|
Plagegeister aller Art und deren Bekämpfung: Achtung! Computer wurde gesperrt! 50euro bezahlen!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.02.2012, 15:07 | #1 |
| Achtung! Computer wurde gesperrt! 50euro bezahlen! Hallo leibe Community, beim Surfen wurde mien Bildschirm plötzlich schwarz und es kam ein Fenster wo drin stand, dass mein Windows infiziert wäre, weil ich pornografischen Seiten besuchen würde. Zur behebung des Problems solle ich 50euro bezahlen. Ich habe bereits mit OTL gescannt und folgende Ergebnisse bekommen: OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.02.2012 14:34:56 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Florian\Desktop 64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,63 Gb Available Physical Memory | 82,91% Memory free 16,00 Gb Paging File | 14,65 Gb Available in Paging File | 91,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,50 Gb Total Space | 799,99 Gb Free Space | 85,88% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 29,78 Gb Free Space | 12,79% Space Free | Partition Type: NTFS Computer Name: KINGOFPUNICA | User Name: Florian | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.12 14:29:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2011.11.28 13:21:00 | 000,168,864 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\WireHelpSvc.exe -- (WireHelpSvc) SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.02.11 01:47:00 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.06.06 17:36:00 | 004,005,936 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.04.07 20:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.04.01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.04.07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.11.28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2011.11.28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2011.11.28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr) DRV:64bit: - [2011.11.28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2011.11.28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2011.11.28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2011.11.28 13:20:48 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC) DRV:64bit: - [2011.08.22 01:48:01 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.08.03 09:58:40 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1) DRV:64bit: - [2011.04.19 09:46:42 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.04.01 04:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam Pro 9000(UVC) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.02.25 16:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.01 11:20:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2009.06.18 03:07:38 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS) DRV:64bit: - [2009.06.10 21:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.11.11 13:04:38 | 000,021,544 | ---- | M] (TamoSoft) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cv2k1.sys -- (CV2K1) DRV:64bit: - [2007.09.17 14:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.06.18 03:07:38 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS) DRV - [2009.03.31 08:39:36 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2005.01.02 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 32 70 48 FD 51 CC 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://google.com" FF - prefs.js..keyword.URL: "hxxp://www.questscan.com/?tmp=nemo_results_removelink&prt=QstscanPB&keywords=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.09.01 16:56:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ShopperReports@ShopperReports.com: C:\Program Files (x86)\ShopperReports3\bin\3.2.11.0\firefox\firefoxtoolbar\extensions [2011.10.04 16:04:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.12.25 13:00:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.12 12:55:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.04 16:11:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\vdyo76nu.default\extensions\mail@gutscheinrausch.de [2012.01.01 22:52:16 | 000,000,000 | ---D | M] [2011.08.25 14:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions [2012.01.30 20:57:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\vdyo76nu.default\extensions [2011.12.24 12:46:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\vdyo76nu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.01.01 22:52:16 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\vdyo76nu.default\extensions\mail@gutscheinrausch.de [2012.02.07 21:48:53 | 000,000,950 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\vdyo76nu.default\searchplugins\icqplugin-1.xml [2011.08.11 20:11:59 | 000,001,056 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\vdyo76nu.default\searchplugins\icqplugin.xml [2011.11.12 22:49:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.10.04 16:04:22 | 000,000,000 | ---D | M] (QuestScan) -- C:\Program Files (x86)\mozilla firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096} [2012.02.12 12:55:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.08.20 21:47:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.07.27 15:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll [2011.10.03 13:01:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.03 13:01:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.03 13:01:41 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.03 13:01:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.03 13:01:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.03 13:01:41 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: QuestScan (Enabled) CHR - default_search_provider: search_url = hxxp://www.questscan.com/?tmp=redir_bho_bing&dist=0&prt=QstscanPB&keywords={searchTerms} CHR - default_search_provider: suggest_url = CHR - Extension: YouTube = C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: avast! WebRep = C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1367_0\ CHR - Extension: avast! WebRep = C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\ CHR - Extension: Google Mail = C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2011.12.11 13:35:10 | 000,435,740 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14993 more lines... O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (ICQ Sparberater) - {5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [LiveZilla] C:\Program Files (x86)\LiveZilla Classic\LiveZilla.exe (LiveZilla GmbH) O4 - HKCU..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH) O4 - HKCU..\Run: [ffdwnd] C:\Users\Florian\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak) O4 - HKCU..\Run: [GAINWARD] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.) O4 - Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trzF289.tmp () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\SysWOW64\PrxerNsp.dll ( ) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex Software) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex Software) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{328DE19E-AC2F-4412-B086-6E9BFC8F274C}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CB55652-3994-4CFF-8CC8-139EB7F7B9D5}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.07.22 12:08:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008.12.02 17:09:33 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{37b4fbe1-04ab-11e1-87ee-00ff01000001}\Shell - "" = AutoRun O33 - MountPoints2\{37b4fbe1-04ab-11e1-87ee-00ff01000001}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{85886870-cc09-11e0-9380-003067ae6939}\Shell - "" = AutoRun O33 - MountPoints2\{85886870-cc09-11e0-9380-003067ae6939}\Shell\AutoRun\command - "" = F:\Install.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^Florian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~3\OPENOF~1.ORG\program\QUICKS~1.EXE - () MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: avupdate - hkey= - key= - File not found MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.02.12 14:29:49 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe [2012.02.12 12:55:46 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{7F1ADECD-A3F7-4790-AC60-29DCF970D952} [2012.02.12 12:55:22 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{F8C868F3-F506-41A1-B40C-9613D96297D5} [2012.02.12 00:54:57 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{C2451BC4-F495-4E7C-8E28-7DB429213DE3} [2012.02.12 00:54:33 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{A71FFB86-362D-42D5-ADB6-5345DF0F1F32} [2012.02.11 12:54:20 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{3717B1C8-0A94-4265-9B43-A42D767E8770} [2012.02.11 12:53:50 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{08D84493-9BE7-454C-A87B-D2DFBBD59E1D} [2012.02.10 14:08:03 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{BB232717-A5ED-4536-A080-407FFE2408CA} [2012.02.10 14:07:47 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{06C9D666-5347-483C-8F23-DB77AE8A1A90} [2012.02.09 16:30:41 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{F1D5D240-BBE4-426E-83E1-0ADD1EDBED38} [2012.02.09 16:30:17 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{2A7BD408-17ED-4BC5-81BE-2C0561860894} [2012.02.08 15:44:54 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{2E850E6E-C26F-41A0-B87A-EAC2025CCF65} [2012.02.08 15:44:28 