:50:01 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011/10/11 15:05:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011/10/11 15:05:48 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2011/10/11 15:05:46 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011/10/11 15:05:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011/07/28 09:52:06 | 000,018,472 | ---- | M] (WeGame.com, Inc.) -- C:\Program Files (x86)\WeGame\WGClientService.exe PRC - [2011/03/01 14:28:49 | 000,119,608 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.4\ICQ.exe PRC - [2011/02/12 17:17:26 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010/04/25 11:45:28 | 000,328,704 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Mouse Driver\KMProcess.exe PRC - [2010/04/23 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/19 15:12:14 | 001,823,744 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe PRC - [2009/10/15 00:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2009/01/26 15:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/01/08 15:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe PRC - [2008/11/20 19:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe PRC - [2008/07/21 00:14:38 | 000,401,408 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Mouse Driver\KMConfig.exe PRC - [2008/05/30 01:22:38 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Mouse Driver\StartAutorun.exe PRC - [2001/05/14 20:28:46 | 001,095,680 | ---- | M] (AlexSoft) -- C:\Program Files (x86)\IChat\iChat.exe ========== Modules (No Company Name) ========== MOD - [2011/12/21 15:50:01 | 000,849,368 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll MOD - [2010/04/25 11:26:42 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Mouse Driver\MouseHook.dll MOD - [2007/03/29 12:17:42 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Mouse Driver\keydll.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/05/17 14:03:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/03/05 02:25:36 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV:64bit: - [2010/03/05 02:25:34 | 000,496,232 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012/01/03 09:42:01 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011/12/10 15:32:17 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/10/11 15:05:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/10/11 15:05:48 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011/10/11 15:05:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/07/28 09:52:06 | 000,018,472 | ---- | M] (WeGame.com, Inc.) [Auto | Running] -- C:\Program Files (x86)\WeGame\WGClientService.exe -- (WeGameClientService) SRV - [2011/02/12 17:17:26 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010/09/30 22:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010/04/19 15:12:14 | 001,823,744 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE) SRV - [2009/10/15 00:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/01/08 15:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe -- (DBService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/01/03 09:42:03 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011/11/22 14:20:32 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011/11/22 14:20:31 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011/10/04 14:30:34 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011/03/03 14:10:41 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010/12/02 01:59:02 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010/12/02 01:59:02 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/05/17 14:35:30 | 006,853,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010/05/17 13:30:28 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/04/16 15:26:38 | 000,022,016 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2010/04/08 00:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010/03/04 12:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2010/02/24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2003/04/19 00:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\tandpl.sys -- (tandpl) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Hotmail und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 2F 3F 5D 26 C0 CC 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results) IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Search-Results" FF - prefs.js..browser.search.defaultenginename: "Search-Results" FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search-Results" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2304157&SearchSource=13" FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0 FF - prefs.js..extensions.enabledItems: {22e03916-85c5-44b0-8dc9-1830c11238d9}:3.3.0.19 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.18132 FF - prefs.js..extensions.enabledItems: ffxtlbr@incredibar.com:1.5.0 FF - prefs.js..extensions.enabledItems: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.45.0 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.14 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7 FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.8.1.0 FF - prefs.js..keyword.URL: "hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=STC-SRS&o=41648033&locale=de_DE&apn_uid=CF2CB85E-6205-488F-B203-91DE7077CCE6&apn_ptnrs=96&apn_sauid=8726ABEA-AE9B-44AD-823B-04216B9D0BC8&apn_dtid=YYYYYYYYDE&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox [2010/12/02 01:43:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/02 01:43:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\-Pascal-\AppData\Local\RewardsArcade\498\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/21 15:50:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/21 15:50:02 | 000,000,000 | ---D | M] [2011/01/02 17:09:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Extensions [2012/01/02 17:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions [2011/01/08 21:13:16 | 000,000,000 | ---D | M] (Elf 1 Community Toolbar) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9} [2011/12/28 10:02:04 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2011/03/04 19:25:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011/12/09 16:41:02 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2011/12/10 16:41:02 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/07/04 15:54:25 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2011/12/02 15:18:49 | 000,000,000 | ---D | M] (Incredibar Toolbar) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\ffxtlbr@incredibar.com [2011/12/03 20:05:09 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\-Pascal-\AppData\Roaming\mozilla\Firefox\Profiles\wqaw2px3.default\extensions\toolbar@ask.com [2011/03/26 19:51:36 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-2.xml [2011/05/07 07:52:48 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-3.xml [2011/07/19 11:22:40 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-4.xml [2011/08/31 15:33:23 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-5.xml [2011/09/01 20:38:59 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-6.xml [2011/12/02 13:09:54 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-7.xml [2011/12/28 10:22:26 | 000,000,950 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin-8.xml [2010/05/12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\icqplugin.xml [2011/12/02 15:18:46 | 000,002,201 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\MyStart Search.xml [2012/01/02 15:29:38 | 000,003,367 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\search-results.xml [2011/12/03 09:10:54 | 000,002,270 | ---- | M] () -- C:\Users\-Pascal-\AppData\Roaming\Mozilla\Firefox\Profiles\wqaw2px3.default\searchplugins\SearchTheWeb.xml [2012/01/02 17:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011/01/06 20:47:45 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de [2008/02/22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll [2011/11/20 17:16:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/11/20 17:16:17 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011/11/20 17:16:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011/11/20 17:16:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011/11/20 17:16:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll (Montera Technologeis LTD) O3 - HKCU\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [KMCONFIG] "C:\Program Files (x86)\Mouse Driver\StartAutorun.exe" KMConfig.exe File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [iChat] C:\Program Files (x86)\IChat\iChat.exe (AlexSoft) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2602F395-FC82-414A-919C-E03F3E080502}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/12/07 14:45:03 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007/03/07 16:49:40 | 012,723,728 | R--- | M] (Ubisoft) - E:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2003/10/06 08:52:36 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{c4b539d2-fdc5-11df-af4a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c4b539d2-fdc5-11df-af4a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2007/03/07 16:49:40 | 012,723,728 | R--- | M] (Ubisoft) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk - C:\PROGRA~2\PICTUR~1\Bin\PICTUR~1.EXE - (Hewlett-Packard Company) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WeGame.lnk - C:\PROGRA~2\WeGame\wegame.exe - (WeGame.com, Inc.) MsConfig:64bit - StartUpFolder: C:^Users^-Pascal-^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\PROGRA~2\OpenOffice.org 3\program\quickstart.exe - () MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Search-Results) MsConfig:64bit - StartUpReg: EA Core - hkey= - key= - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts) MsConfig:64bit - StartUpReg: Easybits Recovery - hkey= - key= - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) MsConfig:64bit - StartUpReg: HPAdvisorDock - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe () MsConfig:64bit - StartUpReg: iChat - hkey= - key= - C:\Program Files (x86)\IChat\iChat.exe (AlexSoft) MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - File not found MsConfig:64bit - StartUpReg: PDF Complete - hkey= - key= - C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: SmartMenu - hkey= - key= - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/01/03 09:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011/12/30 19:27:26 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\grafiti [2011/12/28 10:14:03 