Unlizensierte Windows-Version Problem

gilaud · 15.03.2012, 20:10

N'abend.
Habe dieses wohl bekannt Problem, dass meine Windows Version unlizensiert sei und ein Security Center jegliche Aktionen verbietet, worauf ich 100€ bezahlen möge.
Habe im abgesicherten Modus + Netzwerktreiber OTL durchlaufen lassen.

OTL.Text:

Code:

ATTFilter

OTL logfile created on: 15.03.2012 19:27:56 - Run 1
OTL by OldTimer - Version 3.2.37.0     Folder = C:\Users\Kiffin'\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 81,18% Memory free
6,69 Gb Paging File | 6,30 Gb Available in Paging File | 94,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 308,88 Gb Total Space | 135,46 Gb Free Space | 43,85% Space Free | Partition Type: NTFS
Drive D: | 613,85 Gb Total Space | 258,51 Gb Free Space | 42,11% Space Free | Partition Type: NTFS
Drive E: | 3,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: KIFFIN-PC | User Name: Kiffin' | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Kiffin'\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (TestHandler) -- C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe ()
SRV - (libusbd) -- C:\Windows\System32\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZDPSp60) -- System32\Drivers\ZDPSp60.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\Windows\System32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation)
DRV - (BRGSp50) -- C:\Windows\System32\drivers\BRGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ovt530) -- C:\Windows\System32\drivers\ov530vid.sys (OmniVision Technologies, Inc.)
DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys ()
DRV - (ZDPSp50) -- C:\Windows\System32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (phil2vid) -- C:\Windows\System32\drivers\philcam2.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic_Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/home.php?"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {E5886C91-CDD7-4832-B32D-0830705A9C60}:1.0
FF - prefs.js..keyword.URL: "hxxp://ecosia.org/lucky.php?q="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Hans Peter Orlowsky\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: d:\hans peter orlowsky\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: d:\hans peter orlowsky\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: d:\hans peter orlowsky\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.03.06 14:18:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\Hans Peter Orlowsky\FireFox\components [2012.02.19 16:46:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\Hans Peter Orlowsky\FireFox\plugins [2012.03.06 14:18:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{E5886C91-CDD7-4832-B32D-0830705A9C60}: C:\Users\Kiffin'\AppData\Roaming\5014 [2011.04.01 21:58:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Kiffin'\AppData\Roaming\5015 [2011.04.05 17:33:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Hans Peter Orlowsky\FireFox\components [2012.02.19 16:46:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Hans Peter Orlowsky\FireFox\plugins [2012.03.06 14:18:32 | 000,000,000 | ---D | M]
 