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{C11F6140-C3CB-4642-BF1F-58A763ED3BD4} [2012.02.07 15:46:35 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{EE3CE71B-E8CE-44A3-ABBD-4B4A4E34186E} [2012.02.07 15:46:01 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{95FC5B1E-13A0-46E1-A7E5-00053F8FCA29} [2012.02.06 18:26:23 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{FC87A6A7-7BF1-4189-8D45-63AAE3DD78A9} [2012.02.06 18:25:35 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{261E2723-6B8F-4D6B-B9F4-90995750597E} [2012.02.05 14:36:50 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{1EE3EDAD-1A48-464C-8671-72F9B30FF786} [2012.02.05 14:36:26 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{275C3A8F-9B8B-4BF8-936C-49D3351F2CC0} [2012.02.04 21:08:43 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{A67B94A9-7686-4654-8358-DE9398CEB2AA} [2012.02.04 21:07:47 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{B7605AB5-307F-493B-9428-FA69AF6E8374} [2012.02.04 03:51:07 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{682E9B53-5E26-45B2-B8A4-491C17A98112} [2012.02.04 03:50:45 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{3B67E1FB-4FDF-40B2-A5D0-BDCFB65B53DD} [2012.02.03 15:50:20 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{78AD424F-E27E-4E4B-AAF6-A5D22293A0CA} [2012.02.03 15:49:28 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{CB8D5298-1B35-4AED-BCFE-53FF7881E7CE} [2012.02.02 11:23:06 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{8380F1DF-43C5-400C-802D-E418834399F4} [2012.02.02 11:22:30 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{6EFDDE20-D68C-4BA0-914D-94521C6D0705} [2012.02.01 17:53:49 | 000,000,000 | ---D | C] -- C:\Users\Florian\Desktop\Injashi2 [2012.02.01 15:59:01 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{377388A5-B6FE-4344-8092-9C721B0C2FA4} [2012.02.01 15:58:27 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{15AA7E3D-2455-4E37-9AF3-FF75A802D122} [2012.01.31 15:50:28 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{07ECB565-3F83-4BC6-82AF-CBA2352D1390} [2012.01.31 15:49:58 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{6807E7DC-8EBC-4C1C-825B-1ED658270616} [2012.01.30 20:51:39 | 000,000,000 | ---D | C] -- C:\Users\Florian\Desktop\UltimateMT2 Client [2012.01.30 17:44:40 | 000,000,000 | ---D | C] -- C:\Users\Florian\Documents\My Downloads [2012.01.30 17:44:40 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\FinalTorrent [2012.01.30 17:43:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Assistant [2012.01.30 17:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalTorrent [2012.01.30 17:43:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FinalTorrent [2012.01.30 17:28:19 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{C73B0915-E58C-40AA-88CA-5054C80200AC} [2012.01.30 17:27:56 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{49E7F794-F8C9-465B-9C77-F0D1037EC81E} [2012.01.28 16:16:54 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{D83841B4-E162-4DF0-9AB1-D6F8B038ADBF} [2012.01.28 16:16:20 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{0A96522C-5B39-454A-A0B8-5F2A4FEF5480} [2012.01.27 14:52:05 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{6D2E8BB1-1E71-4F47-8A21-2543352F1291} [2012.01.27 14:51:22 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{BDB04BA4-8BFC-44B0-80D8-F7F7DB488E45} [2012.01.26 16:24:08 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{92490C33-9348-4D3F-9E8D-973CFF9154BD} [2012.01.26 16:23:27 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{A2FBFD8E-9BF6-4E21-966B-21B7C26AF0F5} [2012.01.25 15:46:59 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{9B2B8039-A8B0-4713-8EB5-B9AC114CCBB3} [2012.01.25 15:46:18 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{035486C8-1B5D-4B56-81E8-8B1C9EAC466E} [2012.01.24 20:50:57 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Escepia WarFinder [2012.01.24 20:50:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Escepia WarFinder [2012.01.24 17:16:50 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{94CF9D82-AE98-47D3-A3A7-6D018D3D50AB} [2012.01.24 17:16:08 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{DB724F21-D546-4DD8-920A-84538D6A1BC0} [2012.01.23 14:22:16 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{C92134E3-FB0E-4957-8C92-DAA299237434} [2012.01.23 14:21:23 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{F69CCC19-CB96-498F-9D32-0CF27F88BCBA} [2012.01.22 16:15:30 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{2ECC5F90-325B-4144-A12F-D0CD11D0E2D6} [2012.01.22 16:14:08 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{CC690D18-DCC2-442B-B975-8C3667A9B964} [2012.01.21 