Hallo,
nun bin ich also hier gelandet, vielleicht kann jemand was hilfreiches Kommentieren.

Problembeschreibung:
Ein selbsternannter Hacker behauptet, in eine Datei die mir (irgendwann) ein Bekannter geschickt hat schadhaften code eingebaut zu haben. Da Zugang zum Rechner des Bekannten denkbar ist könnte das durchaus der Fall sein.
Die lange Reihe an Beschimpfungen und die Ankündigung alles an Daten auf meinem Rechner zu löschen spare ich mir hier, man muss wahnsinnigen ja nicht noch publicity geben.

Mit Virensignaturen von gestern hat ein kompletter Systemscan nichts gefunden, was ja bei einem speziellen, neuen Schädling nicht viel heißen muss. Prinzipiell kann eine mögliche Infektion nur über Bilddateien erfolgt sein (zu 95%, vielleicht gab es irgendwann einen anderen Dateityp.) Ein paar der Bilder waren visuell beschädigt, was natürlich auch andere Gründe haben kann. Es ist davon auszugehen dass der Übeltäter auch an die Standortdaten und IP Adresse gelangt ist.

Backups sind vorhanden aber wenig hilfreich da die Infektion irgendwann im vorigen halben Jahr passiert sein könnte. Laut "Hacker" ist das Programm derzeit inaktiv. An entschlossenheit dürfte es dem Angreifer nicht mangeln.

Ziemlich miese Situation.
Wie finde ich also heraus ob da was auf den Rechner eingeschleust wurde?