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\xfire [2011/12/28 10:02:00 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Local\Conduit [2011/12/28 10:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2011/12/28 09:54:00 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps [2011/12/28 09:27:40 | 000,000,000 | ---D | C] -- C:\Fraps [2011/12/27 13:37:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2011/12/26 11:57:45 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\gamigo Games [2011/12/26 11:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gamigo Games [2011/12/26 11:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gamigo Games [2011/12/25 14:09:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2011/12/25 10:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Driver [2011/12/25 10:57:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mouse Driver [2011/12/24 12:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft [2011/12/23 14:40:15 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\musik [2011/12/23 11:47:19 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Documents\Cross Fire [2011/12/23 11:47:19 | 000,000,000 | ---D | C] -- C:\CFLog [2011/12/23 11:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Z8Games [2011/12/23 11:41:04 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2011/12/23 11:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bohemia Interactive [2011/12/23 11:12:30 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\CrossFire_1082 [2011/12/20 17:33:22 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Malwarebytes [2011/12/20 17:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/12/20 17:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/12/20 17:32:57 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/12/20 17:32:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/12/18 15:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bau-Simulator 2012 Demo [2011/12/18 15:31:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bau-Simulator 2012 Demo [2011/12/18 11:42:21 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Documents\Kalypso Media [2011/12/18 11:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Airline Tycoon 2-Demo [2011/12/18 11:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso Media [2011/12/18 11:11:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kalypso Media [2011/12/18 10:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\RTL Winter Sports 2009 [2011/12/18 10:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RTL Sports [2011/12/18 10:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tank Simulation Demo [2011/12/18 10:22:29 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\Tank Simulation Demo [2011/12/17 16:15:11 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Local\Criterion Games [2011/12/17 12:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2011/12/17 12:05:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2011/12/17 11:09:24 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\OpenCandy [2011/12/17 11:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2011/12/17 10:56:36 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Local\GamersFirst LIVE! [2011/12/17 10:56:29 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Local\PMB Files [2011/12/17 10:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2011/12/17 10:56:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2011/12/17 10:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamersFirst [2011/12/17 10:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamersFirst [2011/12/17 10:29:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Biathlon 2004 [2011/12/17 10:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biathlon 2004 [2011/12/17 10:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts [2011/12/15 16:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Biathlon 2009 (Demo) [2011/12/15 16:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MTA San Andreas All [2011/12/15 16:50:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MTA San Andreas 1.1 [2011/12/15 16:39:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewFreeScreensavers [2011/12/14 19:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tetris Unlimited [2011/12/14 19:30:45 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\PROGRAM [2011/12/14 19:11:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion [2011/12/11 12:41:24 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2011/12/10 18:03:14 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Desktop\meine 3ds bilder [2011/12/10 16:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics [2011/12/10 16:46:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics [2011/12/10 16:44:32 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\DeepBurner [2011/12/10 16:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeepBurner [2011/12/10 16:44:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Astonsoft [2011/12/10 16:41:13 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\DVDVideoSoft [2011/12/10 16:41:02 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\DVDVideoSoftIEHelpers [2011/12/10 16:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2011/12/10 16:40:56 