| |
| |||||||
Log-Analyse und Auswertung: Ist mein PC Sauber?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
13.03.2012, 11:03
| #1 |
 |  Ist mein PC Sauber? Hallo, Und zwar möchte ich gerne wissen ob mein PC Trojaner und Viren frei ist. Ich habe Windows 7 64bit Edition. Ich poste jetzt mal den DDS log + Attach Code:
ATTFilter .
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Robin at 10:54:53 on 2012-03-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2497 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\Robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D246AA05-B192-4ADE-9E16-6595A44BBE02} : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
IE-X64: {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\sz5n2qep.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://de.ask.com/?l=dis&o=102869&gct=hp
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q=
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-8 44768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-2 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-03-08 22:17:23 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-07 04:59:34 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-03-07 01:52:04 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-07 00:15:19 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-07 00:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-03-07 00:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-03-07 00:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-03-05 09:24:47 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-03-05 09:24:47 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-03-02 11:04:51 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-03-02 09:24:38 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2012-02-24 09:36:50 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-10 03:14:04 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-02-10 03:14:01 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-02-10 03:07:03 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-02-10 03:07:00 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-02-10 03:07:00 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-02-10 03:07:00 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-02-10 03:05:59 2497985 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-02-09 19:05:44 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-01-17 12:46:01 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-01-17 12:45:56 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-01-17 12:45:55 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-03 07:03:12 810496 ----a-w- C:\Windows\System32\xvidcore.dll
2012-01-03 07:03:12 80896 ----a-w- C:\Windows\System32\ff_vfw.dll
2012-01-03 07:03:12 183808 ----a-w- C:\Windows\System32\xvidvfw.dll
2012-01-03 07:03:10 389120 ----a-w- C:\Windows\SysWow64\actskn43.ocx
2012-01-03 07:03:10 389120 ----a-w- C:\Windows\System32\actskn43.ocx
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-16 08:46:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
.
============= FINISH: 10:55:52,69 ===============
Attach: Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 02.03.2012 09:13:31
System Uptime: 12.03.2012 19:50:37 (15 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A88TD-V EVO/USB3
Processor: AMD Phenom(tm) II X4 965 Processor | AM3 | 792/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 217 GiB total, 123,889 GiB free.
D: is FIXED (NTFS) - 106 GiB total, 21,553 GiB free.
E: is CDROM (UDF)
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: NUSB3\ROOT_HUB30\5&36403F85&0
Manufacturer:
Name:
PNP Device ID: NUSB3\ROOT_HUB30\5&36403F85&0
Service:
.
==== System Restore Points ===================
.
RP24: 08.03.2012 02:48:56 - Windows Update
RP25: 09.03.2012 03:00:12 - Windows Update
RP26: 13.03.2012 02:37:04 - Windows Update
.
==== Installed Programs ======================
.
avast! Free Antivirus
Camtasia Studio 7
DAEMON Tools Lite
Die Sims™ 3
Die Sims™ 3 Einfach tierisch
FlashPeak SlimBrowser
Google Chrome
Grand Theft Auto IV
ICQ7.7
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 31
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Mozilla Firefox 10.0.2 (x86 de)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PhotoScape
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Skype™ 5.8
SplitCam
Spybot - Search & Destroy
TRFormersMOD
TRFormersMOD - CLOTHES
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WinRAR 4.11 (32-Bit)
.
==== End Of File ===========================
Ich hoffe ihr könnt mir helfen! PS. ich habe Avast Vollversion. :-) und spybot search und destroy Mit freundlichen Grüßen Roxii |
|
13.03.2012, 18:32
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Ist mein PC Sauber? Warum willst du das wissen? Gibt es irgendwelche Vorgeschichten zu diesem System?