Logs:
Das System wird eh bald neu aufgesetzt, einige der Prozesse kommen mir schon seit einer weile verdächtig vor.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_30
Run by MaxMustermann at 14:22:37 on 2012-02-07
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.49.1031.18.4086.1588 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\programsstandard\Steam\steam.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Common Files\aol\1253318524\ee\aolsoftware.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Miranda IM\miranda32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\MaxMustermann\Downloads\Defogger.exe
C:\Windows\SysWOW64\conime.exe
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.icq.com/
uURLSearchHooks: H - No File
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll
uURLSearchHooks: H - No File
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Steam] "C:\programsstandard\Steam\Steam.exe" -silent
mRun: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [<NO NAME>]
mRun: [PlusService] "C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe"
StartupFolder: C:\Users\MaxMustermann\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar-Suche - c:\program files (x86)\aol\aol toolbar 4.0\resources\de-DE\local\search.html
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{2D57BB78-04E9-4FE6-9EE7-E02C7FA45635} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{5989A8A2-7CDD-4D2B-B678-8F0996B3A2FE} : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{8788D2CE-56B3-4831-B121-D02EF78B6AAA} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{FF9973E9-EF8F-4490-AE15-0F695A451479} : DhcpNameServer = 192.168.178.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{DE9C389F-3316-41A7-809B-AA305ED9D922}
EB-X64: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
mRun-x64: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [(Standard)]
mRun-x64: [PlusService] "C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe"
IE-X64: {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\MaxMustermann\AppData\Roaming\Mozilla\Firefox\Profiles\sxmskuue.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\programsstandard\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 VBoxDrv;VirtualBox Service;C:\Windows\system32\DRIVERS\VBoxDrv.sys --> C:\Windows\system32\DRIVERS\VBoxDrv.sys [?]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-12-14 748440]
R2 FontCache;Windows-Dienst für Schriftartencache;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-4-30 190488]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-7-14 239648]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech Webcam 300(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft-Netzwerkinspektion;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
R4 ICQ Service;ICQ Service;C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2009-9-21 222968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-8 135664]
S3 AVMUNET;AVM FRITZ!Box;C:\Windows\system32\DRIVERS\avmunet.sys --> C:\Windows\system32\DRIVERS\avmunet.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-8 135664]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 PerfHost;Leistungsindikator-DLL-Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 PORTMON;PORTMON;C:\Users\MaxMustermann\Desktop\sysinternals\PORTMSYS.SYS [2012-2-6 28656]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-14 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-02-06 14:50:04 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A844DE5A-2DD2-4D5E-88DD-89FC034F2E00}\offreg.dll
2012-02-06 14:46:00 -------- d-----w- C:\Windows\SysWow64\spool
2012-02-06 14:46:00 -------- d-----w- C:\Program Files\Windows Portable Devices
2012-02-06 14:46:00 -------- d-----w- C:\Program Files (x86)\Windows Portable Devices
2012-02-06 13:23:37 92672 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2012-02-06 13:23:37 103424 ----a-w- C:\Windows\System32\UIAnimation.dll
2012-02-06 13:23:36 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2012-02-06 13:23:35 3815424 ----a-w- C:\Windows\System32\UIRibbon.dll
2012-02-06 13:23:35 3023360 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2012-02-06 13:23:35 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2012-02-06 13:21:27 167424 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-02-06 13:17:33 231936 ----a-w- C:\Windows\System32\XpsRasterService.dll
2012-02-06 13:10:03 -------- d-----w- C:\Users\MaxMustermann\AppData\Local\{3C9405EA-5210-4AE1-8C13-393F99D23A4B}
2012-02-06 13:07:42 -------- d-----w- C:\Users\MaxMustermann\AppData\Local\{498160B2-ADEC-4985-90DE-1FE484ED7B58}
2012-02-06 13:05:23 -------- d-----w- C:\Program Files (x86)\BrowserCompanion
2012-02-06 13:05:19 -------- d-----w- C:\Program Files (x86)\Yuna Software
2012-02-06 10:32:46 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A844DE5A-2DD2-4D5E-88DD-89FC034F2E00}\mpengine.dll
2012-01-31 12:57:39 94720 ----a-w- C:\Windows\System32\secur32.dll
2012-01-31 12:57:39 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-01-31 12:57:39 515968 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-01-31 12:57:39 442368 ----a-w- C:\Windows\System32\winhttp.dll
2012-01-31 12:57:39 377344 ----a-w- C:\Windows\SysWow64\winhttp.dll
2012-01-31 12:57:39 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-01-31 12:57:39 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-01-31 12:57:39 1689600 ----a-w- C:\Windows\System32\lsasrv.dll
2012-01-31 12:57:39 11264 ----a-w- C:\Windows\System32\lsass.exe
.
==================== Find3M ====================
.
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-27 13:31:11 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-25 16:25:32 451072 ----a-w- C:\Windows\System32\winsrv.dll
2011-11-23 13:57:38 2764800 ----a-w- C:\Windows\System32\win32k.sys
2011-11-18 20:55:05 1585152 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-18 20:55:05 1167984 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-18 18:07:45 76800 ----a-w- C:\Windows\System32\packager.dll
2011-11-18 17:47:03 66560 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-10 04:54:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2009-10-08 15:00:28 2401486 ----a-w- C:\Program Files\uninstall.exe
2006-11-06 23:00:00 95232 ----a-w- C:\Program Files\avmadd64.DLL
2006-11-06 23:00:00 554040 ----a-w- C:\Program Files\usbsetup.exe
2006-11-06 23:00:00 30208 ----a-w- C:\Program Files\avmunet.sys
2006-11-06 23:00:00 134144 ----a-w- C:\Program Files\avmacc64.dll
2006-05-03 09:06:54 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll
.
============= FINISH: 14:23:18,03 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 17.09.2009 23:25:44
System Uptime: 06.02.2012 15:47:02 (23 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P7P55D
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | LGA1156 | 2668/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 129,829 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {ff646f80-8def-11d2-9449-00105a075f6b}
Description: ezplay device ...
Device ID: ROOT\EZPLAY\0000
Manufacturer:
Name: ezplay device ...
PNP Device ID: ROOT\EZPLAY\0000
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 6.0
Adobe Reader 9.1 - Deutsch
Aegisub 2.1.7
Amazon Kindle
Amazon MP3-Downloader 1.0.9
AOL Deinstallation
AOL Installations-Manager
Apple Application Support
Apple Software Update
ARMA 2 Operation Arrowhead Uninstall
ArmA2 Uninstall
Audacity 1.2.6
AVS Media Player 3.1
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
Battlelords
BattlEye for OA Uninstall
BattlEye Uninstall
BI's Tools drive Uninstall
BinMake Uninstall
BinPBO Personal Edition Uninstall
Birth of the Empires 0.71
BlindWrite 6
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.9
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities WFT Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CDBurnerXP
CombineZP
DDS Converter 2.1
Deep Space Nine The Fallen
DVD Flick 1.3.0.7
DVDStyler v2.1
EVE Online (remove only)
EveHQ
Fraps
Freddy's Texture Patch BETA
Frontplatten Designer 3.51
FSM Editor Personal Edition Uninstall
GIMP 2.6.8
Google Chrome
Google Earth
Google Update Helper
Gothic
Gothic 2 Gold
Gothic 3
Gothic_Patch
Haskell Platform 2011.2.0.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C++ 2010 Express - DEU (KB2542054)
Icewind Dale II
ICQ Toolbar
ICQ6.5
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 30
JoJoThumb 2.11.0
LEGO Digital Designer
Medieval II Total War
Medieval II Total War : Kingdoms : Americas
Medieval II Total War : Kingdoms : Britannia
Medieval II Total War : Kingdoms : Crusades
Medieval II Total War : Kingdoms : Teutonic
Messenger Plus!
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP2 DEU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 Express - DEU
Miranda IM 0.9.39
Morrowind
Mozilla Firefox 10.0 (x86 de)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Oblivion
OpenOffice.org 3.1
Oxygen 2 Personal Edition Uninstall
PhotoME
Planescape - Torment
Platform
pyfa 1.0 nighty build
Qt Creator 1.3.0
Qt SDK 2010.05
QuickTime
RAD Video Tools
Realtek 8136 8168 8169 Ethernet Driver
RTC Client API v1.2
Saal Design Software
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Visual C++ 2010 Express - DEU (KB2251489)
Skype Click to Call
Skype™ 5.5
Sound Tools Uninstall
SPEC Viewperf
Star Trek Armada II
Star Trek Armada II: Fleet Operations
Star Wars(tm) Knights of the Old Republic(tm) II: The Sith Lords(tm)
Steam
Stronghold Crusader Extreme
Sun(TM) Download Manager 2.0
SUPER © Version 2009.bld.36 (June 10, 2009)
SWI-Prolog (remove only)
Terragen 2 Free Edition
TES Construction Set
TexView 2 Uninstall
The Elder Scrolls V: Skyrim
ThielHater's Texturepatch v1.0.1
Third Age - Total War 2.0 (Part1of2)
Third Age - Total War 2.0 (Part2of2)
Third Age - Total War 3.0 (Part 1of2)
Third Age - Total War 3.0 (Part 2of2)
TypingMaster TypingTest
Unity Web Player (All users)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
VDFManager v1.0.2
VIA Platform Device Manager
Viewpoint Media Player
Visitor 3 Uninstall
VLC media player 1.0.2
WinHTTrack Website Copier 3.44-1
Wippien 2.3
Wisdom-soft Set up ASR 3.1 Free
YouTube Downloader Toolbar v4.9
.
==== End Of File ===========================



Einige der als Installiert gemeldeten Programme sind schon funktionsuntüchtig gemacht, über die Jahre sammelt sich allerlei kram an.
Entschuldigung für die Unordnung.

Zitat:

Ziemlich miese Situation.
Wie finde ich also heraus ob da was auf den Rechner eingeschleust wurde?