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Documents\DVDVideoSoft [2011/12/10 16:40:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2011/12/10 16:40:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2011/12/09 11:53:53 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\kikin [2011/12/09 11:53:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kikin [2011/12/09 11:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 2D [2011/12/09 11:53:48 | 000,000,000 | ---D | C] -- C:\Counter-Strike 2D [2011/12/08 19:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011/12/08 19:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011/12/08 18:20:46 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Roaming\Avira [2011/12/08 18:15:00 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011/12/08 18:15:00 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011/12/08 18:15:00 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011/12/08 18:14:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011/12/08 18:14:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011/12/07 14:44:48 | 000,000,000 | ---D | C] -- C:\sh4ldr [2011/12/07 14:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2011/12/06 18:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security [2011/12/06 18:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2011/12/06 18:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011/12/05 21:03:53 | 000,000,000 | RH-D | C] -- C:\Users\-Pascal-\AppData\Roaming\SecuROM [2011/12/05 20:40:33 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Documents\ArmA [2011/12/05 20:40:33 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\AppData\Local\ArmA [2011/12/05 20:39:36 | 000,431,104 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2011/12/05 20:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2011/12/05 20:39:35 | 000,409,600 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2011/12/05 20:39:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL [2011/12/05 13:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra [2011/12/04 19:37:29 | 000,000,000 | ---D | C] -- C:\Users\-Pascal-\Documents\Battlefield 2 [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/01/03 15:03:28 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/03 15:03:28 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/03 14:56:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/01/03 14:55:57 | 536,322,047 | -HS- | M] () -- C:\hiberfil.sys [2012/01/03 09:55:05 | 000,000,082 | ---- | M] () -- C:\Users\-Pascal-\Documents\cc_20120103_095502.reg [2012/01/03 09:42:03 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012/01/03 09:39:33 | 000,002,132 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/01/02 15:53:02 | 000,000,219 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Counter-Strike Source Beta.url [2011/12/31 12:35:08 | 000,001,218 | ---- | M] () -- C:\Users\-Pascal-\Desktop\flagge-deutschland.gif [2011/12/30 19:27:32 | 000,004,544 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Neues Journal-Dokument.jnt [2011/12/30 17:03:44 | 000,009,216 | ---- | M] () -- C:\Users\-Pascal-\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/28 09:54:00 | 000,000,574 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Fraps.lnk [2011/12/27 13:37:42 | 000,001,003 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Audacity.lnk [2011/12/24 12:17:21 | 000,002,262 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Ubi Soft Product Registration.lnk [2011/12/24 12:14:18 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Splinter Cell spielen.lnk [2011/12/23 11:42:15 | 000,025,395 | ---- | M] () -- C:\Users\-Pascal-\Desktop\CrossFire_1082.dlbt [2011/12/23 11:41:04 | 000,431,104 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2011/12/23 11:41:03 | 000,409,600 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2011/12/20 17:33:00 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/12/18 15:29:10 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000D59.LCS [2011/12/18 14:07:23 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000CE8.LCS [2011/12/18 10:22:42 | 000,001,655 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Tank Simulation Demo.lnk [2011/12/17 11:18:55 | 000,001,233 | ---- | M] () -- C:\Users\Public\Desktop\War Rock.lnk [2011/12/17 11:13:09 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2011/12/17 11:13:04 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2011/12/17 10:56:22 | 000,001,222 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk [2011/12/17 10:56:22 | 000,001,188 | ---- | M] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk [2011/12/17 10:01:37 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk [2011/12/17 10:01:25 | 000,005,214 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg [2011/12/15 05:41:14 | 000,028,056 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll [2011/12/11 12:41:25 | 000,001,798 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Day of Defeat Source.lnk [2011/12/11 12:41:25 | 000,001,796 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Half-Life 2 Deathmatch.lnk [2011/12/11 12:41:25 | 000,001,796 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Counter-Strike Source.lnk [2011/12/10 