__________________
__________________ |
|
13.03.2012, 20:42
| #3 |
| | Ist mein PC Sauber? hi
__________________Nicht unbedingt, aber in letzter zeit habe ich eine ASK toolbar gehabt! Und das ist doch ein virus oder? Ich kriege die seite im Firefox als Starseite nicht mehr raus  In google chrome hab ich sie rausbekommen. Und wie sieht mein log aus? ist mein pc sauber? EDIT: ich habe auch manchmal ein paar cookies die ich finde!! Die mich verfolgen. Könnt ihr mir sagen ob mein pc komplett viren frei ist? PS.. Ich habe einen trainer mal verwendet, um in Games zu cheaten... aber das mache ich nun nicht mehr... könnt ihr mal nachgucken ob da ein trojaner drauf ist auf meinem pc? Mfg RoXii Geändert von RoXii (13.03.2012 um 20:57 Uhr) |
|
14.03.2012, 14:55
| #4 | |||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ist mein PC Sauber?Zitat:
 Eine Toolbar ist kein Virus, wenn überhaupt ist das unnötiger Ballast, Crapware, nich gewollte Software (PUP) Du musst mal genauer lesen wenn du irgendwelche Setups startest, viele Programmsetups installieren diesen Mist einfach mit! Zitat:
Zitat:
Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.03.2012, 22:24
| #5 |
| | Ist mein PC Sauber? hi habe nun malewarebytes ausgeführt, und er hat das hier gefunden: log Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.14.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Robin :: ROBIN-PC [Administrator] Schutz: Aktiviert 14.03.2012 20:11:48 mbam-log-2012-03-14 (20-11-48).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 360229 Laufzeit: 34 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\Robin\Desktop\DEViATED.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Robin\Downloads\Firefox_Setup_10.0.2.exe (Trojan.FakeFireFox) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\DEViATED.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Neuer Ordner\Neuer Ordner (2)\Neuer Ordner\hauptverzeichniss\3. VERZEICHNIS ( Ordner 05 )\WEB.DE_Firefox_Setup.exe (Trojan.FakeFireFox) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) hilfe trojaner aber da steht ja das sie jetzt weg sind, heißt das es ist alles wieder ok? Eset : Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3381d60fa6a437469b443b2b35ba6938
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-14 08:59:10
# local_time=2012-03-14 09:59:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 48175 83386210 0 0
# compatibility_mode=8192 67108863 100 0 3729 3729 0 0
# scanned=166190
# found=0
# cleaned=0
# scan_time=2390
MFG Roxii  |
|
14.03.2012, 22:26
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ist mein PC Sauber?Zitat:
wo hast du DEViATED.exe her?Und von wo hast du den Firefox runtergeladen?
__________________ --> Ist mein PC Sauber? |
|
14.03.2012, 22:33
| #7 |
| | Ist mein PC Sauber? hi cosinus danke für deine schnelle antwort, ich habe den trainer von einer webseite die ich nicht mehr weiß Die meinten der Trainer wäre in Ordnung und es ist normal das dass Anti viren programm anschlägt. da es dateien verändert im Spiel ordner oder so damit man god mode bekommt und unendlich munition. Firefox habe ich glaube von chip es wundert mich so weil bei chip habe ich immer nur gute software bekommen keine viren oder trojaner nochmal edit: ich lass ab nun die finger von trainern... man weiss ja nie was man doch installiert wenn man die .exe klickt. EDIT2 : darf ich hier links posten? hab grade ein forum gefunden da wird über deviated in englisch diskutiert  Geändert von RoXii (14.03.2012 um 22:51 Uhr) |
|
14.03.2012, 23:04
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ist mein PC Sauber? Das soll der Trainer sein? Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.03.2012, 23:34
| #9 |
| | Ist mein PC Sauber? hi hab den scan nun ausgeführ: Code:
ATTFilter OTL logfile created on: 14.03.2012 23:09:24 - Run 1 OTL by OldTimer - Version 3.2.37.0 Folder = C:\Users\Robin\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,93 Gb Available Physical Memory | 73,18% Memory free 8,00 Gb Paging File | 6,78 Gb Available in Paging File | 84,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 216,80 Gb Total Space | 108,14 Gb Free Space | 49,88% Space Free | Partition Type: NTFS Drive D: | 106,45 Gb Total Space | 21,57 Gb Free Space | 20,26% Space Free | Partition Type: NTFS Drive E: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 5,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ROBIN-PC | User Name: Robin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.14 23:07:03 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Robin\Downloads\OTL.exe PRC - [2012.03.07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.03.01 01:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.02.28 18:11:20 | 000,018,432 | ---- | M] () -- C:\Users\Robin\AppData\LocalLow\Flagfox\IE\FlagfoxUpdater.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.03.01 01:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.28 18:11:20 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\Robin\AppData\LocalLow\Flagfox\IE\FlagfoxUpdater.exe -- (FlagfoxUpdater) SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.03.07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.03.07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.03.07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.03.07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.03.07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.03.02 12:04:51 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.01.17 13:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.09.29 08:04:22 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.04.27 09:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3752288333-708083476-1710006870-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3752288333-708083476-1710006870-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3752288333-708083476-1710006870-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3752288333-708083476-1710006870-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 2C 97 5B 4D F8 CC 01 [binary data] IE - HKU\S-1-5-21-3752288333-708083476-1710006870-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-3752288333-708083476-1710006870-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3752288333-708083476-1710006870-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3752288333-708083476-1710006870-1000\..