[2010.11.30 18:04:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kiffin'\AppData\Roaming\mozilla\Extensions
[2010.11.30 18:04:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kiffin'\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.07 14:21:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kiffin'\AppData\Roaming\mozilla\Firefox\Profiles\82t2q4hl.default\extensions
[2011.03.25 20:57:22 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Kiffin'\AppData\Roaming\mozilla\Firefox\Profiles\82t2q4hl.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011.03.25 20:57:22 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Kiffin'\AppData\Roaming\mozilla\Firefox\Profiles\82t2q4hl.default\extensions\tineye@ideeinc.com
[2008.12.22 15:27:48 | 000,000,894 | ---- | M] () -- C:\Users\Kiffin'\AppData\Roaming\Mozilla\Firefox\Profiles\82t2q4hl.default\searchplugins\conduit.xml
[2010.01.04 00:25:15 | 000,002,354 | ---- | M] () -- C:\Users\Kiffin'\AppData\Roaming\Mozilla\Firefox\Profiles\82t2q4hl.default\searchplugins\ecosia.xml
[2012.03.06 14:18:20 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\KIFFIN'\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\82T2Q4HL.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\KIFFIN'\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\82T2Q4HL.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\KIFFIN'\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\82T2Q4HL.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Hans Peter Orlowsky\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Microsoft Update] livemessenger.exe File not found
O4 - HKLM..\Run: [TkBellExe] d:\hans peter orlowsky\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON SX218 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [fsc-reg] C:\fsc-reg\fscreg.exe (Fujitsu Siemens)
O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe File not found
O4 - HKCU..\Run: [vasja] C:\Users\Kiffin'\AppData\Local\Temp\mor.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint - Drucken - D:\Hans Peter Orlowsky\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - D:\Hans Peter Orlowsky\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - D:\Hans Peter Orlowsky\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - D:\Hans Peter Orlowsky\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Hans Peter Orlowsky\ICQ\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Hans Peter Orlowsky\ICQ\ICQLite.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} hxxp://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB (DyynoX Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61119530-AA6A-4060-B75B-696801F37432}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kiffin'\Desktop\bilderas\Joy+Division_Unknown+Pleasures_She's+Lost+Control+(1979).jpg
O24 - Desktop BackupWallPaper: C:\Users\Kiffin'\Desktop\bilderas\Joy+Division_Unknown+Pleasures_She's+Lost+Control+(1979).jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.02.25 17:24:44 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6dd0efb0-b23f-11dd-9a2d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6dd0efb0-b23f-11dd-9a2d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe -- [2004.10.21 18:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{77b505b1-4634-11df-bd44-002185c4b533}\Shell\AutoRun\command - "" = K:\Toshiba\more4you.exe
O33 - MountPoints2\{cafb4f1c-8759-11de-bee4-002185c4b533}\Shell - "" = AutoRun
O33 - MountPoints2\{cafb4f1c-8759-11de-bee4-002185c4b533}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{fd4f66e0-2b1d-11e0-b700-002185c4b533}\Shell - "" = AutoRun