19:50:24 | 000,003,367 | ---- | M] () -- C:\Users\-Pascal-\Documents\Data CD#1.dbr [2011/12/10 16:46:11 | 000,001,320 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Auslogics Disk Defrag.lnk [2011/12/10 16:44:25 | 000,001,145 | ---- | M] () -- C:\Users\-Pascal-\Desktop\DeepBurner.lnk [2011/12/10 16:41:00 | 000,001,498 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Free YouTube to MP3 Converter.lnk [2011/12/10 16:41:00 | 000,001,311 | ---- | M] () -- C:\Users\-Pascal-\Desktop\DVDVideoSoft Free Studio.lnk [2011/12/09 12:21:06 | 000,000,696 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Counter-Strike 2D.lnk [2011/12/08 18:15:19 | 001,188,624 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2011/12/07 14:45:03 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2011/12/07 14:42:26 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/12/07 14:42:26 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011/12/07 14:42:26 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/12/07 14:42:26 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011/12/07 14:42:26 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/12/05 13:44:30 | 000,002,296 | ---- | M] () -- C:\Users\-Pascal-\Desktop\SWAT 4.lnk [2011/12/04 20:36:56 | 000,001,882 | ---- | M] () -- C:\Users\-Pascal-\Desktop\Battlefield 2 spielen.lnk [2011/12/04 19:37:46 | 000,002,168 | ---- | M] () -- C:\Users\Public\Desktop\BF2 jetzt online spielen!.lnk [2011/12/04 19:37:46 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 2.lnk [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/01/03 09:55:05 | 000,000,082 | ---- | C] () -- C:\Users\-Pascal-\Documents\cc_20120103_095502.reg [2012/01/02 15:53:02 | 000,000,219 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Counter-Strike Source Beta.url [2011/12/31 12:36:43 | 000,001,218 | ---- | C] () -- C:\Users\-Pascal-\Desktop\flagge-deutschland.gif [2011/12/30 19:27:32 | 000,004,544 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Neues Journal-Dokument.jnt [2011/12/28 09:27:40 | 000,000,574 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Fraps.lnk [2011/12/27 13:37:42 | 000,001,015 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2011/12/27 13:37:42 | 000,001,003 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Audacity.lnk [2011/12/24 12:17:21 | 000,002,262 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Ubi Soft Product Registration.lnk [2011/12/24 12:14:06 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Splinter Cell spielen.lnk [2011/12/23 11:42:15 | 000,025,395 | ---- | C] () -- C:\Users\-Pascal-\Desktop\CrossFire_1082.dlbt [2011/12/20 17:33:00 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/12/18 10:47:36 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00000D59.LCS [2011/12/18 10:22:42 | 000,001,655 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Tank Simulation Demo.lnk [2011/12/17 11:18:55 | 000,001,233 | ---- | C] () -- C:\Users\Public\Desktop\War Rock.lnk [2011/12/17 11:13:09 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2011/12/17 11:13:04 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2011/12/17 10:56:22 | 000,001,222 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk [2011/12/17 10:56:22 | 000,001,188 | ---- | C] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk [2011/12/17 10:01:25 | 000,005,214 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg [2011/12/15 16:58:48 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00000CE8.LCS [2011/12/15 16:39:49 | 008,782,382 | ---- | C] () -- C:\Windows\SysWow64\nfsFirePlace02.scr [2011/12/15 05:41:14 | 000,028,056 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll [2011/12/11 12:41:25 | 000,001,798 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Day of Defeat Source.lnk [2011/12/11 12:41:25 | 000,001,796 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Half-Life 2 Deathmatch.lnk [2011/12/11 12:41:25 | 000,001,796 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Counter-Strike Source.lnk [2011/12/10 19:50:24 | 000,003,367 | ---- | C] () -- C:\Users\-Pascal-\Documents\Data CD#1.dbr [2011/12/10 16:44:25 | 000,001,145 | ---- | C] () -- C:\Users\-Pascal-\Desktop\DeepBurner.lnk [2011/12/10 16:41:00 | 000,001,498 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Free YouTube to MP3 Converter.lnk [2011/12/10 16:41:00 | 000,001,311 | ---- | C] () -- C:\Users\-Pascal-\Desktop\DVDVideoSoft Free Studio.lnk [2011/12/09 12:21:06 | 000,000,696 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Counter-Strike 2D.lnk [2011/12/08 18:15:20 | 000,002,132 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011/12/07 14:45:03 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2011/12/06 18:45:47 | 001,188,624 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB [2011/12/05 13:44:30 | 000,002,296 | ---- | C] () -- C:\Users\-Pascal-\Desktop\SWAT 4.lnk [2011/12/04 20:36:56 | 000,001,882 | ---- | C] () -- C:\Users\-Pascal-\Desktop\Battlefield 2 spielen.lnk [2011/12/04 19:37:46 | 000,002,168 | ---- | C] () -- C:\Users\Public\Desktop\BF2 jetzt online spielen!.lnk [2011/12/04 19:37:46 | 000,002,146 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2.lnk [2011/12/02 15:26:00 | 000,009,216 | ---- | C] () -- C:\Users\-Pascal-\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/02 