| |
| |||||||
Log-Analyse und Auswertung: 50 € Virus/Trojaner - Windows geblockt - OLT-Files im Anhang!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.02.2012, 12:45
| #1 |
| |  50 € Virus/Trojaner - Windows geblockt - OLT-Files im Anhang! Hallo zusammen. Mich ereilte leider das Schicksal vieler User, nämlich der ominöse Trojaner, der mein System - komplett blockt - den Taskmanager nicht mehr zulässt - mich auffordert per ukash 50 € zu zahlenich Nach dem ersten großen Schock habe ich dieses Forum gefunden und mich etwas eingelesen, die OLT-Files habe ich erstellt, sie sind im Anhang zu finden. Ich würde mich sehr freuen und wäre sehr dankbar, wenn mich jemand unterstützen könnte, da ich bei Themen dieser Art leider immer etwas verloren bin. Die positiven Kommentare in anderen Threads haben mir aber Hoffnung gegeben, dass es hier klappen wird. Beste Grüße, LuisX Edit: Leider sind die txt-Files zu groß um sie hochladen zu können, deshalb habe ich mich entschieden den Inhalt hier hereinzukopieren, ich hoffe das geht in Ordnung. Code:
ATTFilter OTL logfile created on: 12.02.2012 04:04:33 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,74 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 80,34% Memory free 7,48 Gb Paging File | 6,79 Gb Available in Paging File | 90,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 421,81 Gb Total Space | 37,96 Gb Free Space | 9,00% Space Free | Partition Type: NTFS Drive D: | 29,00 Gb Total Space | 26,78 Gb Free Space | 92,35% Space Free | Partition Type: NTFS Drive E: | 931,28 Gb Total Space | 337,56 Gb Free Space | 36,25% Space Free | Partition Type: FAT32 Computer Name: ****-PC | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.12 02:16:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe PRC - [2012.02.04 06:35:39 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe ========== Modules (No Company Name) ========== MOD - [2012.02.04 06:35:39 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.11.23 16:13:14 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.02.05 15:43:20 | 000,311,296 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Stopped] -- C:\Program Files\Realtek\RtLED\RtLEDService.exe -- (RtLedService) SRV:64bit: - [2009.09.22 19:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc) SRV:64bit: - [2009.08.14 15:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc) SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.07.11 19:09:20 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.05.28 04:14:02 | 000,709,488 | ---- | M] (Egis Technology Inc. ) [Auto | Stopped] -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe -- (EgisTec Service) SRV - [2010.05.28 04:13:38 | 000,314,736 | ---- | M] (Egis Technology Inc. ) [Auto | Stopped] -- C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe -- (EgisTec Data Security Service) SRV - [2010.05.19 18:21:26 | 000,322,416 | ---- | M] (Egis Technology Inc. ) [Auto | Stopped] -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe -- (EgisTec Service Help) SRV - [2010.04.20 14:29:08 | 000,903,456 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009.09.30 13:02:38 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.09.30 13:02:36 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.07.14 15:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS) SRV - [2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\SysWow64\IgrsSvcs.exe -- (ReadyComm.DirectRouter) SRV - [2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\IgrsSvcs.exe -- (PS_MDP) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.12.15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.12.15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.09.18 16:09:53 | 000,055,880 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\EgisTecFF.sys -- (EgisTecFF) DRV:64bit: - [2010.09.18 15:53:06 | 000,035,888 | ---- | M] (EgisTec) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys) DRV:64bit: - [2010.09.18 15:53:04 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2010.09.18 15:53:04 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2010.09.18 15:53:04 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2010.09.14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2010.09.14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2010.09.14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2010.09.14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2010.08.25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.07.11 22:40:00 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2010.05.10 11:17:50 | 000,229,488 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs) DRV:64bit: - [2010.04.08 17:11:12 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2010.03.26 10:14:50 | 000,162,304 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.03.24 10:57:20 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.02.25 18:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.02.22 11:03:44 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.02.02 16:52:02 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.02.02 08:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010.01.15 19:08:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:64bit: - [2010.01.15 07:23:20 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.01.15 07:23:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.01.15 07:23:10 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.10.19 01:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2009.09.17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.16 12:55:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror) DRV:64bit: - [2009.07.16 04:38:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 21:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.07 08:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.01.28 11:09:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.01.30 14:05:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.01.30 14:05:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.04 06:35:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.20 14:39:41 | 000,000,000 | ---D | M] [2011.01.28 11:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2012.01.07 00:27:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\qs08g1rv.default\extensions [2012.01.04 23:12:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\qs08g1rv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.07.03 20:14:52 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Christopher\AppData\Roaming\mozilla\Firefox\Profiles\qs08g1rv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.02.09 14:25:58 | 000,000,950 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\qs08g1rv.default\searchplugins\icqplugin-1.xml [2011.07.02 00:54:15 | 000,000,950 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\qs08g1rv.default\searchplugins\icqplugin-2.xml [2011.08.18 09:47:34 | 000,000,950 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\qs08g1rv.default\searchplugins\icqplugin-3.xml [2011.08.22 00:03:31 | 000,000,950 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\qs08g1rv.default\searchplugins\icqplugin-4.xml [2011.09.06 09:46:50 | 000,000,950 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\qs08g1rv.default\searchplugins\icqplugin-5.xml [2011.09.13 06:09:58 | 000,000,950 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\qs08g1rv.default\searchplugins\icqplugin-6.xml [2011.10.05 10:17:24 | 000,000,950 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\qs08g1rv.default\searchplugins\icqplugin-7.xml [2011.11.09 07:55:31 | 000,000,950 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\qs08g1rv.default\searchplugins\icqplugin-8.xml [2011.06.02 09:16:36 | 000,001,056 | ---- | M] () -- C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\qs08g1rv.default\searchplugins\icqplugin.xml [2011.11.09 07:54:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS08G1RV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.02.04 06:35:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.09.05 09:43:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.05 09:43:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.05 09:43:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.05 09:43:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.05 09:43:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.05 09:43:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (IEPwdBankBHO Class) - {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll (Egis Technology Inc. ) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe () O4 - HKLM..\Run: [PLTSR] C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe (Egis Technology Inc. ) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. ) O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKCU..\Run: [Driver Updater] C:\Program Files (x86)\Carambis\Driver Updater\dupdater.exe (MEDIA FOG LTD) O4 - HKCU..\Run: [ffdwnd] C:\Users\****\AppData\Local\Mozilla\Firefox\firefox.exe (3M Touch Systems, Inc.) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C232B01-C2A3-42B7-BB6E-57F9C0CEE205}: DhcpNameServer = 172.168.117.