O33 - MountPoints2\{fd4f66e0-2b1d-11e0-b700-002185c4b533}\Shell\AutoRun\command - "" = K:\Autoplay\AutoRun.exe
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Toshiba\more4you.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.15 19:19:08 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Kiffin'\Desktop\OTL.exe
[2012.03.13 18:04:00 | 000,046,592 | ---- | C] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusb0.dll
[2012.03.13 18:04:00 | 000,019,456 | ---- | C] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusbd-9x.exe
[2012.03.13 18:04:00 | 000,018,944 | ---- | C] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusbd-nt.exe
[2012.03.13 18:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\LibUSB-Win32-0.1.10.1
[2012.03.13 18:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibUSB-Win32
[2012.03.11 00:50:35 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2012.03.11 00:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postal 2
[2012.02.29 13:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.02.29 13:05:57 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012.02.26 14:34:51 | 000,000,000 | ---D | C] -- C:\Windows\OvtCam
[2012.02.26 13:56:14 | 000,061,440 | ---- | C] (OmniVision Technologies, Inc.) -- C:\Windows\ov530dib.dll
[2012.02.26 13:56:14 | 000,025,177 | ---- | C] (OmniVision Technologies Inc.) -- C:\Windows\System32\drivers\ov530cmd.sys
[2012.02.26 13:56:13 | 000,161,792 | ---- | C] (OmniVision Technologies, Inc.) -- C:\Windows\System32\drivers\ov530vid.sys
[2012.02.26 13:56:13 | 000,040,960 | ---- | C] (OmniVision Technologies Inc.) -- C:\Windows\System32\ov530ext.dll
[2012.02.26 13:56:13 | 000,018,972 | ---- | C] (OmniVision Technologies Inc.) -- C:\Windows\System32\ov530ext.ax
[2012.02.26 13:56:13 | 000,016,440 | ---- | C] (OmniVision Technologies Inc.) -- C:\Windows\System32\ov530usd.dll
[2012.02.26 13:53:07 | 000,589,824 | ---- | C] (Guillemot Corporation S.A.) -- C:\Windows\System32\HWLMSET2.exe
[2012.02.26 13:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\Hercules
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.15 19:19:09 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Kiffin'\Desktop\OTL.exe
[2012.03.15 19:09:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.15 19:00:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.15 19:00:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.15 19:00:54 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.15 15:25:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C1373044-6303-4F5B-9511-DC99F2F561D5}.job
[2012.03.15 15:24:13 | 000,530,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.14 18:24:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.06 14:18:29 | 000,000,737 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.03.06 14:18:29 | 000,000,710 | ---- | M] () -- C:\Users\Public\Desktop\Kostenlose Angebote.lnk
[2012.03.06 14:17:55 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012.02.29 22:42:48 | 001,498,061 | ---- | M] () -- C:\Users\Kiffin'\Desktop\Foto009.jpg
[2012.02.29 13:06:00 | 000,000,813 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012.02.26 22:26:58 | 000,005,315 | ---- | M] () -- C:\Users\Kiffin'\.recently-used.xbel
[2012.02.26 22:12:23 | 000,036,260 | ---- | M] () -- C:\Users\Kiffin'\ds_digital.zip
[2012.02.26 21:52:10 | 000,000,978 | ---- | M] () -- C:\Users\Kiffin'\Desktop\skype.lnk
[2012.02.26 16:51:30 | 000,906,967 | ---- | M] () -- C:\Users\Kiffin'\Desktop\homobobderpherp.jpg