\SearchScopes\{31736BAB-7BFB-43A9-BA0D-82651305DB62}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=crm&q={searchTerms}&locale=&apn_ptnrs=5J&apn_dtid=YYYYYYYYDE&apn_uid=95fa6c67-9d21-4d3c-b6dd-5e5349787c5e&apn_sauid=B9EEA00D-CC31-4D80-807C-06826F78973D IE - HKU\S-1-5-21-3752288333-708083476-1710006870-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-3752288333-708083476-1710006870-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com/?l=dis&o=102869&gct=hp" FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.08 20:09:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.02 09:46:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.02 09:46:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\mozilla\Extensions [2012.03.13 11:16:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\mozilla\Firefox\Profiles\sz5n2qep.default\extensions [2012.03.02 20:44:48 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Robin\AppData\Roaming\mozilla\Firefox\Profiles\sz5n2qep.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.03.13 11:16:43 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Robin\AppData\Roaming\mozilla\Firefox\Profiles\sz5n2qep.default\extensions\info@flagfox.net [2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\sz5n2qep.default\searchplugins\askcom.xml [2012.03.02 21:24:48 | 000,000,950 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\sz5n2qep.default\searchplugins\icqplugin-1.xml [2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\sz5n2qep.default\searchplugins\icqplugin.xml [2012.03.07 02:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.03.07 02:52:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.03.08 20:09:44 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.02.16 15:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.16 11:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Robin\AppData\Local\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Robin\AppData\Local\Google\Chrome\Application\17.0.963.66\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Robin\AppData\Local\Google\Chrome\Application\17.0.963.66\gcswf32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\ CHR - Extension: AdBlock = C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.20_0\ CHR - Extension: avast! WebRep = C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\ CHR - Extension: Flagfox = C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ildldcbkkbkhnjghnbidklpepakbepnd\4.1.129_0\ CHR - Extension: Google Mail = C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Flagfox) - {A02B5E09-122E-4A2D-B996-D997485B8C9E} - C:\Users\Robin\AppData\LocalLow\Flagfox\IE\Flagfox.dll (Dave G) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKU\S-1-5-21-3752288333-708083476-1710006870-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3752288333-708083476-1710006870-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-3752288333-708083476-1710006870-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3752288333-708083476-1710006870-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D246AA05-B192-4ADE-9E16-6595A44BBE02}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.11.15 10:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - E:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2008.10.11 18:03:48 | 000,000,054 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O32 - AutoRun File - [2011.10.06 16:01:16 | 000,000,044 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{6447ef70-6442-11e1-8801-bcaec58adf4a}\Shell - "" = AutoRun O33 - MountPoints2\{6447ef70-6442-11e1-8801-bcaec58adf4a}\Shell\AutoRun\command - "" = G:\Setup.exe -- [2011.10.06 16:01:18 | 000,355,920 | R--- | M] (Valve Corporation) O33 - MountPoints2\{a662fb88-643e-11e1-8643-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a662fb88-643e-11e1-8643-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2008.11.15 10:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) MsConfig:64bit - StartUpReg: ManyCam - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: SplitCam - hkey= - key= - C:\Program Files (x86)\SplitCam\SplitCam.exe (SplitCam Co.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: WebcamMaxAutoRun - hkey= - key= - File not found SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - ff_vfw.dll File not found Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation) Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation) Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: VIDC.XVID - xvidvfw.dll File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.14 21:17:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.03.14 20:10:51 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Malwarebytes [2012.03.14 20:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.14 20:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.14 20:10:46 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.03.14 20:10:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.03.14 03:11:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012.03.14 03:01:14 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\exes [2012.03.14 03:01:05 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\source [2012.03.14 02:37:10 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\Skyrim [2012.03.14 02:37:10 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\My Games [2012.03.14 02:29:05 | 000,000,000 | ---D | C] -- C:\The Elder Scrolls V- Skyrim [2012.03.14 02:16:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Elder Scrolls V- Skyrim [2012.03.14 02:02:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012.03.13 21:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.03.13 21:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.03.13 21:32:31 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.03.13 21:32:31 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.03.13 21:23:12 | 000,000,000 | ---D | C] -- C:\NVIDIA [2012.03.13 20:59:28 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Cleaner Pro [2012.03.13 20:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Cleaner Pro [2012.03.13 20:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Cleaner Pro [2012.03.13 11:16:44 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\tiger-k [2012.03.13 11:16:43 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\Moyea [2012.03.13 11:16:43 