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99310181-D5E1-479B-B0FD-EE15A8182102}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.) O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{5abfe739-563b-11e0-bd1e-c0cb38e89a91}\Shell - "" = AutoRun O33 - MountPoints2\{5abfe739-563b-11e0-bd1e-c0cb38e89a91}\Shell\AutoRun\command - "" = E:\wn.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.12 02:16:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Christopher\Desktop\OTL.exe [2012.02.12 01:04:27 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{0472F4BE-738C-4B2F-B5FB-8534D1E9BB0F} [2012.02.12 01:04:12 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{83AFA54D-C757-4B4B-81D9-36FD29BB09D8} [2012.02.12 00:39:24 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{28EECD8B-1AB4-460C-BE61-FAB32B4D739C} [2012.02.12 00:39:10 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{F947672E-0FFF-4CF5-A8E9-41EA2D57949C} [2012.02.12 00:21:58 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{6CDCD582-E039-450B-816B-0E321F4AF7D3} [2012.02.12 00:20:27 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{8447A533-C353-470E-8849-2E899C8DED05} [2012.02.11 06:32:02 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{4B3F5156-5963-4FDF-8D0A-81EDCD03EB76} [2012.02.11 06:31:37 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{0D7A17CB-6188-47DB-98A5-9C9492F0AB70} [2012.02.10 11:07:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{36F2F305-B86E-4459-85FE-F9C1A80AC351} [2012.02.10 11:05:35 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{2AC54228-B69E-4AFA-B669-6AFBA2F1C349} [2012.02.10 03:01:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.02.09 18:30:08 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Avira [2012.02.09 17:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.02.09 17:24:36 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys [2012.02.09 17:24:36 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys [2012.02.09 17:24:36 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys [2012.02.09 17:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.02.09 17:23:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.02.09 17:22:58 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{44CC0151-76B6-412D-8289-A2D5E3E1A774} [2012.02.09 17:22:41 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{FF49D20E-274D-4F26-9AEF-1C61EB2672BC} [2012.02.09 17:14:35 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{6EA3CD2E-5482-4A72-A28B-A724D1837471} [2012.02.09 17:14:12 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{6588401D-8AEE-4B76-9337-9F8DDBCE2F34} [2012.02.09 14:21:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{55309EFC-A172-40A3-94BF-ADAC7AACD29C} [2012.02.09 14:21:18 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{7C49BB18-27F2-4015-AA25-2A31196403C4} [2012.02.09 10:36:47 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{045EA76E-85CC-43AB-9F05-E2DDD06C58AB} [2012.02.09 10:36:36 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{CDDB0203-517F-4DFD-A5BD-869554923185} [2012.02.07 17:21:01 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{BF898716-3A1A-49CA-B996-4CB233F2BAAE} [2012.02.07 17:20:48 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{905C3D52-A507-4788-A40F-5E0E3E32C2D4} [2012.02.07 12:36:19 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{6FA61253-5809-4616-8AF2-3BE365BB9769} [2012.02.07 12:36:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{5618FA37-7887-436D-AEA6-65F3C9CEDF33} [2012.02.07 01:26:26 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{589D5065-E3A0-4F06-87CB-830D895659CE} [2012.02.07 01:25:48 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{1DE11344-3B95-4842-9249-972E763DF0C3} [2012.02.07 01:04:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{40E93354-E60A-4C6B-858D-EDE47650A9F0} [2012.02.07 01:03:53 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{34CBAA03-7DAF-452F-8149-7DE19155D03E} [2012.02.06 11:47:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{2B9FC223-2BA4-4D27-8EBD-17391DA8BA03} [2012.02.06 11:47:18 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{357511F1-1A93-459D-84AE-6F13B89D5AE2} [2012.02.05 18:06:40 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\webex [2012.02.05 18:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx [2012.02.05 12:34:24 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{33E4BD6A-0416-435D-BE43-9675594C2315} [2012.02.05 12:34:11 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{D2047217-7F7A-46DB-B465-2E1E222D585A} [2012.02.05 01:26:14 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{3C554241-FA4E-46C3-8072-7022064576D8} [2012.02.05 01:25:37 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{D7BCC0F8-68AC-4226-A8AF-0584125B1074} [2012.02.05 01:21:42 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serato [2012.02.05 01:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Serato [2012.02.05 01:19:57 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations [2012.02.04 06:33:27 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{216F8E58-D23D-4455-8611-0A56853AB380} [2012.02.04 06:33:11 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{FAE41B99-F5EA-4F60-9A36-222425602D5B} [2012.02.02 12:17:45 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{82B0A033-4E7E-48AD-BDDD-2C83D927670D} [2012.02.02 12:17:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{E3204D96-E8AC-46A5-8047-183026B29B4D} [2012.02.01 09:56:34 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{0F12D749-0AF5-4FD5-A8B8-BC0D2993C200} [2012.02.01 09:56:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{7A778820-D5B7-4674-AE30-7C66C46F2149} [2012.01.31 18:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5 [2012.01.31 18:36:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.5 [2012.01.31 10:13:59 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{F9D130FD-B9D0-4DD9-9002-022571F00430} [2012.01.31 10:13:44 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A7746DBB-A3C4-4C4F-932B-C633A84166E9} [2012.01.30 09:43:53 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{FA5D303F-B66F-44A3-9D70-775B2604747C} [2012.01.30 09:43:40 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{6E683E3A-FE95-4FA9-B56D-C68E70EC5B84} [2012.01.29 12:21:02 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{2B40E695-2CE6-4179-8084-8585B84176F7} [2012.01.29 12:20:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{D0F00EC1-E8A6-4CE3-8256-458A37AD974A} [2012.01.29 09:01:43 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{C7FC16A1-6810-41E7-A111-6DDB7D4EB117} [2012.01.29 09:01:22 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{7921BEE8-C910-4CE5-8280-016B19F0651E} [2012.01.28 22:35:14 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{1628D811-1500-4204-9DD7-375602902722} [2012.01.28 22:35:02 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{E23F3B42-28AD-4781-9A63-6145B9417B26} [2012.01.28 07:29:20 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{0E823902-E602-4B47-9C68-77DC2059201E} [2012.01.28 07:28:56 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{BFB5639A-3DAD-4E65-BBF6-6C304AB4594D} [2012.01.28 01:49:01 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{5DB093AE-BC18-4969-A634-B2D0CFE7AB8C} [2012.01.28 01:48:34 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{7942F48C-C060-4898-AC31-518A683FF122} [2012.01.27 13:56:05 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte [2012.01.26 06:08:50 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{37DD1D3A-0399-4123-880C-10E4682F6DE9} [2012.01.26 06:08:37 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{8DEE4E3E-E8BC-4FAF-A94D-92E4E6838B50} [2012.01.25 23:55:26 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll [2012.01.25 23:55:26 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll [2012.01.25 23:55:26 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\webio.dll [2012.01.25 23:55:26 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll [2012.01.25 23:55:26 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll [2012.01.25 23:55:26 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll [2012.01.25 10:27:27 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A5E8A41C-1018-48B4-B932-7977757BE58F} [2012.01.25 10:27:14 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{C1FF0E09-6A0B-4A6A-BA10-7F3B20BAD5F0} [2012.01.24 10:38:10 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{71596FE7-A70B-432B-8B6F-86FB45C9DDDA} [2012.01.24 10:37:58 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A8BE3AAA-D5A4-401A-8DCB-9059BABBF9DC} [2012.01.24 00:40:42 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{5860D703-7CD2-4621-815C-E62F94FED5D0} [2012.01.24 00:40:26 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{8E83D0C6-DEA3-41E7-937E-44331AF17539} [2012.01.23 00:12:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{9672F08A-F88F-4B8A-B05B-BE50F0D81E5C} [2012.01.23 00:12:19 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{DFD9081B-D8AF-4CC2-9816-81F5C460C2FF} [2012.01.22 09:22:25 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{49928F1D-8D44-4BE3-9141-568FC0B8A81A} [2012.01.22 09:22:02 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{C02204AA-940A-4001-BE23-F6DD2CF85746} [2012.01.22 01:15:48 