Wie? Gute Frage. Ob? Vllt mit Glück. Man hat leider keinen Ansatz wann was genau "ausgeführt" wurde. Du schriebst was davon, dass es zu 95% Wahrscheinlichkeit wohl ein Bild war, in dem der mutmaßliche Hacker seinen Code abgeladen haben könnte?
Nun gut Bilder sind nicht ausführbar, aber wenn der Code eine Schwachstelle in einem bestimmten Programm ausnutzt bingt die prinzipielle Nicht-Ausführbarkeit von Bildern da auch nichts.

Hast du schon mal Malwarebytes und ESET laufen lassen?

Danke fürs antworten.
Kaspersky findet nichts ausser ein paar möglichen Sicherheitslücken, das windows bordmittel findet gar nichts, ein paar andere onlinescans finden auch nichts. Malwarebytes läuft gerade für einen kompletten scan.
Die kritischen Daten auf dem System sind auf Backups auch vorhanden und die wichtigen Sachen die noch da waren hab ich gelöscht. Den Schaden durch ein Datenleck begrenzen. Natürlich würde ich gerne rausfinden ob und wenn ja was eingschleust wurde. Ob die Ursprungsdatei eines möglichen schädlings noch infiziert ist lässt sich kaum sagen. Vielleicht wars ja nur eine leere Drohung aber besser safe als sorry. Lasse noch ein paar Tests laufen, vielleicht ergibt sich ja da was. Noch irgendwelche Tipps?

Zeig erstmal die Logs von MBAM und ESET....

Eset findet manches. Interessant was eset findet das bei kaspersky nicht auffällt. Seltsam.

Eset
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting (after the next restart) - quarantined
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\programsstandard\Doomsday13\TNW_NTL_patch.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
C:\programsstandard\hoi2003enhanced10stable\Doomsday13\TNW_NTL_patch.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
C:\programsstandard\hoi2003enhanced2\Doomsday13\TNW_NTL_patch.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
C:\programsstandard\hoi2003enhanced200350peacetimeicthebetterversionisicmod\Doomsday13\TNW_NTL_patch.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
C:\programsstandard\hoi2003enhanced3\Doomsday13\TNW_NTL_patch.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
C:\programsstandard\hoi2003enhanced37releasecandidate1\Doomsday13\TNW_NTL_patch.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
C:\programsstandard\hoi2003enhanced60releasecandidate2\Doomsday13\TNW_NTL_patch.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
C:\programsstandard\hoi2003enhanced95maybeunstable\Doomsday13\TNW_NTL_patch.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
C:\programsstandard\hoi2003enhanced95maybeunstablenukesareactive\Doomsday13\TNW_NTL_patch.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
C:\programsstandard\hoi2003enhanced96\Doomsday13\TNW_NTL_patch.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
C:\programsstandard\hoi2003enhanced96nukeacti\Doomsday13\TNW_NTL_patch.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
C:\Users\MaxMustermann\AppData\Local\Temp\NOD950E.tmp a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Users\MaxMustermann\AppData\Local\TempDIR\BetterInstaller.exe Win32/Adware.Somoto.A application cleaned by deleting - quarantined
C:\Users\MaxMustermann\Downloads\Setup-MsgPlus-510.exe a variant of Win32/MessengerPlus.A application deleted - quarantined
C:\Users\MaxMustermann\Downloads\YouTubeDownloaderSetup34.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.08.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19170
**** :: ***** [Administrator]

Schutz: Aktiviert

08.02.2012 14:53:39
mbam-log-2012-02-08 (14-53-39).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1216009
Laufzeit: 3 Stunde(n), 18 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.08.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19170
**** :: ***** [Administrator]

Schutz: Aktiviert

08.02.2012 14:52:11
mbam-log-2012-02-08 (14-52-11).txt

Art des Suchlaufs: Flash-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Registrierung | Dateisystem | P2P
Durchsuchte Objekte: 168164
Laufzeit: 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESET ist "etwas" empfindlicher/hysterischer was Adware bzw. Toolbars angeht. Fast jede Toolbar wird als Adware eingestuft (garnicht mal zu Unrecht ) und dementsprechend auch die Setups von Programmen, da sie ja Toolbars huckepack transportieren

Zitat:

C:\programsstandard\Doomsday13\TNW_NTL_patch.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined

Äh wasndas?

Die Datei NTL patch verändert die exe von hearts of iron 2 so dass sich das Spiel auch in andere epochen als den 2. Weltkrieg modden lässt. Das wird vom hersteller toleriert. Da es eine exe ändert wird es wohl als Virus erkannt, ist aber schon seit jahren da, naja, jetzt ist es weg. Die geänderte exe an sich ist nicht entdeckt worden, bei der meckerte mal eine antike version von norton.

Viele Grüße
Unixoidesdin

Moment mal, sprechen wir von einer Heim- oder Büroumgebung?

Das lässt sich nicht trennen, beides.
Firefox hat mir heute ne Palette von "Sie möchten.... herunterladen" präsentiert. "search" von google, passierte beim eintippen aller suchbegriffe, vielleicht eine google instant fehlfunktion? Oder doch was sicherheitskritisches?
Ist noch nie vorher passiert.

Na ich find das schon etwas subobtimal so riskante Hacks auf einem Rechner auszuführen, den man auch beruflich einsetzt. Solche riskanten Spielereien kann man doch in einer VM oder auf einem anderen Rechner auslagern, meinst du nicht auch?

Falls du diesen angeblich gefährlichen Hearts of iron patch meinst, der wurde auf diesem rechner nie ausgeführt sondern nur mit rüberkopiert, hab ich auch irgendwo im quelltext. Der stammt von 2006 oder so und ist harmlos, auch wenn er von irgendwelchen paramilitärs geschrieben wurde.
Das Problem ist viel mehr dass da wo schadsoftware sein könnte von der ich nichts weiß.

