UKash Windows Security Trojaner Hallo Gemeinde, wie bei der Vielzahl von anderen Usern hat es mich auch erwischt (zum 2-ten Mal). Beim ersten Mal vor zwei Wochen hatte ich den BKA-Trojaner mit der gleichen Aufforderung 100 € zu zahlen, hab den Rechner im abgesicherten Modus neugestartet, unter Autostart auffällige EXE-Datei mit vielen zahlen gelöscht und da wa Ruhe. Heute das gleiche Prinzip nur unter anderen Umständen: angeblich illegale Windoof Version und darum Aufforderung von 100 €. Hab im abgesichertem Modus gestartet, mit dem OTL Tool und dem Script von euch den Quick Scan durchgeführt, wie es in der Anleitung stand, die TXT-Dateien hefte ich euch an. Danke schon mal im Vorraus
Grüße webcollectorOTL Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
OTL logfile created on: 30.03.2012 14:21:58 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\install\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,39 Gb Available Physical Memory | 84,90% Memory free
7,99 Gb Paging File | 7,41 Gb Available in Paging File | 92,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 14,76 Gb Free Space | 30,22% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 14,99 Gb Free Space | 76,73% Space Free | Partition Type: NTFS
Drive E: | 397,39 Gb Total Space | 257,52 Gb Free Space | 64,80% Space Free | Partition Type: NTFS
Drive H: | 0,96 Mb Total Space | 0,96 Mb Free Space | 100,00% Space Free | Partition Type: FAT
Drive I: | 1,82 Gb Total Space | 1,80 Gb Free Space | 98,82% Space Free | Partition Type: FAT32
Computer Name: PC | User Name: install | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.03.30 14:05:42 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\install\Desktop\OTL.exe
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010.02.03 06:17:10 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008.02.19 09:12:32 | 000,565,928 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxbkcoms.exe -- (lxbk_device)
SRV - [2011.12.11 20:17:19 | 001,768,144 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe -- (Guard.Mail.ru)
SRV - [2011.07.25 23:41:28 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- E:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.25 23:41:28 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- E:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.07 17:37:16 | 005,352,960 | ---- | M] (Native Instruments GmbH) [Auto | Stopped] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2011.03.04 03:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.08.04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.07.14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009.07.14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009.07.14 03:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.02.19 09:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\lxbkcoms.exe -- (lxbk_device)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011.11.11 22:25:43 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.07.25 23:41:28 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.25 23:41:28 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.05.11 15:56:34 | 000,057,424 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2011.05.11 15:56:26 | 000,037,456 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2011.03.04 03:25:20 | 004,183,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C270(UVC)
DRV:64bit: - [2011.03.04 03:23:54 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010.12.07 15:39:32 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV:64bit: - [2010.10.22 02:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2010.10.22 02:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.02.03 06:55:18 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.02.03 05:23:58 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.01.28 16:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.10.10 00:55:56 | 000,022,568 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2009.09.25 16:58:32 | 000,178,688 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.09.25 16:58:24 | 000,073,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.08.20 18:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\URLSearchHook: {83821C2B-32A8-4DD7-B6D4-44309A78E668} - SOFTWARE\Classes\CLSID\{83821C2B-32A8-4DD7-B6D4-44309A78E668}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {73AE0EAB-5680-456d-9FF1-97103CEA3839}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{45156678-551C-455a-A717-95AB3653AB9F}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKCU\..\SearchScopes\{73AE0EAB-5680-456d-9FF1-97103CEA3839}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
IE - HKCU\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: E:\Mozilla Firefox 5\components [2012.03.18 19:56:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: E:\Mozilla Firefox 5\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: E:\Mozilla Firefox 5\components [2012.03.18 19:56:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: E:\Mozilla Firefox 5\plugins
[2011.07.25 23:38:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\install\AppData\Roaming\mozilla\Extensions