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\GTA Vice City User Files [2012.01.22 01:15:18 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012.01.22 01:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2012.01.22 01:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games [2012.01.21 10:08:30 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{9DD7C8DE-C977-4E1A-AE83-FB3C7B90968F} [2012.01.21 10:08:18 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{FFD6DDD6-7EE9-4D8C-84D1-5CA45DE3D6C9} [2012.01.20 20:34:42 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{E37DAF8A-5E97-49DF-A542-92E5E3E56703} [2012.01.20 20:34:20 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{9E76D01A-2AEC-46B1-B92F-1D1D331A308D} [2012.01.20 09:49:04 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{D3C23F92-069D-4919-BBA1-C16F729D194C} [2012.01.19 20:04:45 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A8060E9D-C395-4B17-9B07-6918ECD3A33E} [2012.01.19 09:19:24 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{0AFA7DC1-3B73-45F2-BA9C-5AB8077BD44B} [2012.01.19 09:19:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{4457A7F2-7EBC-44EC-906E-0231F593F3A0} [2012.01.18 00:24:35 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{06973407-54B4-407C-9F6C-9F6A98CDBBCA} [2012.01.18 00:24:20 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{38E94074-E485-4122-AEA6-76B661641B4D} [2012.01.17 09:06:58 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{679862E4-35F1-40BB-9E43-03F64D63E1E4} [2012.01.17 09:06:44 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{1D72E88B-7B07-4DE2-B383-1CDF43B5AF2C} [2012.01.16 19:54:58 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{0A842C82-1D19-4C2F-8C68-F334AC861D7F} [2012.01.16 19:53:44 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{B1BA5A85-AF7A-414F-B531-ADDA605057D4} [2012.01.14 08:47:45 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{4E71AA8B-189E-43E0-8AB3-CEBA7A992150} [2012.01.14 08:47:33 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{AF53E696-7DE2-49FE-A478-7A84F91095C7} [2012.01.14 06:47:11 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{9C9F5EBE-C8D3-495A-95D8-F74EA708690F} [2012.01.14 06:46:47 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{D91CC604-C193-4F6E-9F4D-9285E6B568EB} [2012.01.13 16:58:04 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{F41E75B5-1570-48E2-89B1-44B7519C3533} [2012.01.13 16:57:51 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{B37BDEC7-CDED-440A-82EF-16911ABACE90} [5 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.12 02:27:15 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.02.12 02:27:04 | 3010,797,568 | -HS- | M] () -- C:\hiberfil.sys [2012.02.12 02:16:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2012.02.12 01:31:06 | 001,500,254 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012.02.12 01:31:06 | 000,654,594 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012.02.12 01:31:06 | 000,616,476 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012.02.12 01:31:06 | 000,130,208 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012.02.12 01:31:06 | 000,106,598 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012.02.12 01:06:18 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.12 01:06:18 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.12 00:33:13 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2012.02.09 20:11:50 | 000,011,054 | ---- | M] () -- C:\Users\****\Desktop\Übergänge.odt [2012.02.09 18:40:38 | 000,001,066 | ---- | M] () -- C:\Users\****\Desktop\Virtual DJ Home.lnk [2012.02.09 02:11:30 | 746,314,823 | ---- | M] () -- C:\Users\****\Desktop\058.ACWO.By-DMasti.mkv [2012.02.05 01:21:44 | 000,002,158 | ---- | M] () -- C:\Users\****\Desktop\Scratch Live.lnk [5 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.12 00:33:13 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2012.02.09 18:55:24 | 000,011,054 | ---- | C] () -- C:\Users\****\Desktop\Übergänge.odt [2012.02.09 18:40:38 | 000,001,066 | ---- | C] () -- C:\Users\****\Desktop\Virtual DJ Home.lnk [2012.02.09 01:53:19 | 746,314,823 | ---- | C] () -- C:\Users\****\Desktop\058.ACWO.By-DMasti.mkv [2012.02.05 01:21:44 | 000,002,158 | ---- | C] () -- C:\Users\****\Desktop\Scratch Live.lnk [2011.03.28 18:17:55 | 000,005,115 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2011.01.28 13:51:44 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat [2011.01.28 13:12:14 | 001,526,948 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2010.09.18 16:12:43 | 000,016,648 | R--- | C] () -- C:\windows\SysWow64\LogAPI.dll [2010.08.25 19:34:30 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin [2010.08.25 19:34:30 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin [2010.08.05 02:51:05 | 000,001,341 | ---- | C] () -- C:\windows\vm332Rmv.ini [2010.05.27 08:55:42 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin [2010.05.27 08:55:42 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll [2010.05.27 08:55:42 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin [2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin [2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin [2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.08.07 13:14:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Amazon [2011.10.18 10:34:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ashampoo [2011.10.17 22:50:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Audacity [2011.03.28 18:17:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Carambis [2011.07.03 20:14:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers [2012.02.10 21:51:08 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ [2011.01.30 14:05:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Local [2011.02.02 21:38:24 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenOffice.org [2011.02.04 06:39:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SoftGrid Client [2011.01.28 13:14:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TP [2011.04.05 14:06:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\uTorrent [2012.02.05 18:06:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\webex [2011.06.09 20:12:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Windows Live Writer [2011.11.03 19:31:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Xilisoft [2011.02.20 00:54:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\XMedia Recode [2012.02.09 09:19:33 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.02.2012 04:04:33 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\****\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,74 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 80,34% Memory free
7,48 Gb Paging File | 6,79 Gb Available in Paging File | 90,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 37,96 Gb Free Space | 9,00% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,78 Gb Free Space | 92,35% Space Free | Partition Type: NTFS
Drive E: | 931,28 Gb Total Space | 337,56 Gb Free Space | 36,25% Space Free | Partition Type: FAT32
Computer Name: CHRISTOPHER-PC | User Name: **** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F494B8A-D6E6-4540-9A74-F773B63164A6}" = Port Locker
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5ACF5427-B4E4-4F85-A512-151E0BECF7E3}" = RtLED
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
"Elantech" = ETDWare PS/2-x64 7.0.4.17_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CE226F3-EB27-4ECD-BBF5-F088716779FD}" = Energy Management
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{306C4404-240E-42BC-B95E-D6C6D7697DA6}" = Scratch Live 2.3.3 (18)
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{542068F1-9AAE-4E1B-8ACA-094FE03728BE}" = Carambis Driver Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}" = Port Locker
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A90100000001}" = Adobe Reader 9.0.1 - Deutsch
"{ACF31D9F-70C2-40A1-9C7A-28BA16E64B56}" = BioExcess
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9
"Audacity 1.3 Beta_is1" = Audacity 1.3.12
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.40.602
"ICQToolbar" = ICQ Toolbar
"InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}" = Port Locker
"InstallShield_{ACF31D9F-70C2-40A1-9C7A-28BA16E64B56}" = BioExcess
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LastFM_is1" = Last.fm 1.5.4.27091
"Maniac Mansion Deluxe" = Maniac Mansion Deluxe
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"NVIDIA.Updatus" = NVIDIA Updatus
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Sony Ericsson W800" = Sony Ericsson W800 Software
"SopCast" = SopCast 3.3.2
"uTorrent" = µTorrent
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"VLC media player" = VLC media player 1.1.6
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xilisoft DVD Creator 6" = Xilisoft DVD Creator 6
"XMedia Recode" = XMedia Recode 2.3.0.4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = WebEx
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.02.2012 20:02:42 | Computer Name = ****-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Die Aktion kann nicht abgeschlossen werden. Versuchen
Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.