14:37:53 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{8BB46C02-0C5C-4584-A1E7-72FACC107F20} [2012.01.21 14:37:19 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{5C45B51A-CCB6-4BC6-A2F7-D091BA343ABA} [2012.01.20 15:45:33 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{423BCFB8-3847-4948-969B-E23B863A5331} [2012.01.20 15:44:47 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{87EC27E2-9F92-440A-9D62-AA8A29255517} [2012.01.19 17:05:59 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{F33921AD-B022-4669-BB79-B2D0DD5AD061} [2012.01.19 17:05:32 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{0060EF8C-5A80-461E-A05E-11D9AE58C513} [2012.01.18 20:19:02 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{E246AAEE-97FA-4677-B32B-4D2F441058F2} [2012.01.18 20:18:30 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{87CCBCAF-9B63-4655-9136-1B5239DA90E9} [2012.01.17 16:42:51 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{DEF4EDFD-DF4A-47AF-8028-C51A5AF2D8DA} [2012.01.17 16:42:31 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{47405EF3-26F3-4191-AB82-740E35EE2602} [2012.01.16 17:21:01 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{1CCC5D44-F8B6-4748-8934-C1F426DBB8CB} [2012.01.16 17:20:26 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{21EF9E10-7DE0-4963-BFC6-BAC3BBA3669D} [2012.01.15 12:57:58 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{EECAD6BE-CD9A-4998-9B2D-C4C13B5345A0} [2012.01.15 12:57:35 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{CFBAA158-A8B8-4C44-8BC5-CD1AC3E92292} [2012.01.15 00:53:16 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{D2397C5F-C1DB-461E-90CC-752DDD8767B5} [2012.01.15 00:52:53 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{2A08E5ED-2405-43E8-98C6-3F6B79A2107E} [2012.01.14 12:52:24 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{D8C30898-47F3-435B-B15A-3C0DB4F21DAD} [2012.01.14 12:51:59 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{F29D6780-B28D-444B-A9DC-C4F4DE469AE5} [2012.01.13 19:59:28 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{DFC451B1-0E0A-4124-B0D8-221A3F05524A} [2012.01.13 19:59:04 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\{628BC63C-4ECA-4103-A42A-7A519F54143C} [2011.09.05 19:31:35 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\PrxerNsp.dll [5196 C:\Users\Florian\*.tmp files -> C:\Users\Florian\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.tmp files -> C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.12 14:32:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.12 14:32:33 | 2146,983,935 | -HS- | M] () -- C:\hiberfil.sys [2012.02.12 14:31:51 | 000,019,488 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.12 14:31:51 | 000,019,488 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.12 14:29:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe [2012.02.12 14:15:47 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.02.12 14:11:50 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.12 14:11:50 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\FinalTorrent Update Checker.job [2012.02.12 14:09:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2012.02.12 14:06:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.09 16:31:59 | 000,000,779 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk [2012.02.07 17:05:28 | 009,757,009 | ---- | M] () -- C:\Users\Florian\Desktop\Root.rar [2012.02.01 17:53:15 | 853,844,089 | ---- | M] () -- C:\Users\Florian\Desktop\Injashi2.rar [2012.01.30 17:43:28 | 000,001,047 | ---- | M] () -- C:\Users\Florian\Desktop\FinalTorrent.lnk [2012.01.30 17:40:43 | 000,018,498 | ---- | M] () -- C:\Users\Florian\Desktop\UltimateMT2Client.exe.torrent [2012.01.24 20:50:32 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\Escepia WarFinder.lnk [2012.01.20 18:32:04 | 014,405,610 | ---- | M] () -- C:\Users\Florian\Desktop\Scary Monsters.mp3 [2012.01.20 18:31:03 | 015,009,600 | ---- | M] () -- C:\Users\Florian\Desktop\No Fear - Stereocreator.mp3 [2012.01.20 18:21:50 | 023,380,734 | ---- | M] () -- C:\Users\Florian\Desktop\jingelbells.mp3 [2012.01.20 16:35:37 | 000,054,415 | ---- | M] () -- C:\Users\Florian\Desktop\Discos_de_Personenfuersorge_Uebertragung.pdf [2012.01.19 20:18:14 | 002,826,818 | ---- | M] () -- C:\Users\Florian\Desktop\MagvayAmpNovskyyGrafCoxTurnbeatsHandsupRemix_6999.mp3 [2012.01.19 19:57:17 | 011,888,417 | ---- | M] () -- C:\Users\Florian\Desktop\till the worlds end (EN3RGY MIX).mp3 [2012.01.19 19:53:32 | 010,924,539 | ---- | M] () -- C:\Users\Florian\Desktop\FKN INSANE (Original Mix).mp3 [5196 C:\Users\Florian\*.tmp files -> C:\Users\Florian\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.tmp files -> C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.07 17:04:41 | 009,757,009 | ---- | C] () -- C:\Users\Florian\Desktop\Root.rar [2012.02.01 16:07:29 | 853,844,089 | ---- | C] () -- C:\Users\Florian\Desktop\Injashi2.rar [2012.01.30 17:43:34 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\FinalTorrent Update Checker.job [2012.01.30 17:43:28 | 000,001,047 | ---- | C] () -- C:\Users\Florian\Desktop\FinalTorrent.lnk [2012.01.30 17:40:42 | 000,018,498 | ---- | C] () -- C:\Users\Florian\Desktop\UltimateMT2Client.exe.torrent [2012.01.24 20:50:32 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\Escepia WarFinder.lnk [2012.01.20 18:31:16 | 014,405,610 | ---- | C] () -- C:\Users\Florian\Desktop\Scary Monsters.mp3 [2012.01.20 18:30:03 | 015,009,600 | ---- | C] () -- C:\Users\Florian\Desktop\No Fear - Stereocreator.mp3 [2012.01.20 18:18:59 | 023,380,734 | ---- | C] () -- C:\Users\Florian\Desktop\jingelbells.mp3 [2012.01.20 16:35:36 | 000,054,415 | ---- | C] () -- C:\Users\Florian\Desktop\Discos_de_Personenfuersorge_Uebertragung.pdf [2012.01.19 20:17:51 | 002,826,818 | ---- | C] () -- C:\Users\Florian\Desktop\MagvayAmpNovskyyGrafCoxTurnbeatsHandsupRemix_6999.mp3 [2012.01.19 19:52:04 | 011,888,417 | ---- | C] () -- C:\Users\Florian\Desktop\till the worlds end (EN3RGY MIX).mp3 [2012.01.19 19:51:51 | 010,924,539 | ---- | C] () -- C:\Users\Florian\Desktop\FKN INSANE (Original Mix).mp3 [2012.01.01 22:52:15 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2011.10.26 19:25:16 | 000,007,605 | ---- | C] () -- C:\Users\Florian\AppData\Local\Resmon.ResmonCfg [2011.10.04 16:04:23 | 000,000,000 | ---- | C] () -- C:\ProgramData\d60d80162dcbc11c3e2637862d4aefdc_c [2011.09.05 19:31:40 | 000,000,112 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\Current.prx [2011.09.03 23:33:24 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2011.08.20 22:29:02 | 000,000,095 | ---- | C] () -- C:\Users\Florian\AppData\Local\fusioncache.dat [2011.08.20 22:27:25 | 001,619,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.08.05 18:43:25 | 000,101,864 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.08.03 21:14:09 | 000,000,600 | ---- | C] () -- C:\Users\Florian\AppData\Local\PUTTY.RND [2011.08.03 18:44:13 | 000,000,600 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\winscp.rnd [2011.04.19 09:46:42 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini [2011.04.01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2011.04.01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.04.01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys ========== LOP Check ========== [2011.12.21 19:30:24 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\.minecraft [2012.01.01 22:53:07 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\CUE Splitter [2011.08.22 01:49:03 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\DAEMON Tools Lite [2012.01.24 21:28:01 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Escepia WarFinder [2011.08.20 23:17:50 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\FileZilla [2012.01.31 15:53:27 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\FinalTorrent [2011.09.05 19:31:28 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\GetRightToGo [2012.02.10 00:41:18 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\HLSW [2012.02.12 14:34:45 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\ICQ [2011.12.26 21:54:15 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\JonDo [2011.08.03 17:52:54 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Leadertech [2011.08.03 19:16:25 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\LolClient [2011.09.13 20:13:38 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\OpenOffice.org [2011.09.05 23:16:57 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\PC Suite [2011.09.05 23:14:17 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Samsung [2011.10.04 16:03:59 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\ShopperReports3 [2011.12.31 00:52:10 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\TeamViewer [2011.11.19 16:22:17 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\TS3Client [2011.08.24 10:38:44 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\VSRevoGroup [2011.08.13 22:19:34 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Windows Live Writer [2012.02.12 14:11:50 | 000,000,396 | ---- | M] () -- C:\Windows\Tasks\FinalTorrent Update Checker.job [2011.10.23 10:26:15 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.02.12 14:11:56 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.08.03 18:17:26 | 000,000,000 | -HSD | M] -- C:\Boot [2011.07.22 12:09:11 | 000,000,000 | ---D | M] -- C:\DELL [2011.07.22 12:12:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2011.07.22 22:16:24 | 000,000,000 | ---D | M] -- C:\Download [2011.08.04 10:51:58 | 000,000,000 | ---D | M] -- C:\GAMIGO [2011.08.06 13:18:37 | 000,000,000 | ---D | M] -- C:\ijji [2011.08.03 17:50:11 | 000,000,000 | ---D | M] -- C:\Nexon [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.08.01 18:18:26 | 000,000,000 | ---D | M] -- C:\Perl [2011.12.24 12:50:11 | 000,000,000 | R--D | M] -- C:\Program Files [2012.01.30 17:43:36 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.12.24 12:50:11 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.08.03 18:51:31 | 000,000,000 | R--D | M] -- C:\Programme [2011.08.03 17:25:30 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.07.22 13:18:48 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011.07.22 15:46:53 | 000,000,000 | ---D | M] -- C:\Riot Games [2012.02.11 12:52:57 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.07.22 12:58:28 | 000,000,000 | ---D | M] -- C:\T-Online [2012.02.12 14:11:48 | 000,000,000 | R--D | M] -- C:\Users [2011.12.25 13:00:39 | 000,000,000 | ---D | M] -- C:\Windows [2011.08.03 18:09:49 | 000,000,000 | ---D | M] -- C:\Windows.old [2011.08.01 17:27:00 | 000,000,000 | ---D | M] -- C:\WinSetupFromUSB [2011.08.12 23:14:00 | 000,000,000 | ---D | M] -- C:\World of Dreams 2 < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2004.08.04 11:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\Windows.old\Windows\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\Windows.old\Windows\ServicePackFiles\i386\agp440.sys [2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\Windows.old\Windows\system32\drivers\agp440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2004.08.04 11:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\Windows.old\Windows\ServicePackFiles\i386\sp3.cab:atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys [2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\ServicePackFiles\i386\atapi.sys [2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\drivers\atapi.sys [2004.08.04 11:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Windows.old\Windows\$NtServicePackUninstall$\atapi.sys [2004.08.04 11:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Windows.old\Windows\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\Windows.old\Windows\ServicePackFiles\i386\eventlog.dll [2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\Windows.old\Windows\system32\eventlog.dll [2011.06.20 18:13:00 | 000,028,800 | R--- | M] () MD5=4B302AF5243136441F93226A73B24D81 -- C:\Perl\lib\auto\Win32\EventLog\EventLog.dll [2004.08.04 11:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\Windows.old\Windows\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2004.08.04 11:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\Windows.old\Windows\$NtServicePackUninstall$\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\Windows.old\Windows\explorer.exe [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\Windows.old\Windows\ServicePackFiles\i386\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTOR.SYS > [2007.02.12 20:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows.old\Windows\dell\iastor\iastor.sys < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\Windows.old\Windows\ServicePackFiles\i386\netlogon.dll [2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\Windows.old\Windows\system32\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2004.08.04 11:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\Windows.old\Windows\$NtServicePackUninstall$\netlogon.dll < MD5 for: NVATABUS.SYS > [2006.03.17 01:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\Windows.old\Windows\dell\nvraid\NvAtaBus.sys < MD5 for: NVGTS.SYS > [2009.06.30 16:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) MD5=619D8943725402D1179941FD58574CC8 -- C:\Windows.old\Windows\system32\drivers\nvgts.sys [2009.06.30 16:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) MD5=619D8943725402D1179941FD58574CC8 -- C:\Windows.old\Windows\system32\ReinstallBackups\0003\DriverFiles\nvgts.sys [2009.06.30 16:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) MD5=619D8943725402D1179941FD58574CC8 -- C:\Windows.old\Windows\system32\ReinstallBackups\0004\DriverFiles\nvgts.sys < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\Windows.old\Windows\ServicePackFiles\i386\scecli.dll [2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\Windows.old\Windows\system32\scecli.dll [2004.08.04 11:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\Windows.old\Windows\$NtServicePackUninstall$\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2004.08.04 11:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\Windows.old\Windows\$NtServicePackUninstall$\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\Windows.old\Windows\ServicePackFiles\i386\user32.dll [2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\Windows.old\Windows\system32\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\Windows.old\Windows\ServicePackFiles\i386\userinit.exe [2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\Windows.old\Windows\system32\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe [2004.08.04 11:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\Windows.old\Windows\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2004.08.04 11:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\Windows.old\Windows\$NtServicePackUninstall$\winlogon.exe [2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\Windows.old\Windows\ServicePackFiles\i386\winlogon.exe [2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\Windows.old\Windows\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 11:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\Windows.old\Windows\system32\dllcache\ws2ifsl.sys [2004.08.04 11:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\Windows.old\Windows\system32\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2011.12.11 00:45:44 | 000,032,760 | ---- | M] () -- C:\Users\Florian\Fledermaus - Kopie.jpg [2011.12.11 00:45:44 | 000,036,984 | ---- | M] () -- C:\Users\Florian\Fledermaus 2 - Kopie.jpg [2012.02.12 14:11:44 | 006,815,744 | -HS- | M] () -- C:\Users\Florian\NTUSER.DAT [2012.02.12 14:11:44 | 000,262,144 | -HS- | M] () -- C:\Users\Florian\ntuser.dat.LOG1 [2011.08.03 17:25:46 | 000,000,000 | -HS- | M] () -- C:\Users\Florian\ntuser.dat.LOG2 [2011.08.03 17:42:44 | 000,065,536 | -HS- | M] () -- C:\Users\Florian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.08.03 17:42:44 | 000,524,288 | -HS- | M] () -- C:\Users\Florian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.08.03 17:42:44 | 000,524,288 | -HS- | M] () -- C:\Users\Florian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011.08.03 17:25:46 | 000,000,020 | -HS- | M] () -- C:\Users\Florian\ntuser.ini [2012.01.27 18:51:38 | 000,055,296 | -HS- | M] () -- C:\Users\Florian\Thumbs.db [5196 C:\Users\Florian\*.tmp files -> C:\Users\Florian\*.tmp -> ] < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.02.2012 14:34:56 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Florian\Desktop 64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,63 Gb Available Physical Memory | 82,91% Memory free 16,00 Gb Paging File | 14,65 Gb Available in Paging File | 91,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,50 Gb Total Space | 799,99 Gb Free Space | 85,88% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 29,78 Gb Free Space | 12,79% Space Free | Partition Type: NTFS Computer Name: KINGOFPUNICA | User Name: Florian | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS) Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS) Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 270.61 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B613A9BB-2B34-4824-A4BE-2427653D59D6}" = iTunes "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) "ESL Wire_is1" = ESL Wire 1.11.1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "NVIDIA Drivers" = NVIDIA Drivers "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR 4.01 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{0FD60D91-136F-421C-AAE4-4E7E0E9821A6}" = Physicus - die Rückkehr "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = GutscheinRausch.de - AddOn für Firefox "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24}" = ICQ Sparberater "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{93712806-272D-485E-8D8E-C08E861CF3E0}" = A.V.A "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C3006EEA-E54F-4CF4-A966-F7BB9FBD7EB8}_is1" = Escepia WarFinder "{C4C91E02-D4E2-481E-BCBA-7D90CC8D43E1}" = LiveZilla Classic "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DFB9FD6D-08A7-4B26-AAC8-3163D6EEF739}" = CUE Splitter "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FB1F0041-6AC3-4D8A-86A2-A185FFE29E2A}_is1" = NerdMt2 - Reloaded 1.5 Version 1.5 "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "5513-1208-7298-9440" = JDownloader 0.9 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "avast" = avast! Free Antivirus "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Combat Arms EU" = Combat Arms EU "CommView" = CommView "DAEMON Tools Lite" = DAEMON Tools Lite "DivX Setup" = DivX-Setup "FileZilla Client" = FileZilla Client 3.2.7.1 "FinalTorrent_is1" = FinalTorrent 2011 "Google Chrome" = Google Chrome "HLSW_is1" = HLSW v1.4.0.2 "ICQToolbar" = ICQ Toolbar "InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "JAP" = JAP "LiveZilla" = LiveZilla "LiveZilla Classic" = LiveZilla Classic "Logitech Vid" = Logitech Vid HD "mIRC" = mIRC "Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de) "MTA:SA 1.1" = MTA:SA v1.1.1 "MySSID_is1" = EXPERTool 7.20 "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Proxifier_is1" = Proxifier version 2.7 "Revo Uninstaller" = Revo Uninstaller 1.93 "San Andreas Mod Installer1.1" = San Andreas Mod Installer "Steam App 240" = Counter-Strike: Source "Steam App 24240" = PAYDAY: The Heist "TeamViewer 7" = TeamViewer 7 "Trusted Software Assistant_is1" = File Type Assistant "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VLC media player" = VLC media player 1.1.11 "WinLiveSuite" = Windows Live Essentials "winscp3_is1" = WinSCP 4.3.4 "YTdetect" = Yahoo! Detect ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 05.02.2012 17:15:28 | Computer Name = KingOfPunica | Source = Bonjour Service | ID = 100 Description = 476: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 05.02.2012 17:15:28 | Computer Name = KingOfPunica | Source = Bonjour Service | ID = 100 Description = 244: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 06.02.2012 13:26:20 | Computer Name = KingOfPunica | Source = WinMgmt | ID = 10 Description = Error - 06.02.2012 16:00:30 | Computer Name = KingOfPunica | Source = Application Hang | ID = 1002 Description = Programm Injashi2.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1128 Startzeit: 01cce5086ddc6080 Endzeit: 73 Anwendungspfad: C:\Users\Florian\Desktop\Injashi2\Injashi2.exe Berichts-ID: Error - 06.02.2012 18:47:29 | Computer Name = KingOfPunica | Source = Bonjour Service | ID = 100 Description = 240: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 06.02.2012 18:47:29 | Computer Name = KingOfPunica | Source = Bonjour Service | ID = 100 Description = 244: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 06.02.2012 18:47:29 | Computer Name = KingOfPunica | Source = Bonjour Service | ID = 100 Description = 344: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 07.02.2012 10:46:48 | Computer Name = KingOfPunica | Source = WinMgmt | ID = 10 Description = Error - 08.02.2012 10:45:16 | Computer Name = KingOfPunica | Source = WinMgmt | ID = 10 Description = Error - 09.02.2012 11:31:12 | Computer Name = KingOfPunica | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 25.01.2012 10:45:02 | Computer Name = KingOfPunica | Source = volsnap | ID = 393241 Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird, auswählen. Error - 01.02.2012 10:56:03 | Computer Name = KingOfPunica | Source = volsnap | ID = 393241 Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird, auswählen. Error - 02.02.2012 06:21:04 | Computer Name = KingOfPunica | Source = volsnap | ID = 393241 Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird, auswählen. Error - 08.02.2012 10:43:39 | Computer Name = KingOfPunica | Source = volsnap | ID = 393241 Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird, auswählen. Error - 09.02.2012 11:41:03 | Computer Name = KingOfPunica | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 09.02.2012 11:41:03 | Computer Name = KingOfPunica | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 10.02.2012 09:17:40 | Computer Name = KingOfPunica | Source = DCOM | ID = 10010 Description = Error - 10.02.2012 20:47:33 | Computer Name = KingOfPunica | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 10.02.2012 20:47:33 | Computer Name = KingOfPunica | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 11.02.2012 07:52:57 | Computer Name = KingOfPunica | Source = volsnap | ID = 393241 Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird, auswählen. < End of report > Würde mich auf eine schnelle Antwort sehr freuen. Vielen Dank im Vorraus Florian |
12.02.2012, 15:53 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Computer wurde gesperrt! 50euro bezahlen!Zitat:
Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
Themen zu Achtung! Computer wurde gesperrt! 50euro bezahlen! |
50euro zahlen, 64-bit, achtung!, adobe, antivirus, autorun, avast, bho, bildschirm, bonjour, computer, defender, euro, firefox, flash player, format, gesperrt, google, google chrome, helper, jdownloader, langs, logfile, nvidia update, nvstor.sys, object, photoshop, plug-in, realtek, registry, required, revo uninstaller, rundll, schattenkopien, software, studio, teamspeak, windows, windows blockiert pornografische inhalte |