Mir fällt noch etwas ein.
Die Dateien die ich von dem Bekannten erhalten habe und von denen laut "Hacker" eine oder mehrere präpariert waren wurden teils falsch angezeigt, Bildfehler wie z.B. Farbstich. Eine verkleinerte danach geschickte Version des gleichen Bilds wurde aber korrekt angezeigt. Könnte es sein dass Teile der änderung in den Bilddatenteil geschrieben wurden und als Farbwert fehlinterpretiert wurden, dann aber beim runtersaklieren verschwunden sind?
Verdächtig ist es jedenfalls.

Weiß ich nicht. Das ist wilde Spekulation.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code: Alles auswählenAufklappen

ATTFilter

 hier steht das Log
         

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Starte bitte die OTL.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Setze oben mittig den Haken bei Scanne alle Benutzer
• Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code: Alles auswählenAufklappen

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Klick auf .
• Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Ich hoffe der Boardcode bindet das richtig ein.
Das Log: persönliches ist nach kontrolle mit ***censored*** ersetzt.


OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 10.02.2012 17:01:02 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***censored***\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 62,02% Memory free
8,20 Gb Paging File | 6,44 Gb Available in Paging File | 78,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 125,57 Gb Free Space | 26,96% Space Free | Partition Type: NTFS
 
Computer Name: ***censored*** | User Name: ***censored*** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.10 16:53:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***censored***\Desktop\OTL.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.11.11 12:05:00 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011.11.11 12:01:21 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\programsstandard\Steam\steam.exe
PRC - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009.08.19 09:32:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009.08.19 09:32:20 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009.07.14 20:28:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.05.08 09:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.05.08 09:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2009.04.30 15:01:12 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2006.10.23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.11 12:04:59 | 014,410,024 | ---- | M] () -- C:\programsstandard\Steam\bin\libcef.dll
MOD - [2011.11.11 12:04:58 | 000,914,216 | ---- | M] () -- C:\programsstandard\Steam\bin\avcodec-52.dll
MOD - [2011.11.11 12:04:58 | 000,194,344 | ---- | M] () -- C:\programsstandard\Steam\bin\chromehtml.dll
MOD - [2011.11.11 12:04:58 | 000,155,432 | ---- | M] () -- C:\programsstandard\Steam\bin\avformat-52.dll
MOD - [2011.11.11 12:04:58 | 000,091,432 | ---- | M] () -- C:\programsstandard\Steam\bin\avutil-50.dll
MOD - [2009.08.18 14:54:22 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.05.08 09:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009.05.08 09:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.04.27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011.04.27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009.04.30 15:01:00 | 000,190,488 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2008.01.21 03:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008.01.21 03:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.10 05:14:42 | 001,148,632 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2011.11.11 12:05:00 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.03 07:05:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.07.14 20:28:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.03.30 05:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2006.10.23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.02.09 16:20:05 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.09.21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011.04.27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010.02.03 14:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2010.01.03 07:02:44 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.09.28 20:57:28 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.07.10 04:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.05.25 07:51:00 | 000,207,872 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009.05.01 00:03:08 | 006,377,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech Webcam 300(UVC)
DRV:64bit: - [2009.05.01 00:01:36 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009.04.30 23:59:24 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009.04.30 14:59:48 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009.04.30 14:59:48 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2006.11.29 23:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wanatw64.sys -- (wanatw) WAN Miniport (ATW)
DRV:64bit: - [2006.11.07 00:00:00 | 000,030,208 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avmunet.sys -- (AVMUNET)
DRV:64bit: - [2006.10.31 16:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2012.02.06 18:40:22 | 000,028,656 | ---- | M] (Systems Internals) [Kernel | On_Demand | Stopped] -- C:\Users\***censored***\Desktop\sysinternals\PORTMSYS.SYS -- (PORTMON)
DRV - [2009.09.28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4180548068-2469025799-1583608749-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-4180548068-2469025799-1583608749-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4180548068-2469025799-1583608749-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4180548068-2469025799-1583608749-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF 42 8E 2E D3 37 CA 01  [binary data]
IE - HKU\S-1-5-21-4180548068-2469025799-1583608749-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-4180548068-2469025799-1583608749-1000\..\URLSearchHook: {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No CLSID value found
IE - HKU\S-1-5-21-4180548068-2469025799-1583608749-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-4180548068-2469025799-1583608749-1000\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-4180548068-2469025799-1583608749-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\programsstandard\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.03 11:07:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.08 22:22:56 | 000,000,000 | ---D | M]
 