15:18:49 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011/05/22 13:10:44 | 000,000,000 | ---- | C] () -- C:\Windows\EAREMOVE.INI [2011/03/28 13:51:43 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll [2011/03/28 13:51:43 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2011/03/28 13:48:55 | 000,185,344 | ---- | C] () -- C:\Windows\patchw32.dll [2011/03/28 13:30:11 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys [2011/03/28 13:30:11 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys [2011/03/19 13:52:57 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011/03/05 08:49:58 | 000,001,237 | ---- | C] () -- C:\Windows\eReg.dat [2011/03/04 14:25:32 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll [2011/03/04 14:24:33 | 000,000,266 | ---- | C] () -- C:\Windows\SIERRA.INI [2011/02/15 15:09:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/02/09 19:19:11 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011/02/09 19:19:07 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011/02/09 19:19:04 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2011/01/02 15:38:06 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010/12/02 02:02:20 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010/12/02 01:37:46 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2010/12/02 01:06:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010/02/10 03:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL [2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [1997/06/14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll ========== LOP Check ========== [2011/01/03 20:27:35 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Auslogics [2011/12/10 16:45:15 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\DeepBurner [2011/12/10 16:41:14 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\DVDVideoSoft [2011/12/10 16:41:02 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\DVDVideoSoftIEHelpers [2011/12/02 13:35:42 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\GrabPro [2011/12/20 17:29:38 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\ICQ [2011/12/09 16:41:02 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\kikin [2011/03/09 17:11:07 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\MysteryStudio [2011/12/17 11:09:26 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\OpenCandy [2011/01/16 13:39:25 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\OpenOffice.org [2011/12/08 18:24:14 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Orbit [2011/01/02 15:45:10 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\PictureMover [2011/12/02 13:35:45 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\ProgSense [2011/12/18 10:47:35 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\ProtectDisc [2011/01/15 08:31:17 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\QuickStoresToolbar [2011/01/06 19:10:45 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\RedDotGames [2011/01/09 10:11:28 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Tific [2011/03/28 13:48:56 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\ubi.com [2011/12/15 18:52:41 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Ubisoft [2011/06/04 20:38:25 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Wildlife Park 2 [2011/06/04 20:36:50 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Wildlife Park 2 - Crazy Zoo [2011/06/04 20:37:30 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\Wildlife Park 2 - Marine World [2011/01/02 17:02:51 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\WildTangent [2011/12/27 13:43:58 | 000,000,000 | ---D | M] -- C:\Users\-Pascal-\AppData\Roaming\_MDLogs [2011/12/28 10:19:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011/02/14 17:09:49 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011/12/23 11:47:19 | 000,000,000 | ---D | M] -- C:\CFLog [2011/12/09 16:24:55 | 000,000,000 | ---D | M] -- C:\Counter-Strike 2D [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011/12/06 19:00:08 | 000,000,000 | ---D | M] -- C:\downloads [2011/12/28 09:38:44 | 000,000,000 | ---D | M] -- C:\Fraps [2010/12/02 01:38:08 | 000,000,000 | RHSD | M] -- C:\hp [2011/03/19 15:34:51 | 000,000,000 | ---D | M] -- C:\JANES [2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011/12/23 11:34:43 | 000,000,000 | R--D | M] -- C:\Program Files [2011/12/29 11:29:18 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011/12/28 10:21:14 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009/07/24 19:32:39 | 000,000,000 | -HSD | M] -- C:\Recovery [2011/12/08 19:48:03 | 000,000,000 | ---D | M] -- C:\sh4ldr [2011/03/04 14:24:45 | 000,000,000 | ---D | M] -- C:\SIERRA [2011/01/02 17:03:59 | 000,000,000 | ---D | M] -- C:\swsetup [2012/01/03 15:01:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011/01/02 15:43:44 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV [2011/02/14 17:09:35 | 000,000,000 | R--D | M] -- C:\Users [2012/01/03 14:56:01 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008/06/06 23:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2010/12/02 01:47:23 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe [2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2010/12/02 