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Moyea [2012.03.13 11:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moyea [2012.03.13 11:14:19 | 000,606,208 | ---- | C] (hxxp://www.xvid.org) -- C:\Windows\SysWow64\xvidcore.dll [2012.03.13 11:14:19 | 000,139,264 | ---- | C] (hxxp://www.xvid.org) -- C:\Windows\SysWow64\xvid.ax [2012.03.13 11:14:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moyea [2012.03.13 06:50:48 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\Originals [2012.03.13 06:12:50 | 000,000,000 | ---D | C] -- C:\Users\Robin\.thumbnails [2012.03.13 06:11:14 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\gegl-0.0 [2012.03.13 06:11:14 | 000,000,000 | ---D | C] -- C:\Users\Robin\.gimp-2.6 [2012.03.13 06:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP [2012.03.13 06:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0 [2012.03.11 22:39:29 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\Neuer Ordner (2) [2012.03.10 03:21:14 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\Originale vehicle datei! [2012.03.08 18:10:55 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.03.08 02:40:10 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\ManyCam [2012.03.07 23:51:31 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\NVIDIA [2012.03.07 23:30:00 | 000,000,000 | ---D | C] -- C:\Users\Robin\Desktop\Neuer Ordner [2012.03.07 17:46:20 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Skype [2012.03.07 17:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.03.07 17:46:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.03.07 17:46:04 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.03.07 17:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.03.07 15:28:22 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SplitCam [2012.03.07 15:28:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitCam [2012.03.07 15:06:34 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\APN [2012.03.07 15:06:28 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\WebcamMax [2012.03.07 15:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\WebcamMax [2012.03.07 15:01:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7.1.0.0 [2012.03.07 14:09:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Web Solution Mart [2012.03.07 06:48:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools [2012.03.07 06:42:33 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys [2012.03.07 06:42:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2012.03.07 06:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.03.07 06:41:57 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\TestApp [2012.03.07 06:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012.03.07 05:59:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2012.03.07 05:59:35 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2012.03.07 05:55:31 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\Sunbelt Software [2012.03.07 05:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2012.03.07 05:09:23 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\gtk-2.0 [2012.03.07 05:05:51 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\.purple [2012.03.07 05:04:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pidgin [2012.03.07 02:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.03.07 02:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.03.07 02:52:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.03.07 01:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.03.07 01:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.03.07 01:55:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.03.06 03:03:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2012.03.05 17:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.03.05 17:46:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012.03.05 12:53:22 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\SlimBrowser [2012.03.05 12:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPeak SlimBrowser [2012.03.05 12:53:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimBrowser [2012.03.05 10:18:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012.03.05 10:17:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012.03.04 13:12:31 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2012.03.04 13:11:36 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2012.03.02 23:24:25 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\ICQ [2012.03.02 20:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.7 [2012.03.02 20:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar [2012.03.02 20:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ [2012.03.02 20:40:22 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\ICQ [2012.03.02 20:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.7 [2012.03.02 12:42:27 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\Electronic Arts [2012.03.02 12:25:21 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\TechSmith [2012.03.02 12:25:16 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\Camtasia Studio [2012.03.02 12:24:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime [2012.03.02 12:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camtasia Studio 7 [2012.03.02 12:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith [2012.03.02 12:24:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.03.02 12:24:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared [2012.03.02 12:24:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith [2012.03.02 12:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE [2012.03.02 12:10:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2012.03.02 12:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012.03.02 12:04:51 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.03.02 12:04:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2012.03.02 12:04:24 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\DAEMON Tools Lite [2012.03.02 12:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2012.03.02 11:54:30 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\WinRAR [2012.03.02 11:54:30 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.03.02 11:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.03.02 11:54:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR [2012.03.02 10:36:09 