[2012.02.25 13:51:04 | 000,664,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.25 13:51:04 | 000,625,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.25 13:51:04 | 000,142,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.25 13:51:04 | 000,116,946 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.25 12:08:30 | 001,056,153 | ---- | M] () -- C:\Users\Kiffin'\Desktop\homobobderp.jpg
[2012.02.25 12:04:44 | 001,585,824 | ---- | M] () -- C:\Users\Kiffin'\Desktop\ragetemplate.jpg
[2012.02.25 11:55:54 | 000,023,552 | -H-- | M] () -- C:\Users\Kiffin'\Desktop\photothumb.db
[2012.02.25 11:55:49 | 000,184,320 | -H-- | M] () -- C:\Users\Kiffin'\photothumb.db
[2012.02.25 11:54:43 | 000,599,564 | ---- | M] () -- C:\Users\Kiffin'\Desktop\homobob.jpg
[2012.02.25 00:59:55 | 000,000,488 | ---- | M] () -- C:\Users\Kiffin'\Desktop\r.lnk
[2012.02.22 18:22:32 | 000,001,356 | ---- | M] () -- C:\Users\Kiffin'\AppData\Local\d3d9caps.dat
[2012.02.21 21:51:31 | 004,960,105 | ---- | M] () -- C:\Users\Kiffin'\Desktop\stadt.mp3
[2012.02.15 15:49:36 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.13 18:04:00 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2012.03.06 14:18:29 | 000,000,737 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.03.06 14:18:29 | 000,000,710 | ---- | C] () -- C:\Users\Public\Desktop\Kostenlose Angebote.lnk
[2012.03.01 17:26:26 | 001,498,061 | ---- | C] () -- C:\Users\Kiffin'\Desktop\Foto009.jpg
[2012.02.26 22:26:58 | 000,005,315 | ---- | C] () -- C:\Users\Kiffin'\.recently-used.xbel
[2012.02.26 22:13:45 | 000,025,480 | ---- | C] () -- C:\Users\Kiffin'\DS-DIGIT.TTF
[2012.02.26 22:13:45 | 000,024,896 | ---- | C] () -- C:\Users\Kiffin'\DS-DIGIB.TTF
[2012.02.26 22:13:45 | 000,024,676 | ---- | C] () -- C:\Users\Kiffin'\DS-DIGII.TTF
[2012.02.26 22:13:45 | 000,024,448 | ---- | C] () -- C:\Users\Kiffin'\DS-DIGI.TTF
[2012.02.26 22:12:22 | 000,036,260 | ---- | C] () -- C:\Users\Kiffin'\ds_digital.zip
[2012.02.26 21:52:10 | 000,000,978 | ---- | C] () -- C:\Users\Kiffin'\Desktop\skype.lnk
[2012.02.26 13:53:07 | 000,009,728 | ---- | C] () -- C:\Windows\System32\HWLMSET2PS.dll
[2012.02.25 12:57:49 | 000,906,967 | ---- | C] () -- C:\Users\Kiffin'\Desktop\homobobderpherp.jpg
[2012.02.25 12:08:30 | 001,056,153 | ---- | C] () -- C:\Users\Kiffin'\Desktop\homobobderp.jpg
[2012.02.25 12:04:44 | 001,585,824 | ---- | C] () -- C:\Users\Kiffin'\Desktop\ragetemplate.jpg
[2012.02.25 11:55:53 | 000,023,552 | -H-- | C] () -- C:\Users\Kiffin'\Desktop\photothumb.db
[2012.02.25 11:54:42 | 000,599,564 | ---- | C] () -- C:\Users\Kiffin'\Desktop\homobob.jpg
[2012.02.25 00:59:55 | 000,000,488 | ---- | C] () -- C:\Users\Kiffin'\Desktop\r.lnk
[2012.02.21 21:14:14 | 004,960,105 | ---- | C] () -- C:\Users\Kiffin'\Desktop\stadt.mp3
[2011.10.23 18:19:27 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.10.23 18:19:26 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.10.23 18:19:24 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.10.23 18:19:24 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.10.23 18:19:23 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.10.23 17:52:09 | 000,150,996 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2011.09.26 19:17:21 | 000,000,016 | ---- | C] () -- C:\Users\Kiffin'\AppData\Roaming\msregsvv.dll
[2011.09.26 19:17:21 | 000,000,016 | ---- | C] () -- C:\ProgramData\autobk.inc
[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.04.05 21:25:33 | 000,000,011 | ---- | C] () -- C:\Users\Kiffin'\AppData\Roaming\urhtps.dat
[2011.03.20 22:26:30 | 000,004,817 | ---- | C] () -- C:\Users\Kiffin'\AppData\Roaming\2936.55C
[2011.01.12 23:12:28 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.09.27 21:34:48 | 000,219,300 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.07.16 22:59:38 | 000,006,404 | ---- | C] () -- C:\Windows\DiabUnin.dat
 