[2009.09.17 21:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***censored***\AppData\Roaming\mozilla\Extensions
[2012.02.06 16:35:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***censored***\AppData\Roaming\mozilla\Firefox\Profiles\sxmskuue.default\extensions
[2012.02.07 13:29:38 | 000,000,950 | ---- | M] () -- C:\Users\***censored***\AppData\Roaming\Mozilla\Firefox\Profiles\sxmskuue.default\searchplugins\icqplugin-1.xml
[2009.12.17 09:08:34 | 000,000,961 | ---- | M] () -- C:\Users\***censored***\AppData\Roaming\Mozilla\Firefox\Profiles\sxmskuue.default\searchplugins\icqplugin-2.xml
[2010.01.06 19:45:12 | 000,000,961 | ---- | M] () -- C:\Users\***censored***\AppData\Roaming\Mozilla\Firefox\Profiles\sxmskuue.default\searchplugins\icqplugin-3.xml
[2010.02.20 14:46:09 | 000,000,961 | ---- | M] () -- C:\Users\***censored***\AppData\Roaming\Mozilla\Firefox\Profiles\sxmskuue.default\searchplugins\icqplugin-4.xml
[2010.03.14 16:30:24 | 000,000,950 | ---- | M] () -- C:\Users\***censored***\AppData\Roaming\Mozilla\Firefox\Profiles\sxmskuue.default\searchplugins\icqplugin-5.xml
[2010.03.23 12:20:06 | 000,000,950 | ---- | M] () -- C:\Users\***censored***\AppData\Roaming\Mozilla\Firefox\Profiles\sxmskuue.default\searchplugins\icqplugin-6.xml
[2010.04.03 11:39:03 | 000,000,950 | ---- | M] () -- C:\Users\***censored***\AppData\Roaming\Mozilla\Firefox\Profiles\sxmskuue.default\searchplugins\icqplugin-7.xml
[2010.08.01 11:21:51 | 000,000,950 | ---- | M] () -- C:\Users\***censored***\AppData\Roaming\Mozilla\Firefox\Profiles\sxmskuue.default\searchplugins\icqplugin-8.xml
[2011.05.06 11:46:45 | 000,000,950 | ---- | M] () -- C:\Users\***censored***\AppData\Roaming\Mozilla\Firefox\Profiles\sxmskuue.default\searchplugins\icqplugin-9.xml
[2009.11.03 22:35:21 | 000,000,955 | ---- | M] () -- C:\Users\***censored***\AppData\Roaming\Mozilla\Firefox\Profiles\sxmskuue.default\searchplugins\icqplugin.xml
[2012.02.03 11:07:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.09.21 20:28:10 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.01.11 12:18:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.03 11:07:41 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2012.02.03 11:07:38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.03 11:07:35 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.03 11:07:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.03 11:07:35 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.03 11:07:35 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.03 11:07:35 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.03 11:07:35 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo! Deutschland (Enabled)
CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://de-sayt.ff.search.yahoo.com/gossip-de-sayt?output=fxjson&command={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\***censored***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\programsstandard\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\***censored***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\***censored***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Skype Click to Call = C:\Users\***censored***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Google Mail = C:\Users\***censored***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-4180548068-2469025799-1583608749-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4180548068-2469025799-1583608749-1000..\Run: [Steam] C:\programsstandard\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\***censored***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - c:\program files (x86)\aol\aol toolbar 4.0\resources\de-DE\local\search.html ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\program files (x86)\aol\aol toolbar 4.0\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4180548068-2469025799-1583608749-1000\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D57BB78-04E9-4FE6-9EE7-E02C7FA45635}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5989A8A2-7CDD-4D2B-B678-8F0996B3A2FE}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8788D2CE-56B3-4831-B121-D02EF78B6AAA}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF9973E9-EF8F-4490-AE15-0F695A451479}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***censored***\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\***censored***\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d05256af-a3cf-11de-9c96-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d05256af-a3cf-11de-9c96-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRunMorrowind.exe
O33 - MountPoints2\{d05256af-a3cf-11de-9c96-806e6f6e6963}\Shell\install\command - "" = D:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {78310121-036D-427A-9FAA-A9D8135E5F8F} - .NET Framework
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\SysWow64\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\SysWow64\Scg726.acm (SHARP Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\SysWow64\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\Windows\SysWow64\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.mp42 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.10 16:53:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***censored***\Desktop\OTL.exe
[2012.02.09 16:20:05 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012.02.09 16:20:04 | 000,000,000 | ---D | C] -- C:\Users\***censored***\AppData\Roaming\Spyware Terminator
[2012.02.09 16:20:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2012.02.09 16:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2012.02.09 16:18:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2012.02.09 16:00:52 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys
[2012.02.09 16:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2012.02.09 16:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012.02.08 22:22:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.02.08 18:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.08 14:51:18 | 000,000,000 | ---D | C] -- C:\Users\***censored***\AppData\Roaming\Malwarebytes
[2012.02.08 14:51:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.08 14:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.08 14:50:56 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.08 14:50:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.07 22:52:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.02.07 14:21:07 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\***censored***\Desktop\dds.com
[2012.02.06 18:18:44 | 000,000,000 | ---D | C] -- C:\Users\***censored***\Desktop\sysinternals
[2012.02.06 15:46:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012.02.06 15:46:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2012.02.06 15:46:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012.02.06 14:10:03 | 000,000,000 | ---D | C] -- C:\Users\***censored***\AppData\Local\{3C9405EA-5210-4AE1-8C13-393F99D23A4B}
[2012.02.06 14:07:42 | 000,000,000 | ---D | C] -- C:\Users\***censored***\AppData\Local\{498160B2-ADEC-4985-90DE-1FE484ED7B58}
[2012.02.06 14:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowserCompanion
[2012.02.06 14:05:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yuna Software
[2012.01.26 15:41:46 | 000,000,000 | ---D | C] -- C:\Users\***censored***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 2of2)
[2012.01.26 15:32:57 | 000,000,000 | ---D | C] -- C:\Users\***censored***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Third Age - Total War 3.0 (Part 1of2)
[2010.08.07 19:40:08 | 000,118,400 | ---- | C] (VSO Software) -- C:\Users\***censored***\AppData\Roaming\ezplay.sys
[2009.10.08 16:00:22 | 002,401,486 | ---- | C] (BitRock SL) -- C:\Program Files\uninstall.exe
[2006.11.07 00:00:00 | 000,554,040 | ---- | C] (AVM GmbH) -- C:\Program Files\usbsetup.exe
[2006.11.07 00:00:00 | 000,134,144 | ---- | C] (AVM GmbH) -- C:\Program Files\avmacc64.dll
[2006.11.07 00:00:00 | 000,095,232 | ---- | C] (AVM GmbH) -- C:\Program Files\avmadd64.DLL
[2006.11.07 00:00:00 | 000,030,208 | ---- | C] (AVM GmbH) -- C:\Program Files\avmunet.sys
[4 C:\Users\***censored***\AppData\Local\*.tmp files -> C:\Users\***censored***\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.10 16:53:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***censored***\Desktop\OTL.exe
[2012.02.10 16:30:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.10 16:17:18 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.10 16:17:18 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.10 12:22:46 | 003,281,326 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.10 12:22:46 | 000,711,628 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012.02.10 12:22:46 | 000,710,412 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012.02.10 12:22:46 | 000,673,552 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.10 12:22:46 | 000,634,282 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.10 12:22:46 | 000,149,504 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012.02.10 12:22:46 | 000,145,620 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.10 12:22:46 | 000,145,130 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012.02.10 12:22:46 | 000,119,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.10 12:17:39 | 000,087,955 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.02.10 12:17:38 | 000,087,955 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.02.10 12:17:29 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.10 12:17:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.10 12:17:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012.02.09 16:20:05 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012.02.09 16:20:02 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012.02.09 16:00:53 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2012.02.09 15:12:33 | 000,009,171 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.02.08 22:22:56 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.02.08 21:11:03 | 000,035,044 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.02.08 19:47:23 | 000,046,809 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.02.08 14:51:00 | 000,001,010 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.08 14:45:50 | 000,035,068 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.02.07 14:21:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\***censored***\Desktop\dds.com
[2012.02.07 13:14:39 | 000,063,488 | ---- | M] () -- C:\Users\***censored***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.06 21:27:00 | 000,018,182 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.02.06 15:35:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012.02.06 15:35:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012.02.06 15:24:07 | 000,130,800 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.02.06 14:57:38 | 000,772,379 | ---- | M] () -- C:\Users\***censored***\AppData\Local\census.cache