[2011.07.27 15:21:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\install\AppData\Roaming\mozilla\Firefox\Profiles\71zsfnsc.default\extensions
O1 HOSTS File: ([2011.09.21 20:55:43 | 000,000,857 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AlterGeoBHO Class) - {9BFBA68E-E21B-458E-AE12-FE85E903D2C1} - C:\Program Files (x86)\AlterGeo\AlterGeo Magic Scanner\3.3.2.779\AlterGeo.BrowserPlugin.dll (Wi2Geo)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] E:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe ()
O4 - HKLM..\Run: [LWS] E:\Logitech WebCam\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MAgent] E:\MailAgent\MAgent.exe (Mail.Ru)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] E:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [MediaGet2] C:\Users\install\AppData\Local\MediaGet2\mediaget.exe --minimized File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [vasja] C:\Users\install\AppData\Local\Temp\mor.exe (fbnF)
O4 - Startup: C:\Users\install\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\install\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Экспорт в Microsoft Excel - E:\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Экспорт в Microsoft Excel - E:\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - E:\MailAgent\magent.exe (Mail.Ru)
O9 - Extra 'Tools' menuitem : Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - E:\MailAgent\magent.exe (Mail.Ru)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05FA07F0-B0A2-4DFD-941D-6B134BC56818}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{188e1278-0ca3-11e1-bf0b-001f3f07577d}\Shell - "" = AutoRun
O33 - MountPoints2\{188e1278-0ca3-11e1-bf0b-001f3f07577d}\Shell\AutoRun\command - "" = G:\SETUP.EXE /AUTORUN
O33 - MountPoints2\{188e1278-0ca3-11e1-bf0b-001f3f07577d}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{188e1278-0ca3-11e1-bf0b-001f3f07577d}\Shell\install\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{6d0d5bdc-b702-11e0-b534-6cf0490d7cd0}\Shell - "" = AutoRun
O33 - MountPoints2\{6d0d5bdc-b702-11e0-b534-6cf0490d7cd0}\Shell\AutoRun\command - "" = I:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
[2012.03.30 14:16:25 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\install\Desktop\OTL.exe
[2012.03.30 14:15:59 | 000,000,000 | ---D | C] -- C:\Users\install\Desktop\links
[2012.03.22 21:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.03.22 21:34:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.03.22 21:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012.03.22 21:33:47 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.03.22 21:33:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.03.18 17:42:20 | 000,000,000 | ---D | C] -- C:\Users\install\AppData\Roaming\DeepBurner
[2012.03.18 17:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeepBurner
[2012.03.17 16:16:44 | 000,000,000 | ---D | C] -- C:\Users\install\Documents\Bewerbung
[2012.03.10 20:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVSVideoBurner
[2012.03.10 20:45:35 | 000,000,000 | ---D | C] -- C:\Users\install\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012.03.10 20:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012.03.10 16:40:28 | 000,000,000 | ---D | C] -- C:\Users\install\AppData\Roaming\AVS4YOU
[2012.03.10 16:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2012.03.10 16:39:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2012.03.10 16:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012.03.09 23:27:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2012.03.09 22:29:49 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012.03.09 17:15:25 | 000,000,000 | ---D | C] -- C:\Users\install\AppData\Local\Diagnostics
[2012.03.03 19:06:39 | 000,000,000 | ---D | C] -- C:\Users\install\Documents\BFBC2
[2012.03.03 18:36:34 | 000,000,000 | ---D | C] -- C:\Users\install\AppData\Roaming\Ubisoft
[2012.03.03 18:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2012.03.03 16:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
========== Files - Modified Within 30 Days ==========
[2012.03.30 14:13:51 | 001,740,056 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.30 14:13:51 | 000,748,932 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.30 14:13:51 | 000,694,324 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.30 14:13:51 | 000,165,238 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.30 14:13:51 | 000,134,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.30 14:09:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.30 14:09:39 | 3217,678,336 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.30 14:05:42 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\install\Desktop\OTL.exe
[2012.03.30 13:55:42 | 000,014,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.30 13:55:42 | 000,014,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.29 17:27:06 | 000,022,466 | ---- | M] () -- C:\Users\install\Documents\Deutsch-INhaltsangabe.odt
[2012.03.25 17:49:48 | 001,693,400 | ---- | M] () -- C:\Users\install\Documents\ANJ2.jpg