========== LOP Check ==========
 
[2012.03.05 22:28:43 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\.minecraft
[2011.03.30 14:54:48 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\5013
[2011.04.01 21:58:25 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\5014
[2011.04.05 17:33:52 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\5015
[2011.03.25 20:57:03 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Audacity
[2011.03.25 20:57:03 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Bioshock
[2011.05.14 18:05:42 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009.01.14 15:31:45 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Crayon Physics Deluxe
[2011.01.29 02:43:25 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\DAEMON Tools Lite
[2011.01.13 16:13:29 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Epmuze
[2010.11.17 16:18:59 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Epson
[2011.03.25 20:57:03 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\fretsonfire
[2009.07.12 17:21:53 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\FUEL Demo
[2011.03.30 15:54:05 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\GetRightToGo
[2012.02.26 22:26:58 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\gtk-2.0
[2010.11.03 17:08:21 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Guitar Pro 6
[2011.12.07 23:13:38 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\ICQ
[2011.02.16 21:53:05 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\ICQLite
[2011.09.26 19:13:03 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\IK Multimedia
[2011.08.05 23:38:59 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Image-Line
[2011.01.21 14:42:09 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Juce VST Host
[2011.03.30 14:54:30 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\kock
[2011.01.06 14:40:39 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Loepyt
[2010.06.16 00:37:23 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\LolClient
[2010.02.27 22:44:34 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2011.03.25 20:57:19 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Magic Set Editor
[2009.01.01 14:04:47 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\MAGIX
[2011.03.25 20:57:19 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2010.04.18 17:46:28 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Mount&Blade
[2011.03.09 18:34:41 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Nofus
[2010.01.31 01:44:07 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Nokia
[2011.10.01 14:17:16 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Notepad++
[2011.01.12 20:21:07 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Nuiv
[2011.03.25 20:57:22 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Nvu
[2010.01.17 22:17:38 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Opera
[2009.10.26 20:59:55 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\PC Suite
[2011.03.25 20:57:22 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\PhotoScape
[2009.05.24 12:36:17 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Propellerhead Software
[2011.05.01 11:43:35 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Publish Providers
[2009.12.01 22:04:59 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\runic games
[2008.12.08 20:36:52 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Serif
[2009.04.21 11:56:48 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Slam Dunk Studios, LLC
[2008.12.27 00:22:00 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Soldat
[2011.05.01 11:43:29 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Sony
[2011.03.25 20:57:23 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Stellarium
[2010.09.30 17:18:01 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Sygyt Software
[2011.03.25 20:57:23 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\Thunderbird