[2012.02.06 14:56:49 | 000,214,690 | ---- | M] () -- C:\Users\***censored***\AppData\Local\ars.cache
[2012.02.06 14:41:20 | 000,000,036 | ---- | M] () -- C:\Users\***censored***\AppData\Local\housecall.guid.cache
[2012.02.06 13:56:22 | 000,022,106 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.02.06 11:53:31 | 000,032,671 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.02.05 16:15:20 | 000,034,503 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.02.03 21:50:58 | 000,046,665 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.02.03 18:27:10 | 000,022,643 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.02.03 13:02:55 | 000,025,329 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.02.02 18:52:00 | 000,022,779 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.02.02 13:26:07 | 000,027,381 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.02.01 18:23:23 | 000,020,058 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.02.01 15:19:27 | 000,016,667 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.31 22:18:44 | 000,012,956 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.31 19:15:57 | 000,016,195 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.30 22:38:57 | 000,022,104 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.30 22:35:49 | 000,022,611 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.30 19:22:10 | 000,020,371 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.29 21:10:44 | 000,012,663 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.29 13:41:03 | 000,010,190 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.26 15:41:46 | 000,002,152 | ---- | M] () -- C:\Users\***censored***\Desktop\Third Age - Total War.lnk
[2012.01.26 12:59:43 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\Stainless Steel 6.4.lnk
[2012.01.26 02:25:41 | 000,002,087 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.01.25 22:07:57 | 000,065,042 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.24 19:45:45 | 000,009,052 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.24 15:36:56 | 000,027,033 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.23 21:21:20 | 000,023,574 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.23 13:53:14 | 000,018,407 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.22 20:44:56 | 000,026,841 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.22 13:24:47 | 000,023,792 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.19 09:04:59 | 000,028,970 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.18 14:27:48 | 000,015,901 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.17 17:10:21 | 000,018,165 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.17 14:09:07 | 000,023,289 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.17 10:25:05 | 622,494,057 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.01.16 20:46:50 | 000,009,054 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.16 14:23:31 | 000,011,068 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.16 11:49:26 | 000,010,621 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.15 17:28:14 | 000,026,017 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.15 14:15:12 | 000,022,880 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.13 17:37:02 | 000,031,052 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.12 20:48:30 | 000,010,714 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.12 11:02:56 | 000,030,375 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.12 11:02:10 | 000,080,626 | ---- | M] () -- C:\Users\***censored***\Documents\***censored***.odt
[4 C:\Users\***censored***\AppData\Local\*.tmp files -> C:\Users\***censored***\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.09 16:20:02 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012.02.09 16:00:53 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2012.02.09 15:11:36 | 000,009,171 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.02.08 22:22:56 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.02.08 22:22:56 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.02.08 21:03:51 | 000,035,044 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.02.08 14:51:00 | 000,001,010 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.08 13:23:46 | 000,035,068 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.02.06 15:35:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012.02.06 15:35:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012.02.06 14:57:38 | 000,772,379 | ---- | C] () -- C:\Users\***censored***\AppData\Local\census.cache
[2012.02.06 14:56:49 | 000,214,690 | ---- | C] () -- C:\Users\***censored***\AppData\Local\ars.cache
[2012.02.06 14:41:20 | 000,000,036 | ---- | C] () -- C:\Users\***censored***\AppData\Local\housecall.guid.cache
[2012.02.06 13:51:17 | 000,022,106 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.02.03 11:52:34 | 000,025,329 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.02.02 13:31:49 | 000,022,779 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.02.02 12:16:25 | 000,027,381 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.02.01 17:51:06 | 000,020,058 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.02.01 14:43:45 | 000,016,667 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.31 20:50:41 | 000,012,956 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.30 20:28:43 | 000,022,611 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.30 18:48:41 | 000,016,195 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.29 14:10:12 | 000,012,663 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.26 17:35:11 | 000,010,190 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.26 15:50:01 | 000,046,809 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.26 12:59:43 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\Stainless Steel 6.4.lnk
[2012.01.24 19:43:59 | 000,009,052 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.24 15:36:54 | 000,027,033 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.22 20:49:28 | 000,018,182 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.21 21:52:33 | 000,026,841 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.21 21:12:28 | 000,023,792 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.19 13:51:53 | 000,032,671 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.17 16:34:05 | 000,018,165 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.17 12:40:48 | 000,023,289 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.16 14:23:29 | 000,011,068 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.16 13:42:05 | 000,009,054 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.16 11:49:24 | 000,010,621 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.15 16:53:35 | 000,015,901 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.13 15:03:59 | 000,031,052 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.12 20:48:28 | 000,010,714 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2012.01.12 11:02:54 | 000,030,375 | ---- | C] () -- C:\Users\***censored***\Documents\***censored***.odt
[2011.06.06 14:35:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.15 16:37:19 | 000,000,680 | ---- | C] () -- C:\Users\***censored***\AppData\Local\d3d9caps.dat
[2011.02.27 13:29:43 | 003,224,506 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.20 10:53:17 | 000,000,113 | ---- | C] () -- C:\Users\***censored***\AppData\Roaming\AVSMediaPlayer.m3u
[2010.12.13 13:52:18 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010.12.13 13:52:18 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010.12.13 13:52:18 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010.12.09 15:20:42 | 000,000,923 | ---- | C] () -- C:\Windows\STA2.ini
[2010.08.07 19:40:08 | 000,099,384 | ---- | C] () -- C:\Users\***censored***\AppData\Roaming\inst.exe
[2010.08.07 19:40:08 | 000,007,833 | ---- | C] () -- C:\Users\***censored***\AppData\Roaming\ezplay.cat
[2010.08.07 19:40:08 | 000,001,126 | ---- | C] () -- C:\Users\***censored***\AppData\Roaming\ezplay.inf
[2010.08.07 19:40:08 | 000,000,125 | ---- | C] () -- C:\Users\***censored***\AppData\Roaming\ezplay.ini
[2010.02.19 11:56:40 | 000,000,496 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.01.03 07:02:37 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.12.28 11:38:03 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009.12.21 14:07:04 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2009.12.17 16:12:56 | 000,002,298 | ---- | C] () -- C:\Users\***censored***\AppData\Roaming\ASSDraw3.cfg
[2009.12.08 01:29:30 | 000,000,954 | ---- | C] () -- C:\ProgramData\qcadrc
[2009.11.04 00:31:49 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.11.04 00:31:49 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.09.25 12:15:13 | 000,063,488 | ---- | C] () -- C:\Users\***censored***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.19 01:01:58 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.09.15 01:22:28 | 000,087,955 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.09.15 01:22:27 | 000,087,955 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.09.15 01:02:42 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009.09.15 01:02:36 | 000,025,644 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.07.14 10:49:02 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.14 10:48:54 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.07.14 10:48:40 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.07.14 10:48:40 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008.10.07 17:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 17:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 17:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 17:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 17:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 17:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 17:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 17:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 17:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 17:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 03:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.07 00:00:00 | 000,020,927 | ---- | C] () -- C:\Program Files\readme.htm
[2006.11.07 00:00:00 | 000,008,800 | ---- | C] () -- C:\Program Files\avmunet.cat
[2006.11.07 00:00:00 | 000,002,958 | ---- | C] () -- C:\Program Files\avmunet.inf
[2006.11.07 00:00:00 | 000,001,475 | ---- | C] () -- C:\Program Files\usbsetup.ini
[2006.11.02 16:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== LOP Check ==========
 