Error - 11.02.2012 20:02:42 | Computer Name = ****-PC | Source = Application Virtualization Client | ID = 3037
Description = {tid=BE0} Application Virtualization Client kann OfficeVirt 9014006604070000
nicht öffnen.
Error - 11.02.2012 20:07:32 | Computer Name = ****-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Product {90140011-0066-0407-0000-0000000FF1CE}
found in the registry but SoftGrid doesn't know about it, skipping...
Error - 11.02.2012 20:07:32 | Computer Name = ****-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}
Error - 11.02.2012 20:07:32 | Computer Name = ****-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Product {90140011-0066-0407-0000-0000000FF1CE}
found in the registry but SoftGrid doesn't know about it, skipping...
Error - 11.02.2012 20:07:32 | Computer Name = ****-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}
Error - 11.02.2012 20:07:32 | Computer Name = ****-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Product {90140011-0066-0407-0000-0000000FF1CE}
found in the registry but SoftGrid doesn't know about it, skipping...
Error - 11.02.2012 20:07:32 | Computer Name = ****-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Product registration is corrupted for {90140011-0066-0407-0000-0000000FF1CE}
Error - 11.02.2012 20:07:32 | Computer Name = ****-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Die Aktion kann nicht abgeschlossen werden. Versuchen
Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.
Error - 11.02.2012 20:07:33 | Computer Name = ****-PC | Source = Application Virtualization Client | ID = 3037
Description = {tid=A50} Application Virtualization Client kann OfficeVirt 9014006604070000
nicht öffnen.
[ System Events ]
Error - 11.02.2012 22:55:23 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.02.2012 22:57:29 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.02.2012 22:57:29 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.02.2012 22:57:29 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.02.2012 23:02:29 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.02.2012 23:02:29 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.02.2012 23:02:29 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.02.2012 23:04:37 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.02.2012 23:04:37 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.02.2012 23:04:37 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Geändert von LuisX (12.02.2012 um 13:13 Uhr) |
|
12.02.2012, 14:05
| #2 |
| | 50 € Virus/Trojaner - Windows geblockt - OLT-Files im Anhang! malwarebytes habe ich soeben entdeckt, das war schonmal gut. Dort wurden 5 Trojaner entdeckt und diese hab ich soeben beseitigt. Seitdem komme ich wieder normal in mein Wondows. So ganz traue ich dem Braten aber natürlich noch nicht.
__________________Hier das log von Malwarebytes im Anhang! |
|
12.02.2012, 14:48
| #3 |
| /// Malwareteam   | 50 € Virus/Trojaner - Windows geblockt - OLT-Files im Anhang! Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Dann erstelle ein neues OTL Log nach dieser Anleitung: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
|
|
12.02.2012, 15:36
| #4 |
| | 50 € Virus/Trojaner - Windows geblockt - OLT-Files im Anhang! Danke für den Willkommensgruß und die schnelle Antwort  Habe deinen Anweisungen gefolgt: - über Rechtsklick als Admin OTl geöffnet - alle programme geschlossen - deinen Code-Inhalt in das von Dir angegebene Feld kopiert - Quickscan betätigt Habe allerdings nur ein OTL.txt-file erhalten. Eine extra.txt habe ich nicht bekommen. Code:
ATTFilter OTL logfile created on: 12.02.2012 15:06:27 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\xxxx\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,74 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 63,45% Memory free 7,48 Gb Paging File | 5,81 Gb Available in Paging File | 77,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 421,81 Gb Total Space | 38,08 Gb Free Space | 9,03% Space Free | Partition Type: NTFS Drive D: | 29,00 Gb Total Space | 26,78 Gb Free Space | 92,35% Space Free | Partition Type: NTFS Computer Name: xxxx-PC | User Name: xxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.12 02:16:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Christopher\Desktop\OTL.exe PRC - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.12.15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.03.01 14:28:49 | 000,119,608 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.4\ICQ.exe PRC - [2011.01.11 00:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.12.08 22:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe PRC - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2010.10.27 21:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\LastFM.exe PRC - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.07.11 19:09:20 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010.05.28 04:14:52 | 000,376,176 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe PRC - [2010.05.28 04:14:02 | 000,709,488 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe PRC - [2010.05.28 04:13:38 | 000,314,736 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe PRC - [2010.05.19 18:21:46 | 000,364,400 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe PRC - [2010.05.19 18:21:26 | 000,322,416 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe PRC - [2010.04.20 14:29:08 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2010.03.10 23:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010.03.10 23:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010.03.03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.03.03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.03.02 23:37:40 | 000,171,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe PRC - [2010.01.19 03:44:40 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE PRC - [2009.09.30 13:02:38 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.09.30 13:02:36 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.07.14 15:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe ========== Modules (No Company Name) ========== MOD - [2012.01.12 09:32:46 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\442eed762e21796e8e497fcd14f1295a\System.Runtime.Remoting.ni.dll MOD - [2011.10.14 16:50:58 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\cf95add46bfba066f035bd78f6e21d86\IAStorUtil.ni.dll MOD - [2011.10.14 09:44:06 | 012,431,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll MOD - [2011.10.14 09:43:55 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll MOD - [2011.10.14 09:43:32 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll MOD - [2011.10.14 09:43:24 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll MOD - [2011.10.14 09:43:19 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll MOD - [2011.10.14 09:43:15 | 007,949,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll MOD - [2011.10.14 09:42:31 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.01.11 00:25:48 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.01.11 00:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2010.10.27 21:23:04 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_rtaudioplayback.dll MOD - [2010.10.27 21:22:52 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_messengernotify.dll MOD - [2010.10.27 21:22:42 | 000,058,880 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_skypenotify.dll MOD - [2010.10.27 21:22:08 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_madtranscode.dll MOD - [2010.10.27 21:22:00 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_httpinput.dll MOD - [2010.10.27 21:19:28 | 000,372,736 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmFingerprint1.dll MOD - [2010.10.27 21:19:06 