[2011.10.14 14:43:25 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\TS3Client
[2011.03.30 15:29:02 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\UAs
[2011.12.31 23:16:37 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\ueberschall
[2010.12.17 21:09:53 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\UFOAI
[2012.03.13 20:45:36 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\uTorrent
[2011.03.30 14:54:30 | 000,000,000 | ---D | M] -- C:\Users\Kiffin'\AppData\Roaming\xmldm
[2012.03.14 20:14:36 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.15 15:25:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C1373044-6303-4F5B-9511-DC99F2F561D5}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.01.07 18:59:54 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.03.25 20:56:44 | 000,000,000 | ---D | M] -- C:\9b47e95a7d8f87ddbf0a2d05
[2011.03.25 20:56:44 | 000,000,000 | ---D | M] -- C:\Alice
[2009.10.19 22:55:20 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.03.25 20:56:44 | 000,000,000 | ---D | M] -- C:\BSI
[2012.03.14 20:11:34 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.12.05 22:20:23 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.03.25 20:56:44 | 000,000,000 | ---D | M] -- C:\download
[2008.11.10 17:36:15 | 000,000,000 | R--D | M] -- C:\DRIVER
[2011.03.25 20:56:44 | 000,000,000 | ---D | M] -- C:\ebay
[2011.03.25 20:56:44 | 000,000,000 | ---D | M] -- C:\fsc-reg
[2011.03.25 20:56:44 | 000,000,000 | ---D | M] -- C:\Google
[2008.11.10 17:36:15 | 000,000,000 | R--D | M] -- C:\MANUAL
[2009.02.26 18:42:55 | 000,000,000 | R--D | M] -- C:\MSOCache
[2008.12.22 23:18:33 | 000,000,000 | ---D | M] -- C:\mydecal
[2011.03.25 20:56:45 | 000,000,000 | ---D | M] -- C:\nero
[2009.07.03 21:02:58 | 000,000,000 | ---D | M] -- C:\Nexon
[2009.09.07 13:48:25 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.11 20:31:00 | 000,000,000 | ---D | M] -- C:\output
[2011.03.25 20:56:49 | 000,000,000 | ---D | M] -- C:\PC_Suite08
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.13 18:04:00 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.02.10 16:07:03 | 000,000,000 | ---D | M] -- C:\ProgramData
[2008.12.05 22:20:23 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.10.14 02:09:26 | 000,000,000 | ---D | M] -- C:\Recycle.Bin
[2012.03.14 20:10:35 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.03.30 15:58:16 | 000,000,000 | ---D | M] -- C:\temp
[2009.02.14 21:08:58 | 000,000,000 | -H-D | M] -- C:\TMP
[2011.10.22 20:17:52 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.15 15:29:21 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2008.05.27 12:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Windows\System32\drivers\ahcix86s.sys
[2008.05.27 12:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) MD5=FBE4016F9EF3AB3DB547E40A936B6CD9 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_c617648e\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_41af7b1f\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.11.11 01:56:40 | 013,115,392 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.11.11 01:56:33 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.11.11 01:56:41 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008.11.11 01:56:49 | 017,633,280 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008.11.11 01:56:51 | 006,705,152 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.02.26 22:26:58 | 000,005,315 | ---- | M] () -- C:\Users\Kiffin'\.recently-used.xbel
[2011.04.15 13:31:25 | 000,037,923 | ---- | M] () -- C:\Users\Kiffin'\111.jpg
[2011.06.20 21:31:41 | 000,456,333 | ---- | M] () -- C:\Users\Kiffin'\1284957042445.png
[2011.04.14 22:01:10 | 000,136,319 | ---- | M] () -- C:\Users\Kiffin'\220707_203238073044104_100000737379255_630917_134440_o.jpg
[2011.05.31 01:44:12 | 000,078,031 | ---- | M] () -- C:\Users\Kiffin'\248774_1758746494444_1412460409_31563230_3722884_n.jpg
[2011.12.22 01:08:33 | 000,102,830 | ---- | M] () -- C:\Users\Kiffin'\380817_341940609165402_100000483972859_1432763_846458985_n.jpg