[2009.12.18 16:42:52 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Aegisub
[2011.02.13 09:29:06 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Amazon
[2009.12.28 11:38:13 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Canneverbe_Limited
[2011.08.26 19:13:19 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Canon
[2011.06.26 11:55:27 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\EveHQ
[2009.11.04 12:11:25 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\FRITZ!
[2011.10.21 08:36:54 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\ghc
[2009.09.21 20:35:54 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\ICQ
[2009.09.25 23:56:34 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\IrfanView
[2011.12.25 19:34:30 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\JoJoThumb
[2010.08.14 17:12:16 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Language
[2010.08.04 09:17:03 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Leadertech
[2010.12.27 19:39:53 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\LEGO Company
[2010.02.10 17:27:32 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\MAXON
[2011.05.09 16:48:42 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Miranda
[2011.04.16 09:54:43 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Nokia
[2009.12.11 06:50:08 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\OpenArena
[2009.09.19 13:04:58 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\OpenOffice.org
[2009.12.26 04:03:40 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Planetside Software
[2011.07.07 15:19:59 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\SaalDesignSoftware
[2011.12.24 12:03:52 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Schnellstart-DVD
[2012.02.09 16:20:04 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Spyware Terminator
[2009.10.05 13:57:11 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Star Trek Armada II Fleet Operations
[2011.10.24 21:18:35 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\SWI-Prolog
[2009.12.26 04:03:40 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\uk.co.planetside
[2011.12.15 15:45:33 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Unity
[2010.08.08 11:28:22 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Vso
[2010.08.14 17:14:34 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Wippien
[2012.02.10 10:35:10 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.10 19:36:32 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Adobe
[2009.12.18 16:42:52 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Aegisub
[2011.02.13 09:29:06 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Amazon
[2009.09.19 01:04:43 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\AOL
[2009.12.28 11:38:13 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Canneverbe_Limited
[2011.08.26 19:13:19 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Canon
[2010.08.17 16:16:05 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\DVD Flick
[2011.04.14 15:51:35 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\dvdcss
[2011.06.26 11:55:27 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\EveHQ
[2009.11.04 12:11:25 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\FRITZ!
[2011.10.21 08:36:54 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\ghc
[2009.09.21 20:35:54 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\ICQ
[2009.09.17 13:36:01 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Identities
[2010.11.08 19:41:28 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\InstallShield
[2009.09.25 23:56:34 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\IrfanView
[2011.12.25 19:34:30 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\JoJoThumb
[2010.08.14 17:12:16 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Language
[2010.08.04 09:17:03 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Leadertech
[2010.12.27 19:39:53 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\LEGO Company
[2009.09.17 21:13:14 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Macromedia
[2012.02.08 14:51:18 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Malwarebytes
[2010.02.10 17:27:32 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\MAXON
[2006.11.02 16:06:33 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Media Center Programs
[2011.02.27 13:33:02 | 000,000,000 | --SD | M] -- C:\Users\***censored***\AppData\Roaming\Microsoft
[2011.05.09 16:48:42 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Miranda
[2009.09.19 01:01:58 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Mozilla
[2011.04.16 09:54:43 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Nokia
[2009.12.11 06:50:08 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\OpenArena
[2009.09.19 13:04:58 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\OpenOffice.org
[2009.12.26 04:03:40 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Planetside Software
[2011.07.07 15:19:59 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\SaalDesignSoftware
[2011.12.24 12:03:52 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Schnellstart-DVD
[2012.02.10 13:30:26 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Skype
[2012.01.11 12:16:42 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\skypePM
[2012.02.09 16:20:04 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Spyware Terminator
[2009.10.05 13:57:11 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Star Trek Armada II Fleet Operations
[2011.10.24 21:18:35 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\SWI-Prolog
[2009.12.26 04:03:40 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\uk.co.planetside
[2011.12.15 15:45:33 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Unity
[2012.02.04 17:22:57 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\vlc
[2010.08.08 11:28:22 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Vso
[2010.08.14 17:14:34 | 000,000,000 | ---D | M] -- C:\Users\***censored***\AppData\Roaming\Wippien
 