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Last.fm\breakpad.dll MOD - [2010.10.27 21:18:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Last.fm\Moose1.dll MOD - [2010.10.27 21:18:34 | 000,540,672 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmTools1.dll MOD - [2010.10.27 21:13:52 | 001,382,507 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libfftw3f-3.dll MOD - [2010.10.27 21:13:52 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\Last.fm\zlibwapi.dll MOD - [2010.09.18 22:50:12 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.05.10 09:36:56 | 000,655,360 | ---- | M] () -- C:\Windows\SysWOW64\vmprp332.ax MOD - [2008.04.16 17:42:30 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtNetwork4.dll MOD - [2008.04.16 17:42:16 | 000,524,288 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtSql4.dll MOD - [2008.04.16 17:42:02 | 006,701,056 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtGui4.dll MOD - [2008.04.16 17:36:38 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtXml4.dll MOD - [2008.04.16 17:36:34 | 001,654,784 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtCore4.dll MOD - [2008.04.02 14:26:50 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qmng4.dll MOD - [2008.04.02 14:26:34 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qgif4.dll MOD - [2008.04.02 14:26:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qjpeg4.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.02.05 15:43:20 | 000,311,296 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtLED\RtLEDService.exe -- (RtLedService) SRV:64bit: - [2009.09.22 19:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc) SRV:64bit: - [2009.08.14 15:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc) SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.07.11 19:09:20 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.05.28 04:14:02 | 000,709,488 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe -- (EgisTec Service) SRV - [2010.05.28 04:13:38 | 000,314,736 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe -- (EgisTec Data Security Service) SRV - [2010.05.19 18:21:26 | 000,322,416 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe -- (EgisTec Service Help) SRV - [2010.04.20 14:29:08 | 000,903,456 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009.09.30 13:02:38 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.09.30 13:02:36 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.07.14 15:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS) SRV - [2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\SysWow64\IgrsSvcs.exe -- (ReadyComm.DirectRouter) SRV - [2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\IgrsSvcs.exe -- (PS_MDP) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.12.15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.12.15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.09.18 16:09:53 | 000,055,880 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\EgisTecFF.sys -- (EgisTecFF) DRV:64bit: - [2010.09.18 15:53:06 | 000,035,888 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys) DRV:64bit: - [2010.09.18 15:53:04 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2010.09.18 15:53:04 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2010.09.18 15:53:04 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2010.09.14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2010.09.14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2010.09.14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2010.09.14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2010.08.25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.07.11 22:40:00 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2010.05.10 11:17:50 | 000,229,488 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs) DRV:64bit: - [2010.04.08 17:11:12 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2010.03.26 10:14:50 | 000,162,304 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.03.24 10:57:20 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.02.25 18:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.02.22 11:03:44 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.02.02 16:52:02 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.02.02 08:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010.01.15 19:08:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:64bit: - [2010.01.15 07:23:20 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.01.15 07:23:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.01.15 07:23:10 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.10.19 01:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2009.09.17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.16 12:55:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror) DRV:64bit: - [2009.07.16 04:38:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 21:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.07 08:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.01.28 11:09:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.01.30 14:05:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.01.30 14:05:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.12 13:40:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.20 14:39:41 | 000,000,000 | ---D | M] [2011.01.28 11:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Extensions [2012.01.07 00:27:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\qs08g1rv.default\extensions [2012.01.04 23:12:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\qs08g1rv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.07.03 20:14:52 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\xxxx\AppData\Roaming\mozilla\Firefox\Profiles\qs08g1rv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.02.09 14:25:58 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\qs08g1rv.default\searchplugins\icqplugin-1.xml [2011.07.02 00:54:15 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\qs08g1rv.default\searchplugins\icqplugin-2.xml [2011.08.18 09:47:34 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\qs08g1rv.default\searchplugins\icqplugin-3.xml [2011.08.22 00:03:31 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\qs08g1rv.default\searchplugins\icqplugin-4.xml [2011.09.06 09:46:50 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\qs08g1rv.default\searchplugins\icqplugin-5.xml [2011.09.13 06:09:58 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\qs08g1rv.default\searchplugins\icqplugin-6.xml [2011.10.05 10:17:24 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\qs08g1rv.default\searchplugins\icqplugin-7.xml [2011.11.09 07:55:31 | 000,000,950 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\qs08g1rv.default\searchplugins\icqplugin-8.xml [2011.06.02 09:16:36 | 000,001,056 | ---- | M] () -- C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\qs08g1rv.default\searchplugins\icqplugin.xml [2012.02.12 13:46:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.02.12 13:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} () (No name found) -- C:\USERS\xxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS08G1RV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.02.12 13:40:16 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.09.05 09:43:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.05 09:43:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.05 09:43:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.05 09:43:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.05 09:43:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.05 09:43:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (IEPwdBankBHO Class) - {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll (Egis Technology Inc. ) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe () O4 - HKLM..