[2010.10.06 13:36:32 | 094,330,423 | ---- | M] () -- C:\Users\Kiffin'\63.mp3
[2011.02.16 22:31:29 | 001,404,956 | ---- | M] () -- C:\Users\Kiffin'\66_cover.jpg
[2011.08.05 21:49:24 | 000,000,755 | ---- | M] () -- C:\Users\Kiffin'\ASIO4ALL v2 Instruction Manual.lnk
[2010.11.07 02:11:47 | 000,483,750 | ---- | M] () -- C:\Users\Kiffin'\c&h.jpg
[2009.10.20 14:23:46 | 000,084,921 | ---- | M] () -- C:\Users\Kiffin'\Cache.mxc3
[2011.05.26 18:11:44 | 000,002,839 | ---- | M] () -- C:\Users\Kiffin'\caesar.html
[2011.01.26 17:52:50 | 000,186,244 | ---- | M] () -- C:\Users\Kiffin'\chain-1.jpg
[2010.10.03 21:24:41 | 000,010,063 | ---- | M] () -- C:\Users\Kiffin'\cnt_djdergutenlaune-05.gif
[2011.09.17 15:00:02 | 000,015,857 | ---- | M] () -- C:\Users\Kiffin'\Datadruck Bewerbung.docx
[2011.02.10 22:47:26 | 001,283,084 | ---- | M] () -- C:\Users\Kiffin'\deathkohr.wav
[2011.02.10 23:17:40 | 000,336,290 | ---- | M] () -- C:\Users\Kiffin'\deathkohrhowto.jpg
[2011.05.02 22:32:30 | 000,130,930 | ---- | M] () -- C:\Users\Kiffin'\deftones-around-the-fur-album-cover.jpg
[2010.06.13 01:08:12 | 000,013,256 | ---- | M] () -- C:\Users\Kiffin'\deftones-white-pony1.jpg
[2010.06.13 01:08:18 | 000,641,793 | ---- | M] () -- C:\Users\Kiffin'\Deftones.jpg
[2010.09.22 22:19:26 | 001,313,555 | ---- | M] () -- C:\Users\Kiffin'\Deftones_Wallpaper_by_emerygraphics.jpg
[1999.02.03 22:55:42 | 000,001,693 | ---- | M] () -- C:\Users\Kiffin'\DIGITAL.TXT
[2010.10.03 21:27:11 | 000,018,271 | ---- | M] () -- C:\Users\Kiffin'\djdergutenlaune.jpg
[1999.02.01 10:06:12 | 000,024,448 | ---- | M] () -- C:\Users\Kiffin'\DS-DIGI.TTF
[1999.02.01 10:06:26 | 000,024,896 | ---- | M] () -- C:\Users\Kiffin'\DS-DIGIB.TTF
[1999.02.01 10:06:36 | 000,024,676 | ---- | M] () -- C:\Users\Kiffin'\DS-DIGII.TTF
[1999.02.01 10:07:04 | 000,025,480 | ---- | M] () -- C:\Users\Kiffin'\DS-DIGIT.TTF
[2012.02.26 22:12:23 | 000,036,260 | ---- | M] () -- C:\Users\Kiffin'\ds_digital.zip
[2011.10.04 22:39:45 | 000,110,757 | ---- | M] () -- C:\Users\Kiffin'\edward-cooke.jpg
[2011.10.04 22:42:32 | 000,021,232 | ---- | M] () -- C:\Users\Kiffin'\edward-cookezschnit.jpg
[2011.10.22 05:26:05 | 000,086,768 | ---- | M] () -- C:\Users\Kiffin'\fl3gotyeu111.jdc
[2011.04.14 22:03:12 | 000,047,082 | ---- | M] () -- C:\Users\Kiffin'\flunkyballsummerseason_I_icke.jpg
[2011.07.02 13:32:09 | 000,164,271 | ---- | M] () -- C:\Users\Kiffin'\fuchs.jpg
[2010.11.30 15:37:32 | 000,061,998 | ---- | M] () -- C:\Users\Kiffin'\GEBURTSTAGSEINLADUNGv2.jpg
[2011.11.29 15:51:14 | 000,000,188 | ---- | M] () -- C:\Users\Kiffin'\gore.txt
[2011.05.03 13:17:08 | 000,021,864 | ---- | M] () -- C:\Users\Kiffin'\haare.jpg
[2010.09.22 22:16:53 | 000,251,920 | ---- | M] () -- C:\Users\Kiffin'\i469763_2006DeftonesSaturdayNightWrist.JPG
[2012.02.04 21:20:48 | 000,084,349 | ---- | M] () -- C:\Users\Kiffin'\ickedicke.jpg
[2010.10.24 01:24:30 | 000,033,622 | ---- | M] () -- C:\Users\Kiffin'\ICONATOR_2878e0c0720754b6e5c51c15ca438716.jpg
[2010.11.17 21:41:41 | 000,037,766 | ---- | M] () -- C:\Users\Kiffin'\imgPoohCharacter.gif
[2011.03.02 22:10:09 | 002,922,721 | ---- | M] () -- C:\Users\Kiffin'\IMG_0599.JPG
[2011.05.26 18:11:23 | 001,072,284 | ---- | M] () -- C:\Users\Kiffin'\KryptologieVLIN.pdf
[2011.10.26 22:11:14 | 000,028,672 | ---- | M] () -- C:\Users\Kiffin'\Lebenslauf ohne foto.doc
[2011.10.26 22:14:51 | 000,088,064 | ---- | M] () -- C:\Users\Kiffin'\Lebenslauf.doc
[2011.10.03 03:35:16 | 000,777,724 | ---- | M] () -- C:\Users\Kiffin'\linasodreht.jpg
[2011.01.03 01:20:08 | 000,161,739 | ---- | M] () -- C:\Users\Kiffin'\lolsallaboutbalance.jpg
[2011.02.19 23:41:13 | 000,240,347 | ---- | M] () -- C:\Users\Kiffin'\lolsallaboutequality.jpg
[2011.12.17 17:54:40 | 000,027,648 | ---- | M] () -- C:\Users\Kiffin'\London Olympic Games 1908&1948.doc
[2010.07.02 11:54:31 | 000,027,162 | ---- | M] () -- C:\Users\Kiffin'\mckeinfisch.jpg
[2010.12.22 13:31:19 | 000,027,136 | ---- | M] () -- C:\Users\Kiffin'\musik.doc
[2011.04.15 13:26:19 | 000,038,356 | ---- | M] () -- C:\Users\Kiffin'\mw44l3_large.jpg