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\Rockstar Games [2012.03.02 10:33:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2012.03.02 10:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.03.02 10:29:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.03.02 10:26:00 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\Rockstar Games [2012.03.02 10:25:17 | 000,000,000 | RH-D | C] -- C:\Users\Robin\AppData\Roaming\SecuROM [2012.03.02 10:24:38 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012.03.02 10:22:05 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\Games for Windows - LIVE Demos [2012.03.02 10:18:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2012.03.02 10:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2012.03.02 10:18:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2012.03.02 09:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2012.03.02 09:50:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games [2012.03.02 09:50:52 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012.03.02 09:46:48 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Mozilla [2012.03.02 09:46:48 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\Mozilla [2012.03.02 09:46:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.03.02 09:45:51 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\PhotoScape [2012.03.02 09:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape [2012.03.02 09:45:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape [2012.03.02 09:44:47 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView [2012.03.02 09:44:47 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\IrfanView [2012.03.02 09:44:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView [2012.03.02 09:35:40 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.03.02 09:35:40 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.03.02 09:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012.03.02 09:35:38 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.03.02 09:35:38 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.03.02 09:35:38 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012.03.02 09:35:37 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.03.02 09:35:22 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.03.02 09:35:22 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012.03.02 09:29:15 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.03.02 09:28:59 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012.03.02 09:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.03.02 09:28:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.03.02 09:27:55 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\Google [2012.03.02 09:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012.03.02 09:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.03.02 09:27:25 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012.03.02 09:21:28 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Macromedia [2012.03.02 09:21:28 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Adobe [2012.03.02 09:21:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2012.03.02 09:21:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.03.02 09:15:32 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\Diagnostics [2012.03.02 09:14:01 | 000,000,000 | R--D | C] -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.03.02 09:14:01 | 000,000,000 | R--D | C] -- C:\Users\Robin\Searches [2012.03.02 09:14:01 | 000,000,000 | R--D | C] -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.03.02 09:13:51 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Identities [2012.03.02 09:13:49 | 000,000,000 | R--D | C] -- C:\Users\Robin\Contacts [2012.03.02 09:13:47 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\VirtualStore [2012.03.02 09:13:36 | 000,000,000 | --SD | C] -- C:\Users\Robin\AppData\Roaming\Microsoft [2012.03.02 09:13:36 | 000,000,000 | R--D | C] -- C:\Users\Robin\Videos [2012.03.02 09:13:36 | 000,000,000 | R--D | C] -- C:\Users\Robin\Saved Games [2012.03.02 09:13:36 | 000,000,000 | R--D | C] -- C:\Users\Robin\Pictures [2012.03.02 09:13:36 | 000,000,000 | R--D | C] -- C:\Users\Robin\Music [2012.03.02 09:13:36 | 000,000,000 | R--D | C] -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.03.02 09:13:36 | 000,000,000 | R--D | C] -- C:\Users\Robin\Links [2012.03.02 09:13:36 | 000,000,000 | R--D | C] -- C:\Users\Robin\Favorites [2012.03.02 09:13:36 | 000,000,000 | R--D | C] -- C:\Users\Robin\Downloads [2012.03.02 09:13:36 | 000,000,000 | R--D | C] -- C:\Users\Robin\Documents [2012.03.02 09:13:36 | 000,000,000 | R--D | C] -- C:\Users\Robin\Desktop [2012.03.02 09:13:36 | 000,000,000 | R--D | C] -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.03.02 09:13:36 | 000,000,000 | -HSD | C] -- C:\Users\Robin\Vorlagen [2012.03.02 09:13:36 | 000,000,000 | -HSD | C] -- C:\Users\Robin\AppData\Local\Verlauf [2012.03.02 09:13:36 | 000,000,000 | -HSD | C] -- C:\Users\Robin\AppData\Local\Temporary Internet Files [2012.03.02 09:13:36 | 000,000,000 | -HSD | C] -- C:\Users\Robin\Startmenü [2012.03.02 09:13:36 | 000,000,000 | -HSD | C] -- C:\Users\Robin\SendTo [2012.03.02 09:13:36 | 000,000,000 | -HSD | C] -- C:\Users\Robin\Recent [2012.03.02 09:13:36 | 000,000,000 | -HSD | C] -- C:\Users\Robin\Netzwerkumgebung [2012.03.02 09:13:36 | 000,000,000 | -HSD | C] -- C:\Users\Robin\Lokale Einstellungen [2012.03.02 09:13:36 | 000,000,000 | -HSD | C] -- C:\Users\Robin\Documents\Eigene Videos [2012.03.02 09:13:36 | 000,000,000 | -HSD | C] -- C:\Users\Robin\Documents\Eigene Musik [2012.03.02 09:13:36 | 000,000,000 | -HSD | C] -- C:\Users\Robin\Eigene Dateien [2012.03.02 09:13:36 | 000,000,000 | -HSD | C] -- C:\Users\Robin\Documents\Eigene Bilder [2012.03.02 09:13:36 | 000,000,000 | -HSD | C] -- C:\Users\Robin\Druckumgebung [2012.03.02 09:13:36 | 000,000,000 | -HSD | C] -- C:\Users\Robin\Cookies [2012.03.02 09:13:36 | 000,000,000 | -HSD | C] -- C:\Users\Robin\AppData\Local\Anwendungsdaten [2012.03.02 09:13:36 | 000,000,000 | -HSD | C] -- C:\Users\Robin\Anwendungsdaten [2012.03.02 09:13:36 | 000,000,000 | -H-D | C] -- C:\Users\Robin\AppData [2012.03.02 09:13:36 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\Temp [2012.03.02 09:13:36 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\Microsoft [2012.03.02 09:13:36 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Media