\Run: [PLTSR] C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe (Egis Technology Inc. ) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. ) O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKCU..\Run: [Driver Updater] C:\Program Files (x86)\Carambis\Driver Updater\dupdater.exe (MEDIA FOG LTD) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christopher\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C232B01-C2A3-42B7-BB6E-57F9C0CEE205}: DhcpNameServer = 172.168.117.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99310181-D5E1-479B-B0FD-EE15A8182102}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.) O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{5abfe739-563b-11e0-bd1e-c0cb38e89a91}\Shell - "" = AutoRun O33 - MountPoints2\{5abfe739-563b-11e0-bd1e-c0cb38e89a91}\Shell\AutoRun\command - "" = E:\wn.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.12 13:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.02.12 13:40:13 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{3B3CCFB8-F1D0-4ED2-ABCC-F9AF3F2E4FBC} [2012.02.12 13:39:50 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{9B87B481-D5BE-46EA-88A8-74FD11255599} [2012.02.12 13:26:43 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Malwarebytes [2012.02.12 13:26:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.12 13:26:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.12 13:26:18 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.02.12 13:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.02.12 13:25:33 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Christopher\Desktop\mbam-setup-1.60.1.1000.exe [2012.02.12 02:16:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe [2012.02.12 01:04:27 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{0472F4BE-738C-4B2F-B5FB-8534D1E9BB0F} [2012.02.12 01:04:12 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{83AFA54D-C757-4B4B-81D9-36FD29BB09D8} [2012.02.12 00:39:24 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{28EECD8B-1AB4-460C-BE61-FAB32B4D739C} [2012.02.12 00:39:10 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{F947672E-0FFF-4CF5-A8E9-41EA2D57949C} [2012.02.12 00:21:58 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{6CDCD582-E039-450B-816B-0E321F4AF7D3} [2012.02.12 00:20:27 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{8447A533-C353-470E-8849-2E899C8DED05} [2012.02.11 06:32:02 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{4B3F5156-5963-4FDF-8D0A-81EDCD03EB76} [2012.02.11 06:31:37 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{0D7A17CB-6188-47DB-98A5-9C9492F0AB70} [2012.02.10 11:07:07 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{36F2F305-B86E-4459-85FE-F9C1A80AC351} [2012.02.10 11:05:35 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{2AC54228-B69E-4AFA-B669-6AFBA2F1C349} [2012.02.09 18:30:08 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Avira [2012.02.09 17:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.02.09 17:24:36 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys [2012.02.09 17:24:36 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys [2012.02.09 17:24:36 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys [2012.02.09 17:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.02.09 17:23:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.02.09 17:22:58 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{44CC0151-76B6-412D-8289-A2D5E3E1A774} [2012.02.09 17:22:41 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{FF49D20E-274D-4F26-9AEF-1C61EB2672BC} [2012.02.09 17:14:35 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{6EA3CD2E-5482-4A72-A28B-A724D1837471} [2012.02.09 17:14:12 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{6588401D-8AEE-4B76-9337-9F8DDBCE2F34} [2012.02.09 14:21:31 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{55309EFC-A172-40A3-94BF-ADAC7AACD29C} [2012.02.09 14:21:18 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{7C49BB18-27F2-4015-AA25-2A31196403C4} [2012.02.09 10:36:47 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{045EA76E-85CC-43AB-9F05-E2DDD06C58AB} [2012.02.09 10:36:36 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{CDDB0203-517F-4DFD-A5BD-869554923185} [2012.02.07 17:21:01 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{BF898716-3A1A-49CA-B996-4CB233F2BAAE} [2012.02.07 17:20:48 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{905C3D52-A507-4788-A40F-5E0E3E32C2D4} [2012.02.07 12:36:19 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{6FA61253-5809-4616-8AF2-3BE365BB9769} [2012.02.07 12:36:07 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{5618FA37-7887-436D-AEA6-65F3C9CEDF33} [2012.02.07 01:26:26 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{589D5065-E3A0-4F06-87CB-830D895659CE} [2012.02.07 01:25:48 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{1DE11344-3B95-4842-9249-972E763DF0C3} [2012.02.07 01:04:07 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{40E93354-E60A-4C6B-858D-EDE47650A9F0} [2012.02.07 01:03:53 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{34CBAA03-7DAF-452F-8149-7DE19155D03E} [2012.02.06 11:47:31 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{2B9FC223-2BA4-4D27-8EBD-17391DA8BA03} [2012.02.06 11:47:18 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{357511F1-1A93-459D-84AE-6F13B89D5AE2} [2012.02.05 18:06:40 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\webex [2012.02.05 18:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx [2012.02.05 12:34:24 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{33E4BD6A-0416-435D-BE43-9675594C2315} [2012.02.05 12:34:11 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{D2047217-7F7A-46DB-B465-2E1E222D585A} [2012.02.05 01:26:14 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{3C554241-FA4E-46C3-8072-7022064576D8} [2012.02.05 01:25:37 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{D7BCC0F8-68AC-4226-A8AF-0584125B1074} [2012.02.05 01:21:42 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serato [2012.02.05 01:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Serato [2012.02.05 01:19:57 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations [2012.02.04 06:33:27 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{216F8E58-D23D-4455-8611-0A56853AB380} [2012.02.04 06:33:11 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{FAE41B99-F5EA-4F60-9A36-222425602D5B} [2012.02.02 12:17:45 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{82B0A033-4E7E-48AD-BDDD-2C83D927670D} [2012.02.02 12:17:32 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{E3204D96-E8AC-46A5-8047-183026B29B4D} [2012.02.01 09:56:34 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{0F12D749-0AF5-4FD5-A8B8-BC0D2993C200} [2012.02.01 09:56:23 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{7A778820-D5B7-4674-AE30-7C66C46F2149} [2012.01.31 18:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5 [2012.01.31 18:36:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.5 [2012.01.31 10:13:59 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{F9D130FD-B9D0-4DD9-9002-022571F00430} [2012.01.31 10:13:44 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{A7746DBB-A3C4-4C4F-932B-C633A84166E9} [2012.01.30 09:43:53 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{FA5D303F-B66F-44A3-9D70-775B2604747C} [2012.01.30 09:43:40 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{6E683E3A-FE95-4FA9-B56D-C68E70EC5B84} [2012.01.29 12:21:02 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{2B40E695-2CE6-4179-8084-8585B84176F7} [2012.01.29 12:20:49 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{D0F00EC1-E8A6-4CE3-8256-458A37AD974A} [2012.01.29 09:01:43 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{C7FC16A1-6810-41E7-A111-6DDB7D4EB117} [2012.01.29 