[2011.08.14 21:10:45 | 000,027,136 | ---- | M] () -- C:\Users\Kiffin'\NDR_Praktikumsbewerbung.doc
[2011.08.31 22:15:24 | 000,027,648 | ---- | M] () -- C:\Users\Kiffin'\NDR_Praktikumsbewerbung_2.doc
[2011.09.01 23:06:58 | 000,027,648 | ---- | M] () -- C:\Users\Kiffin'\NDR_Praktikumsbewerbung_2v2.doc
[2011.10.03 02:53:51 | 000,388,708 | ---- | M] () -- C:\Users\Kiffin'\nfndl.jpg
[2012.03.15 19:28:11 | 012,320,768 | -HS- | M] () -- C:\Users\Kiffin'\ntuser.dat
[2012.03.15 19:28:11 | 000,262,144 | ---- | M] () -- C:\Users\Kiffin'\ntuser.dat.LOG1
[2008.12.05 22:31:40 | 000,000,000 | ---- | M] () -- C:\Users\Kiffin'\ntuser.dat.LOG2
[2012.03.15 18:59:25 | 000,065,536 | -HS- | M] () -- C:\Users\Kiffin'\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2012.03.15 18:59:25 | 000,524,288 | -HS- | M] () -- C:\Users\Kiffin'\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2011.11.07 14:30:28 | 000,524,288 | -HS- | M] () -- C:\Users\Kiffin'\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008.12.05 22:31:41 | 000,000,020 | -HS- | M] () -- C:\Users\Kiffin'\ntuser.ini
[2011.10.15 01:07:01 | 000,475,638 | ---- | M] () -- C:\Users\Kiffin'\ofwgktawall.jpg
[2010.10.03 00:28:40 | 000,015,375 | ---- | M] () -- C:\Users\Kiffin'\orchidlivepic.jpg
[2012.02.25 11:55:49 | 000,184,320 | -H-- | M] () -- C:\Users\Kiffin'\photothumb.db
[2011.01.27 21:27:44 | 006,126,023 | ---- | M] () -- C:\Users\Kiffin'\pokemon-girls-full.jpg
[2011.05.31 01:47:51 | 000,055,253 | ---- | M] () -- C:\Users\Kiffin'\ranztagfoto.jpg
[2010.09.22 22:14:49 | 000,110,887 | ---- | M] () -- C:\Users\Kiffin'\saturdagnightwrist-1024x768.jpg
[2011.01.28 22:30:00 | 000,000,016 | ---- | M] () -- C:\Users\Kiffin'\schulden.txt
[2012.01.23 23:50:29 | 000,026,624 | ---- | M] () -- C:\Users\Kiffin'\Selbsteinschätzung Kevin.doc
[2011.06.11 14:15:53 | 000,722,554 | ---- | M] () -- C:\Users\Kiffin'\Snapshot of me 27.png
[2011.10.20 00:20:52 | 000,029,184 | ---- | M] () -- C:\Users\Kiffin'\Stockmarbewerbung.doc
[2010.12.01 23:07:52 | 001,298,560 | ---- | M] () -- C:\Users\Kiffin'\Switch Reloaded-Mitten im Leben Klingelton 2.0.mp3
[2011.05.14 20:25:41 | 000,153,600 | -HS- | M] () -- C:\Users\Kiffin'\Thumbs.db
[2011.11.25 20:59:44 | 000,737,576 | ---- | M] () -- C:\Users\Kiffin'\tim tonik wallpaper.jpg
[2011.06.20 20:05:19 | 000,414,527 | ---- | M] () -- C:\Users\Kiffin'\Transmetropolitan.jpg
[2011.06.20 23:40:29 | 003,072,054 | ---- | M] () -- C:\Users\Kiffin'\transmetropolitansmoke.bmp
[2011.06.21 13:27:18 | 000,114,258 | ---- | M] () -- C:\Users\Kiffin'\transmetropolitansmoke1680x1050.jpg
[2010.03.29 15:05:23 | 000,021,546 | ---- | M] () -- C:\Users\Kiffin'\up-ken.jpg
[2011.05.26 18:11:29 | 000,009,170 | ---- | M] () -- C:\Users\Kiffin'\vigenere.html
[2011.05.26 18:11:16 | 000,005,752 | ---- | M] () -- C:\Users\Kiffin'\vigenere.pdf
[2010.06.13 01:03:38 | 000,132,065 | ---- | M] () -- C:\Users\Kiffin'\Wall3-1280.jpg
[2011.04.15 13:31:45 | 000,014,302 | ---- | M] () -- C:\Users\Kiffin'\waluev haare wie.jpg
[2010.12.30 00:50:02 | 000,146,841 | ---- | M] () -- C:\Users\Kiffin'\waluev haare wie.xcf
[2010.12.30 00:39:44 | 000,026,068 | ---- | M] () -- C:\Users\Kiffin'\waluev haare.jpg
[2011.10.09 14:40:26 | 000,000,101 | ---- | M] () -- C:\Users\Kiffin'\warum ist da eine tube auf der ampel.txt
[2011.09.25 22:08:29 | 000,029,184 | ---- | M] () -- C:\Users\Kiffin'\Wüstenrot Bewerbung.doc
[2009.12.30 23:16:57 | 000,000,357 | ---- | M] () -- C:\Users\Kiffin'\Öffentlich - Verknüpfung.lnk
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< End of report >

cosinus · 16.03.2012, 18:16

Zitat:

Boot Mode: SafeMode with Networking |

na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können:

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Unlizensierte Windows-Version Problem

Plagegeister aller Art und deren Bekämpfung: Unlizensierte Windows-Version Problem

Unlizensierte Windows-Version Problem

Unlizensierte Windows-Version Problem

Ähnliche Themen: Unlizensierte Windows-Version Problem