Center Programs [2012.03.02 09:13:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.03.02 09:13:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.03.02 09:13:29 | 000,000,000 | -HSD | C] -- C:\Recovery [2012.03.02 09:13:29 | 000,000,000 | -HSD | C] -- C:\Programme [2012.03.02 09:13:29 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.03.02 09:13:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.03.02 09:13:29 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.03.02 09:13:29 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.03.02 09:13:29 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.03.02 09:13:29 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.03.02 09:13:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.03.02 09:13:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.03.02 09:09:36 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.03.02 09:07:09 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2012.03.02 09:06:50 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012.03.02 09:05:58 | 000,000,000 | ---D | C] -- C:\Windows\Panther [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.14 23:01:32 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.14 23:01:32 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.14 22:58:47 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.14 22:58:47 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.14 22:58:47 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.14 22:58:47 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.14 22:58:47 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.14 22:53:58 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.03.14 22:53:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.14 22:53:31 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys [2012.03.14 20:10:47 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.14 05:29:06 | 000,007,168 | ---- | M] () -- C:\Users\Robin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.13 20:59:28 | 000,001,975 | ---- | M] () -- C:\Users\Robin\Desktop\Driver Cleaner Pro.lnk [2012.03.13 12:00:27 | 000,002,088 | ---- | M] () -- C:\Users\Robin\.recently-used.xbel [2012.03.13 11:14:20 | 000,001,195 | ---- | M] () -- C:\Users\Public\Desktop\Moyea Video4Web Converter.lnk [2012.03.13 10:53:26 | 000,000,168 | ---- | M] () -- C:\Users\Robin\defogger_reenable [2012.03.13 10:52:35 | 000,050,477 | ---- | M] () -- C:\Users\Robin\Desktop\Defogger.exe [2012.03.13 06:40:45 | 000,018,302 | ---- | M] () -- C:\Users\Robin\Documents\4523523.jpg [2012.03.13 06:09:56 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2012.03.11 22:36:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.03.10 03:19:54 | 000,067,793 | ---- | M] () -- C:\Users\Robin\Desktop\dashcam.zip [2012.03.09 03:30:58 | 000,044,255 | ---- | M] () -- C:\Users\Robin\Documents\11.jpg [2012.03.08 23:14:08 | 000,047,393 | ---- | M] () -- C:\Users\Robin\Documents\DSC0125.jpg [2012.03.08 22:29:53 | 005,953,248 | ---- | M] () -- C:\Users\Robin\Documents\DSC01041.JPG [2012.03.08 20:09:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.03.08 18:10:56 | 000,002,274 | ---- | M] () -- C:\Users\Robin\Desktop\Google Chrome.lnk [2012.03.08 02:52:05 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.03.08 02:52:04 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.03.07 19:28:09 | 000,606,189 | ---- | M] () -- C:\Users\Robin\Documents\001.jpg [2012.03.07 18:28:44 | 000,052,484 | ---- | M] () -- C:\Users\Robin\Documents\hajaajaiOFHJPFHIUIASFHUIWFHIOWERFHJIOWG.jpg [2012.03.07 18:02:47 | 000,003,588 | ---- | M] () -- C:\Users\Robin\Documents\stad_-m_oedchen-alb1m21p.jpg [2012.03.07 15:28:22 | 000,001,007 | ---- | M] () -- C:\Users\Robin\Desktop\SplitCam.lnk [2012.03.07 06:43:10 | 001,744,890 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2012.03.07 06:00:06 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012.03.07 06:00:06 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012.03.07 05:59:34 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2012.03.07 01:55:03 | 000,001,258 | ---- | M] () -- C:\Users\Robin\Desktop\Spybot - Search & Destroy.lnk [2012.03.07 01:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.03.07 01:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.03.07 01:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.03.07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.03.07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.03.07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012.03.07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.03.07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.03.07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.03.05 12:53:18 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\FlashPeak SlimBrowser.lnk [2012.03.02 12:58:36 | 000,005,385 | ---- | M] () -- C:\Users\Robin\Desktop\Sims3_Pets_bended.rar [2012.03.02 12:39:11 | 000,002,264 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 3 Einfach tierisch.lnk [2012.03.02 12:24:42 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk [2012.03.02 12:15:32 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\Die*Sims™*3.lnk [2012.03.02 12:05:30 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.03.02 12:04:51 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.03.02 10:29:48 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.03.02 10:24:38 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012.03.02 10:22:07 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk [2012.03.02 09:46:44 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.03.02 09:45:48 | 000,001,031 | ---- | M] () -- C:\Users\Robin\Desktop\PhotoScape.lnk [2012.03.02 09:44:48 | 000,001,890 | ---- | M] () -- C:\Users\Robin\Desktop\IrfanView Thumbnails.lnk [2012.03.02 09:44:48 | 000,000,998 | ---- | M] () -- C:\Users\Robin\Desktop\IrfanView.lnk [2012.03.02 09:35:40 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.03.02 09:10:10 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.03.02 09:10:10 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012.03.01 01:02:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.03.01 01:02:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.03.01 01:02:00 | 000,011,770 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.02.29 21:59:29 | 002,515,790 