09:01:22 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{7921BEE8-C910-4CE5-8280-016B19F0651E} [2012.01.28 22:35:14 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{1628D811-1500-4204-9DD7-375602902722} [2012.01.28 22:35:02 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{E23F3B42-28AD-4781-9A63-6145B9417B26} [2012.01.28 07:29:20 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{0E823902-E602-4B47-9C68-77DC2059201E} [2012.01.28 07:28:56 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{BFB5639A-3DAD-4E65-BBF6-6C304AB4594D} [2012.01.28 01:49:01 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{5DB093AE-BC18-4969-A634-B2D0CFE7AB8C} [2012.01.28 01:48:34 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{7942F48C-C060-4898-AC31-518A683FF122} [2012.01.27 13:56:05 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte [2012.01.26 06:08:50 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{37DD1D3A-0399-4123-880C-10E4682F6DE9} [2012.01.26 06:08:37 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{8DEE4E3E-E8BC-4FAF-A94D-92E4E6838B50} [2012.01.25 10:27:27 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{A5E8A41C-1018-48B4-B932-7977757BE58F} [2012.01.25 10:27:14 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{C1FF0E09-6A0B-4A6A-BA10-7F3B20BAD5F0} [2012.01.24 10:38:10 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{71596FE7-A70B-432B-8B6F-86FB45C9DDDA} [2012.01.24 10:37:58 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{A8BE3AAA-D5A4-401A-8DCB-9059BABBF9DC} [2012.01.24 00:40:42 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{5860D703-7CD2-4621-815C-E62F94FED5D0} [2012.01.24 00:40:26 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{8E83D0C6-DEA3-41E7-937E-44331AF17539} [2012.01.23 00:12:32 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{9672F08A-F88F-4B8A-B05B-BE50F0D81E5C} [2012.01.23 00:12:19 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{DFD9081B-D8AF-4CC2-9816-81F5C460C2FF} [2012.01.22 09:22:25 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{49928F1D-8D44-4BE3-9141-568FC0B8A81A} [2012.01.22 09:22:02 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{C02204AA-940A-4001-BE23-F6DD2CF85746} [2012.01.22 01:15:48 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Documents\GTA Vice City User Files [2012.01.22 01:15:18 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012.01.22 01:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2012.01.22 01:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games [2012.01.21 10:08:30 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{9DD7C8DE-C977-4E1A-AE83-FB3C7B90968F} [2012.01.21 10:08:18 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{FFD6DDD6-7EE9-4D8C-84D1-5CA45DE3D6C9} [2012.01.20 20:34:42 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{E37DAF8A-5E97-49DF-A542-92E5E3E56703} [2012.01.20 20:34:20 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{9E76D01A-2AEC-46B1-B92F-1D1D331A308D} [2012.01.20 09:49:04 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{D3C23F92-069D-4919-BBA1-C16F729D194C} [2012.01.19 20:04:45 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{A8060E9D-C395-4B17-9B07-6918ECD3A33E} [2012.01.19 09:19:24 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{0AFA7DC1-3B73-45F2-BA9C-5AB8077BD44B} [2012.01.19 09:19:07 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{4457A7F2-7EBC-44EC-906E-0231F593F3A0} [2012.01.18 00:24:35 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{06973407-54B4-407C-9F6C-9F6A98CDBBCA} [2012.01.18 00:24:20 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{38E94074-E485-4122-AEA6-76B661641B4D} [2012.01.17 09:06:58 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{679862E4-35F1-40BB-9E43-03F64D63E1E4} [2012.01.17 09:06:44 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{1D72E88B-7B07-4DE2-B383-1CDF43B5AF2C} [2012.01.16 19:54:58 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{0A842C82-1D19-4C2F-8C68-F334AC861D7F} [2012.01.16 19:53:44 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{B1BA5A85-AF7A-414F-B531-ADDA605057D4} [2012.01.14 08:47:45 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{4E71AA8B-189E-43E0-8AB3-CEBA7A992150} [2012.01.14 08:47:33 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{AF53E696-7DE2-49FE-A478-7A84F91095C7} [2012.01.14 06:47:11 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{9C9F5EBE-C8D3-495A-95D8-F74EA708690F} [2012.01.14 06:46:47 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{D91CC604-C193-4F6E-9F4D-9285E6B568EB} [2012.01.13 16:58:04 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{F41E75B5-1570-48E2-89B1-44B7519C3533} [2012.01.13 16:57:51 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{B37BDEC7-CDED-440A-82EF-16911ABACE90} [5 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.12 13:47:33 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.12 13:47:33 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.12 13:41:52 | 001,500,254 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012.02.12 13:41:52 | 000,654,844 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012.02.12 13:41:52 | 000,616,686 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012.02.12 13:41:52 | 000,130,426 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012.02.12 13:41:52 | 000,106,808 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012.02.12 13:34:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.02.12 13:34:40 | 3010,797,568 | -HS- | M] () -- C:\hiberfil.sys [2012.02.12 13:26:19 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.12 13:25:37 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\xxxx\Desktop\mbam-setup-1.60.1.1000.exe [2012.02.12 02:16:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe [2012.02.12 00:33:13 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2012.02.09 20:11:50 | 000,011,054 | ---- | M] () -- C:\Users\xxxx\Desktop\Übergänge.odt [2012.02.09 18:40:38 | 000,001,066 | ---- | M] () -- C:\Users\xxxx\Desktop\Virtual DJ Home.lnk [2012.02.09 02:11:30 | 746,314,823 | ---- | M] () -- C:\Users\xxxx\Desktop\058.ACWO.By-DMasti.mkv [2012.02.05 01:21:44 | 000,002,158 | ---- | M] () -- C:\Users\xxxx\Desktop\Scratch Live.lnk [5 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.12 13:26:19 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.12 00:33:13 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2012.02.09 18:55:24 | 000,011,054 | ---- | C] () -- C:\Users\Christopher\Desktop\Übergänge.odt [2012.02.09 18:40:38 | 000,001,066 | ---- | C] () -- C:\Users\Christopher\Desktop\Virtual DJ Home.lnk [2012.02.09 01:53:19 | 746,314,823 | ---- | C] () -- C:\Users\Christopher\Desktop\058.ACWO.By-DMasti.mkv [2012.02.05 01:21:44 | 000,002,158 | ---- | C] () -- C:\Users\Christopher\Desktop\Scratch Live.lnk [2011.03.28 18:17:55 | 000,005,115 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2011.01.28 13:51:44 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat [2011.01.28 13:12:14 | 001,526,948 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2010.09.18 16:12:43 | 000,016,648 | R--- | C] () -- C:\windows\SysWow64\LogAPI.dll [2010.08.25 19:34:30 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin [2010.08.25 19:34:30 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin [2010.08.05 02:51:05 | 000,001,341 | ---- | C] () -- C:\windows\vm332Rmv.ini [2010.05.27 08:55:42 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin [2010.05.27 08:55:42 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll [2010.05.27 08:55:42 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin [2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin [2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin [2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.08.07 13:14:20 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Amazon [2011.10.18 10:34:33 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Ashampoo [2011.10.17 22:50:28 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Audacity [2011.03.28 18:17:55 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Carambis [2011.07.03 20:14:51 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\DVDVideoSoftIEHelpers [2012.02.12 14:17:18 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\ICQ [2011.01.30 14:05:57 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Local [2011.02.02 21:38:24 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\OpenOffice.org [2011.02.04 06:39:14 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\SoftGrid Client [2011.01.28 13:14:49 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\TP [2011.04.05 14:06:31 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\uTorrent [2012.02.05 18:06:40 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\webex [2011.06.09 20:12:18 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Windows Live Writer [2011.11.03 19:31:33 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Xilisoft [2011.02.20 00:54:12 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\XMedia Recode [2012.02.09 09:19:33 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.01.28 11:09:18 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.01.19 20:53:42 | 000,000,000 | ---D | M] -- C:\Christophers Daten [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.01.28 11:08:28 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.09.18 15:22:45 | 000,000,000 | ---D | M] -- C:\Intel [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.04.19 10:11:03 | 000,000,000 | R--D | M] -- C:\Program Files [2012.02.12 13:26:18 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.02.12 13:26:19 | 000,000,000 | ---D | M] -- C:\ProgramData [2011.01.28 11:08:28 | 000,000,000 | -HSD | M] -- C:\Programme [2011.01.28 11:08:28 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.02.12 15:08:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.01.28 11:08:52 | 000,000,000 | R--D | M] -- C:\Users [2012.02.12 00:47:15 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2010.09.18 22:58:12 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2010.09.18 22:54:44 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.09.18 22:58:12 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010.09.18 22:54:44 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2010.09.18 22:58:12 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010.09.18 22:54:44 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2010.09.18 22:58:12 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2010.09.18 22:54:44 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.09.18 22:58:12 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010.09.18 22:58:12 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe [2010.09.18 22:58:12 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > < End of report > Schöne Grüße und danke schön |
|
12.02.2012, 15:55
| #5 |
| /// Malwareteam | 50 € Virus/Trojaner - Windows geblockt - OLT-Files im Anhang! Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
O33 - MountPoints2\{5abfe739-563b-11e0-bd1e-c0cb38e89a91}\Shell - "" = AutoRun
O33 - MountPoints2\{5abfe739-563b-11e0-bd1e-c0cb38e89a91}\Shell\AutoRun\command - "" = E:\wn.exe
:Commands
[purity]
[emptytemp]
Schritt 2 ESET Online Scanner
|
|
12.02.2012, 16:16
| #6 |
| | 50 € Virus/Trojaner - Windows geblockt - OLT-Files im Anhang! Danke Hier schonmal das log aus Schritt 1: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5abfe739-563b-11e0-bd1e-c0cb38e89a91}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5abfe739-563b-11e0-bd1e-c0cb38e89a91}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5abfe739-563b-11e0-bd1e-c0cb38e89a91}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5abfe739-563b-11e0-bd1e-c0cb38e89a91}\ not found.
File E:\wn.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: xxxx
->Temp folder emptied: 4845471641 bytes
->Temporary Internet Files folder emptied: 409150274 bytes
->Java cache emptied: 116445 bytes
->FireFox cache emptied: 102716442 bytes
->Flash cache emptied: 43099 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 137993231 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 119691 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 5.241,00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 02122012_160134
Files\Folders moved on Reboot...
C:\Users\xxxx\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
12.02.2012, 17:55
| #7 |
| | 50 € Virus/Trojaner - Windows geblockt - OLT-Files im Anhang! So, Schritt 2 habe ich ebenfalls beendet Scan durchgeführt nach Anleitung. Hier ist das Log von Eset.txt. Einen Fund hat es gegeben. Code:
ATTFilter C:\xxxxs Daten\SPIELE\Project64k_0.31\Project64k_0.31\Project64k_0.31\Tools\FreeRAM\BOOM.exe BAT/BadJoke.C trojan
|
|
12.02.2012, 18:48
| #8 |
| /// Malwareteam | 50 € Virus/Trojaner - Windows geblockt - OLT-Files im Anhang! Wie läufts? |
|
12.02.2012, 18:55
| #9 |
| | 50 € Virus/Trojaner - Windows geblockt - OLT-Files im Anhang! Hi! Eigentlich warte ich nur auf weitere Instruktionen Ich mache gerade (einfach um sicher zu gehen) den Eset-Scan ein zweites Mal. Laut dem ersten Ergebnis (siehe log über deinem letzten Post) ist ein Emulatorprogramm befallen. Soll ich dieses löschen bzw. deinstallieren? Schöne Grüße |
|
12.02.2012, 18:59
| #10 | |
| /// Malwareteam | 50 € Virus/Trojaner - Windows geblockt - OLT-Files im Anhang!Zitat:
Hast Du noch Probleme oder Meldungen? |
|
12.02.2012, 19:03
| #11 |
| | 50 € Virus/Trojaner - Windows geblockt - OLT-Files im Anhang! Keine Ahnung was das bringen soll ehrlichgesagt, ich bin da leider überhaupt kein Experte, deshalb nur 'um sicher zu gehen'. Gefunden hat er 'nur' den BadjokeC-Trojaner in dem angegebenen Programm. Wie verfahre ich nun damit? Nein, es gibt ansonsten keinerlei Probleme im normalen Windowsbetrieb. Schöne Grüße und vielen Dank für die schnellen Antworten. Kann man nicht oft genug sagen, ist wirklich sehr nett. |
|
12.02.2012, 19:07
| #12 |
| /// Malwareteam | 50 € Virus/Trojaner - Windows geblockt - OLT-Files im Anhang! Also sonst sehe ich nichts mehr. Zum Fund kann ich nicht viel sagen. Was ist das für ein programmg genau? |
|
12.02.2012, 19:13
| #13 |
| | 50 € Virus/Trojaner - Windows geblockt - OLT-Files im Anhang! Das ist so ein Emulator für alte Videospiele, brauche ich aber nun wirklich nicht. Ich habe nur wegen diesem Punkt in deiner Anleitung gefragt: "Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert." Dein erster Satz beruhigt mich total! |
|
12.02.2012, 19:23
| #14 |
| /// Malwareteam | 50 € Virus/Trojaner - Windows geblockt - OLT-Files im Anhang! Ja die kannst Du dann deinstallieren. Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann. |
|
12.02.2012, 20:41
| #15 |
| | 50 € Virus/Trojaner - Windows geblockt - OLT-Files im Anhang! Kannst Du Hab mich um alle Add Ons und Programme gekümmert und das befallene Programm deinstalliert.So möchte ich zum Schluss noch einmal Danke für die schnelle und ausführliche Hilfe sagen. Das hat mir den Tag gerettet. Beste Grüße in die Schweiz |
|
| Themen zu 50 € Virus/Trojaner - Windows geblockt - OLT-Files im Anhang! |
| 7-zip, antivir, avira, bho, bonjour, browser, converter, error, firefox, flash player, grand theft auto, help, helper, home, install.exe, lenovo, locker, logfile, microsoft office starter 2010, mp3, nvpciflt.sys, object, plug-in, pmmupdate.exe, realtek, registry, scan, security, siteadvisor, software, studio, system, taskmanager, trojaner, usb 2.0, version=1.0, vice city, virus/trojaner, windows, windows geblockt |
Textbox.
Linear-Darstellung