< %APPDATA%\*.exe /s >
[2010.08.07 19:40:08 | 000,099,384 | ---- | M] () -- C:\Users\***censored***\AppData\Roaming\inst.exe
[2011.06.25 18:03:04 | 000,025,600 | ---- | M] () -- C:\Users\***censored***\AppData\Roaming\EveHQ\Updater\EveHQPatcher.exe
[2011.08.01 16:52:16 | 132,312,168 | ---- | M] () -- C:\Users\***censored***\AppData\Roaming\LEGO Company\LEGO Digital Designer\setupLDD-PC-4_1_7.exe
[2011.07.07 15:19:18 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***censored***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.09.17 09:12:25 | 000,005,806 | R--- | M] () -- C:\Users\***censored***\AppData\Roaming\Microsoft\Installer\{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}\_18be6784.exe
[2011.09.17 09:12:25 | 000,001,078 | R--- | M] () -- C:\Users\***censored***\AppData\Roaming\Microsoft\Installer\{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}\_294823.exe
[2011.09.17 09:12:25 | 000,001,078 | R--- | M] () -- C:\Users\***censored***\AppData\Roaming\Microsoft\Installer\{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}\_2cd672ae.exe
[2011.09.17 09:12:25 | 000,005,806 | R--- | M] () -- C:\Users\***censored***\AppData\Roaming\Microsoft\Installer\{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}\_4ae13d6c.exe
[2011.09.17 09:12:25 | 000,001,078 | R--- | M] () -- C:\Users\***censored***\AppData\Roaming\Microsoft\Installer\{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}\_69525f90.exe
[2011.01.23 11:49:25 | 000,003,638 | R--- | M] () -- C:\Users\***censored***\AppData\Roaming\Microsoft\Installer\{B581D589-488E-4465-8A14-9848A0C9628F}\_494EDF30C582019898405F.exe
[2011.01.23 11:49:25 | 000,003,638 | R--- | M] () -- C:\Users\***censored***\AppData\Roaming\Microsoft\Installer\{B581D589-488E-4465-8A14-9848A0C9628F}\_613B306D74D9535CC27FE4.exe
[2011.01.23 11:49:25 | 000,003,638 | R--- | M] () -- C:\Users\***censored***\AppData\Roaming\Microsoft\Installer\{B581D589-488E-4465-8A14-9848A0C9628F}\_6FEFF9B68218417F98F549.exe
[2009.12.26 04:03:27 | 000,013,094 | R--- | M] () -- C:\Users\***censored***\AppData\Roaming\Microsoft\Installer\{BD8D42DC-02C9-47D0-99A3-7BF92E809D9C}\_16496df1.exe
[2009.12.26 04:03:27 | 000,013,094 | R--- | M] () -- C:\Users\***censored***\AppData\Roaming\Microsoft\Installer\{BD8D42DC-02C9-47D0-99A3-7BF92E809D9C}\_2cd672ae.exe
[2009.12.26 04:03:27 | 000,001,078 | R--- | M] () -- C:\Users\***censored***\AppData\Roaming\Microsoft\Installer\{BD8D42DC-02C9-47D0-99A3-7BF92E809D9C}\_69525f90.exe
[2011.12.19 10:28:30 | 029,231,352 | ---- | M] () -- C:\Users\***censored***\AppData\Roaming\SaalDesignSoftware\Local Store\temp\SaalDesignSoftware2.9.2.exe
[2011.08.22 15:58:12 | 000,425,336 | ---- | M] (Deutsche Telekom AG) -- C:\Users\***censored***\AppData\Roaming\Schnellstart-DVD\Starter\DT_Softwarestarter.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:45:58 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 03:45:58 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 03:45:58 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 03:45:58 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 08:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 08:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:46:07 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 03:46:07 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 03:50:06 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 07:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 07:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 08:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 03:47:35 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 03:46:02 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 03:46:02 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:49:34 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 03:48:56 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 07:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 07:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 08:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:47:35 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 03:48:20 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 07:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 07:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 08:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 08:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:49:40 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:49:40 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:48:49 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 03:48:49 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:47:10 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 03:47:10 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 03:49:28 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 03:49:28 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 08:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 03:48:54 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 07:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 07:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:49:41 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:48:44 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 03:48:44 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         

--- --- ---

Schädlinge seh ich da nciht, aber etwas Müll würde ich rausschmeißen. Sollen wir das machen? Oder willste es dabei belassen? Weil du nun doch neu aufsetzt oder nicht?