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [2012.02.29 13:26:56 | 000,416,064 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.02.24 10:36:50 | 000,230,952 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.14 20:10:47 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.14 03:01:05 | 000,041,472 | ---- | C] () -- C:\Users\Robin\Desktop\skyrim4gb.exe [2012.03.14 03:01:05 | 000,014,336 | ---- | C] () -- C:\Users\Robin\Desktop\skyrim4gb_helper.dll [2012.03.13 21:33:49 | 002,515,790 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2012.03.13 20:59:28 | 000,001,975 | ---- | C] () -- C:\Users\Robin\Desktop\Driver Cleaner Pro.lnk [2012.03.13 12:00:27 | 000,002,088 | ---- | C] () -- C:\Users\Robin\.recently-used.xbel [2012.03.13 11:14:20 | 000,001,195 | ---- | C] () -- C:\Users\Public\Desktop\Moyea Video4Web Converter.lnk [2012.03.13 10:53:25 | 000,000,168 | ---- | C] () -- C:\Users\Robin\defogger_reenable [2012.03.13 10:52:25 | 000,050,477 | ---- | C] () -- C:\Users\Robin\Desktop\Defogger.exe [2012.03.13 06:40:45 | 000,018,302 | ---- | C] () -- C:\Users\Robin\Documents\4523523.jpg [2012.03.13 06:09:56 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2012.03.12 20:38:40 | 008,822,912 | ---- | C] () -- C:\Users\Robin\Desktop\Stefanie Heinzmann - Diggin' In The Dirt.mp3 [2012.03.11 22:36:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.03.10 03:19:53 | 000,067,793 | ---- | C] () -- C:\Users\Robin\Desktop\dashcam.zip [2012.03.09 03:30:57 | 000,044,255 | ---- | C] () -- C:\Users\Robin\Documents\11.jpg [2012.03.08 23:14:07 | 000,047,393 | ---- | C] () -- C:\Users\Robin\Documents\DSC0125.jpg [2012.03.08 22:27:44 | 005,953,248 | ---- | C] () -- C:\Users\Robin\Documents\DSC01041.JPG [2012.03.08 18:10:56 | 000,002,274 | ---- | C] () -- C:\Users\Robin\Desktop\Google Chrome.lnk [2012.03.08 02:52:04 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.03.08 02:52:04 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.03.07 19:27:59 | 000,606,189 | ---- | C] () -- C:\Users\Robin\Documents\001.jpg [2012.03.07 18:28:42 | 000,052,484 | ---- | C] () -- C:\Users\Robin\Documents\hajaajaiOFHJPFHIUIASFHUIWFHIOWERFHJIOWG.jpg [2012.03.07 18:02:46 | 000,003,588 | ---- | C] () -- C:\Users\Robin\Documents\stad_-m_oedchen-alb1m21p.jpg [2012.03.07 15:28:22 | 000,001,007 | ---- | C] () -- C:\Users\Robin\Desktop\SplitCam.lnk [2012.03.07 15:28:18 | 000,810,496 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll [2012.03.07 15:28:18 | 000,183,808 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll [2012.03.07 15:28:18 | 000,080,896 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll [2012.03.07 15:28:12 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\actskn43.ocx [2012.03.07 15:28:12 | 000,389,120 | ---- | C] () -- C:\Windows\SysNative\actskn43.ocx [2012.03.07 06:42:36 | 001,744,890 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB [2012.03.07 06:00:06 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2012.03.07 06:00:06 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2012.03.07 01:55:03 | 000,001,258 | ---- | C] () -- C:\Users\Robin\Desktop\Spybot - Search & Destroy.lnk [2012.03.05 12:53:18 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\FlashPeak SlimBrowser.lnk [2012.03.04 13:14:07 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2012.03.04 13:11:00 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2012.03.04 13:10:35 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2012.03.04 13:10:35 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2012.03.04 13:09:51 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2012.03.02 13:48:17 | 000,007,168 | ---- | C] () -- C:\Users\Robin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.02 12:58:35 | 000,005,385 | ---- | C] () -- C:\Users\Robin\Desktop\Sims3_Pets_bended.rar [2012.03.02 12:39:11 | 000,002,264 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 3 Einfach tierisch.lnk [2012.03.02 12:24:42 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk [2012.03.02 12:15:32 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\Die*Sims™*3.lnk [2012.03.02 12:05:30 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.03.02 10:29:48 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.03.02 10:22:07 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk [2012.03.02 10:17:51 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2012.03.02 09:46:44 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.03.02 09:46:44 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.03.02 09:45:48 | 000,001,031 | ---- | C] () -- C:\Users\Robin\Desktop\PhotoScape.lnk [2012.03.02 09:44:48 | 000,001,890 | ---- | C] () -- C:\Users\Robin\Desktop\IrfanView Thumbnails.lnk [2012.03.02 09:44:48 | 000,000,998 | ---- | C] () -- C:\Users\Robin\Desktop\IrfanView.lnk [2012.03.02 09:35:40 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.03.02 09:29:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2012.03.02 09:14:06 | 000,001,405 | ---- | C] () -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.03.02 09:14:02 | 000,001,439 | ---- | C] () -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.03.02 09:10:01 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.03.02 09:10:00 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012.03.02 09:06:50 | 3220,574,208 | -HS- | C] () -- C:\hiberfil.sys [2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== LOP Check ========== [2012.03.07 05:09:34 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\.purple [2012.03.14 02:00:57 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\DAEMON Tools Lite [2012.03.07 05:09:27 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\gtk-2.0 [2012.03.14 00:07:11 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\ICQ [2012.03.02 09:44:47 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\IrfanView [2012.03.08 02:40:35 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\ManyCam [2012.03.13 11:16:43 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Moyea [2012.03.12 00:04:58 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\PhotoScape [2012.03.09 04:46:22 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\SlimBrowser [2012.03.07 06:41:57 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\TestApp [2012.03.13 11:17:15 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\tiger-k [2012.03.07 15:06:28 