01:49:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2010/12/02 01:49:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2010/12/02 01:47:23 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe [2010/12/02 01:45:18 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2010/12/02 01:49:55 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe [2010/12/02 01:49:55 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010/12/02 01:45:18 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010/12/02 01:49:55 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010/12/02 01:45:18 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2010/12/02 01:49:55 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2010/12/02 01:47:23 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe [2010/12/02 01:45:18 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe [2010/12/02 01:47:23 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe < MD5 for: IASTORV.SYS > [2010/12/02 01:59:02 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\SysNative\drivers\iaStorV.sys [2010/12/02 01:59:02 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_c9199d57075f47a9\iaStorV.sys [2010/12/02 01:59:02 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [2010/12/02 01:59:02 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2010/12/02 01:59:02 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\SysNative\drivers\nvstor.sys [2010/12/02 01:59:02 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_c09ee40f078b4594\nvstor.sys [2010/12/02 01:59:02 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2010/12/02 01:59:02 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WINLOGON.EXE > [2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2010/12/02 01:49:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010/12/02 01:49:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2010/12/02 01:49:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2012/01/03 15:10:33 | 002,883,584 | -HS- | M] () -- C:\Users\-Pascal-\NTUSER.DAT [2012/01/03 15:10:32 | 000,262,144 | -HS- | M] () -- C:\Users\-Pascal-\ntuser.dat.LOG1 [2011/01/02 15:37:55 | 000,000,000 | -HS- | M] () -- C:\Users\-Pascal-\ntuser.dat.LOG2 [2011/01/02 18:22:33 | 000,065,536 | -HS- | M] () -- C:\Users\-Pascal-\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011/01/02 18:22:33 | 000,524,288 | -HS- | M] () -- C:\Users\-Pascal-\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011/01/02 18:22:33 | 000,524,288 | -HS- | M] () -- C:\Users\-Pascal-\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011/01/02 15:37:55 | 000,000,020 | -HS- | M] () -- C:\Users\-Pascal-\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2 < End of report > |
03.01.2012, 15:11 | #9 |
/// Malware-holic | quartänte .was ist das. 1. kannst du ruhig du zu mir sagen :-) 2. alle programme, auch die neben der uhr im infobereich, geht meist über rechtsklick, deaktivieren bzw beenden. mach mal ein Malwarebytes update, kompletten scan, log posten. gibts irgendwelche auffälligkeiten des pcs?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
03.01.2012, 15:23 | #10 |
| quartänte .was ist das. ok danke das du mir hilfst und sorry wegen der post wo für brauchst du das üperhaupt? |
03.01.2012, 17:37 | #11 |
| quartänte .was ist das. 09:29:15 -Pascal- MESSAGE Protection started successfully 09:29:20 -Pascal- MESSAGE IP Protection started successfully 09:31:58 -Pascal- IP-BLOCK 89.149.216.28 (Type: outgoing, Port: 49290, Process: firefox.exe) 09:43:06 -Pascal- MESSAGE Protection started successfully 09:43:11 -Pascal- MESSAGE IP Protection started successfully 09:43:12 -Pascal- MESSAGE Scheduled update executed successfully 09:44:54 -Pascal- MESSAGE IP Protection stopped 09:44:56 -Pascal- MESSAGE Database updated successfully 09:44:58 -Pascal- MESSAGE IP Protection started successfully 14:58:28 -Pascal- MESSAGE Protection started successfully 14:58:33 -Pascal- MESSAGE IP Protection started successfully 17:41:20 -Pascal- MESSAGE Protection started successfully 17:41:25 -Pascal- MESSAGE IP Protection started successfully |
03.01.2012, 18:14 | #12 |
/// Malware-holic | quartänte .was ist das. das wollte ich nicht, steht doch eig da was ich sehen wollte, update, kompletter (vollständiger) scan das ist das protection log.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
03.01.2012, 19:49 | #13 |
| quartänte .was ist das. Malwarebytes' Anti-Malware 1.51.2.1300 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 912010301 Windows 6.1.7600 Internet Explorer 9.0.8112.16421 03.01.2012 19:38:12 mbam-log-2012-01-03 (19-38-12).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|P:\|) Durchsuchte Objekte: 536974 Laufzeit: 1 Stunde(n), 4 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
03.01.2012, 19:52 | #14 |
| quartänte .was ist das. ist das richtig ich weis einfach nicht weiter was braucht ihr den |
04.01.2012, 14:20 | #15 |
/// Malware-holic | quartänte .was ist das. ist es, ich hab doch deutlich geschrieben was ich brauche :-) gibts probleme mit dem pc und was heißt in deinem thementitel quartänte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu quartänte .was ist das. |
anderes, angezeigt, avira, gefunde, malware, programm, quarantäne, seite, viren, virus, wirklich |