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\WebcamMax [2009.07.14 06:08:49 | 000,009,954 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.03.07 05:09:34 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\.purple [2012.03.02 09:21:28 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Adobe [2012.03.14 02:00:57 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\DAEMON Tools Lite [2012.03.07 05:09:27 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\gtk-2.0 [2012.03.14 00:07:11 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\ICQ [2012.03.02 09:13:51 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Identities [2012.03.02 09:44:47 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\IrfanView [2012.03.02 09:21:28 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Macromedia [2012.03.14 20:10:51 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Malwarebytes [2012.03.08 02:40:35 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\ManyCam [2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Media Center Programs [2012.03.07 15:30:23 | 000,000,000 | --SD | M] -- C:\Users\Robin\AppData\Roaming\Microsoft [2012.03.13 11:16:43 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Moyea [2012.03.02 09:46:52 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Mozilla [2012.03.07 23:51:31 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\NVIDIA [2012.03.12 00:04:58 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\PhotoScape [2012.03.02 10:25:17 | 000,000,000 | RH-D | M] -- C:\Users\Robin\AppData\Roaming\SecuROM [2012.03.14 00:07:15 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Skype [2012.03.09 04:46:22 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\SlimBrowser [2012.03.07 06:41:57 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\TestApp [2012.03.13 11:17:15 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\tiger-k [2012.03.07 15:06:28 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\WebcamMax [2012.03.02 11:56:21 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2012.03.02 12:15:42 | 000,010,134 | R--- | M] () -- C:\Users\Robin\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 < End of report > Was mich grade etwas beunruhigt ist das hier: Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Was soll das? Ist das ein Spionage Programm oder sowas?? EDIT: hab von dem fraunhofer institut noch nie was von gehört. Mfg Roxii Geändert von RoXii (14.03.2012 um 23:41 Uhr) |
|
14.03.2012, 23:35
| #10 |
| | Ist mein PC Sauber? Sorry für den Doppel Post! Geändert von RoXii (14.03.2012 um 23:37 Uhr) Grund: Doppel Post sorry |
|
15.03.2012, 04:24
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ist mein PC Sauber?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.03.2012, 00:29
| #12 |
| | Ist mein PC Sauber? hey ja aber was ist das nun genau? und ist mein pc sonst sauber? mfg roxii hab über das institut nur gehört das es forschung in elektronik betreibt oder sowas... |
|
16.03.2012, 16:41
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ist mein PC Sauber? Hör auf dir darüber Sorgen zu machen! Ich sach dir schon was weg kann und was nicht mit Hilfe von Fix-Scripten Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3752288333-708083476-1710006870-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3752288333-708083476-1710006870-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3752288333-708083476-1710006870-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 2C 97 5B 4D F8 CC 01 [binary data]
IE - HKU\S-1-5-21-3752288333-708083476-1710006870-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3752288333-708083476-1710006870-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3752288333-708083476-1710006870-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3752288333-708083476-1710006870-1000\..\SearchScopes\{31736BAB-7BFB-43A9-BA0D-82651305DB62}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=crm&q={searchTerms}&locale=&apn_ptnrs=5J&apn_dtid=YYYYYYYYDE&apn_uid=95fa6c67-9d21-4d3c-b6dd-5e5349787c5e&apn_sauid=B9EEA00D-CC31-4D80-807C-06826F78973D
IE - HKU\S-1-5-21-3752288333-708083476-1710006870-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://de.ask.com/?l=dis&o=102869&gct=hp"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q="
[2012.03.02 20:44:48 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Robin\AppData\Roaming\mozilla\Firefox\Profiles\sz5n2qep.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\sz5n2qep.default\searchplugins\askcom.xml
[2012.03.02 21:24:48 | 000,000,950 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\sz5n2qep.default\searchplugins\icqplugin-1.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\sz5n2qep.default\searchplugins\icqplugin.xml
O3 - HKU\S-1-5-21-3752288333-708083476-1710006870-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3752288333-708083476-1710006870-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.15 10:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.11 18:03:48 | 000,000,054 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2011.10.06 16:01:16 | 000,000,044 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6447ef70-6442-11e1-8801-bcaec58adf4a}\Shell - "" = AutoRun
O33 - MountPoints2\{6447ef70-6442-11e1-8801-bcaec58adf4a}\Shell\AutoRun\command - "" = G:\Setup.exe -- [2011.10.06 16:01:18 | 000,355,920 | R--- | M] (Valve Corporation)
O33 - MountPoints2\{a662fb88-643e-11e1-8643-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a662fb88-643e-11e1-8643-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2008.11.15 10:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.)
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.03.2012, 10:43
| #14 |
| | Ist mein PC Sauber? hi hab den otl log angehängt. |
|
17.03.2012, 15:05
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ist mein PC Sauber? Lies bitte meine Anleitungen richtig. Das war KEIN Fix-Log
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Ist mein PC Sauber? |
| antivirus, asus, avast, cdrom, computer, defender, explorer, firefox, google, helper, home, icq, ics, log, mozilla, nvidia, nvidia update, plug-in, realtek, software, studio, svchost.exe, system, trojaner, usb, usb 3.0, viren, webcam, windows, windows 7 64bit, windows 7 home, windows 7 home premium |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Hybrid-Darstellung