[2012.03.23 14:48:46 | 004,992,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.22 21:35:55 | 000,000,754 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.03.20 20:12:16 | 000,030,574 | ---- | M] () -- C:\Users\install\Documents\Debatte Komplett.odt
[2012.03.18 17:42:07 | 000,000,540 | ---- | M] () -- C:\Users\install\Desktop\DeepBurner.lnk
[2012.03.18 17:25:21 | 000,012,911 | ---- | M] () -- C:\Users\install\Documents\Deutsch Debatte.odt
[2012.03.17 16:12:20 | 005,895,632 | ---- | M] () -- C:\Users\install\Documents\e.pdf
[2012.03.17 16:02:04 | 000,382,987 | ---- | M] () -- C:\Users\install\Documents\f.pdf
[2012.03.15 16:16:32 | 001,070,924 | ---- | M] () -- C:\Users\install\Documents\J.jpg
[2012.03.15 16:13:30 | 001,283,479 | ---- | M] () -- C:\Users\install\Documents\ef.jpg
[2012.03.15 16:10:36 | 001,681,964 | ---- | M] () -- C:\Users\install\Documents\4_2.jpg
[2012.03.15 16:08:59 | 002,304,696 | ---- | M] () -- C:\Users\install\Documents\4_1.jpg
[2012.03.15 16:07:16 | 002,364,941 | ---- | M] () -- C:\Users\install\Documents\3.jpg
[2012.03.15 16:05:36 | 002,250,248 | ---- | M] () -- C:\Users\install\Documents\2.jpg
[2012.03.15 16:03:46 | 002,146,404 | ---- | M] () -- C:\Users\install\Documents\1.jpg
[2012.03.15 15:59:37 | 001,083,003 | ---- | M] () -- C:\Users\install\Documents\ung.jpg
[2012.03.15 15:56:06 | 002,347,949 | ---- | M] () -- C:\Users\install\Documents\s.jpg
[2012.03.11 20:19:55 | 000,027,838 | ---- | M] () -- C:\Users\install\Documents\Debatte.odt
[2012.03.10 20:45:37 | 000,001,294 | ---- | M] () -- C:\Users\install\Desktop\AVS4YOU Software Navigator.lnk
[2012.03.10 20:45:20 | 000,000,629 | ---- | M] () -- C:\Users\install\Desktop\AVS Video Converter 6.lnk
[2012.03.10 02:34:28 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.03.10 02:34:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.03.09 22:29:49 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
========== Files Created - No Company Name ==========
[2012.03.29 17:19:53 | 000,022,466 | ---- | C] () -- C:\Users\install\Documents\Deutsch-INhaltsangabe.odt
[2012.03.20 18:41:40 | 000,030,574 | ---- | C] () -- C:\Users\install\Documents\Debatte Komplett.odt
[2012.03.18 17:42:07 | 000,000,540 | ---- | C] () -- C:\Users\install\Desktop\DeepBurner.lnk
[2012.03.18 17:20:55 | 000,012,911 | ---- | C] () -- C:\Users\install\Documents\Deutsch Debatte.odt
[2012.03.17 16:12:20 | 005,895,632 | ---- | C] () -- C:\Users\install\Documents\e.pdf
[2012.03.17 16:02:02 | 000,382,987 | ---- | C] () -- C:\Users\install\Documents\ief.pdf
[2012.03.15 21:25:16 | 001,693,400 | ---- | C] () -- C:\Users\install\Documents\2.jpg
[2012.03.15 16:16:32 | 001,070,924 | ---- | C] () -- C:\Users\install\Documents\.jpg
[2012.03.15 16:13:29 | 001,283,479 | ---- | C] () -- C:\Users\install\Documents\jpg
[2012.03.15 16:10:36 | 001,681,964 | ---- | C] () -- C:\Users\install\Documents\gnis 4_2.jpg
[2012.03.15 16:08:58 | 002,304,696 | ---- | C] () -- C:\Users\install\Documents\is 4_1.jpg
[2012.03.15 16:07:15 | 002,364,941 | ---- | C] () -- C:\Users\install\Documents\gnis 3.jpg
[2012.03.15 16:05:35 | 002,250,248 | ---- | C] () -- C:\Users\install\Documents\gnis 2.jpg
[2012.03.15 16:03:45 | 002,146,404 | ---- | C] () -- C:\Users\install\Documents\gnis 1.jpg
[2012.03.15 15:59:37 | 001,083,003 | ---- | C] () -- C:\Users\install\Documents\ng.jpg
[2012.03.15 15:56:06 | 002,347,949 | ---- | C] () -- C:\Users\install\Documents\gnis.jpg
[2012.03.11 20:15:20 | 000,027,838 | ---- | C] () -- C:\Users\install\Documents\Debatte.odt
[2012.03.10 20:45:37 | 000,001,294 | ---- | C] () -- C:\Users\install\Desktop\AVS4YOU Software Navigator.lnk
[2012.03.10 20:45:20 | 000,000,629 | ---- | C] () -- C:\Users\install\Desktop\AVS Video Converter 6.lnk
[2012.03.10 02:34:28 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.03.10 02:34:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.02.09 16:30:20 | 000,003,584 | ---- | C] () -- C:\Users\install\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.24 21:54:36 | 001,626,780 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.20 21:27:27 | 011,516,718 | ---- | C] () -- C:\Windows\SysWow64\meinfotoalbum_meinfotoalbum_uninstaller.exe
[2011.09.21 20:55:41 | 000,000,754 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.31 18:56:42 | 000,000,016 | ---- | C] () -- C:\Users\install\AppData\Roaming\msregsvv.dll
[2011.07.31 18:56:42 | 000,000,016 | ---- | C] () -- C:\ProgramData\autobk.inc
[2011.07.26 20:04:45 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2011.07.26 20:04:45 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2011.07.26 14:43:12 | 000,000,235 | ---- | C] () -- C:\Windows\Lexstat.ini
[2011.07.26 14:41:57 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkserv.dll
[2011.07.26 14:41:57 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkusb1.dll
[2011.07.26 14:41:57 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkhbn3.dll
[2011.07.26 14:41:57 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomc.dll
[2011.07.26 14:41:57 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpmui.dll
[2011.07.26 14:41:57 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbklmpm.dll
[2011.07.26 14:41:57 | 000,537,256 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcoms.exe
[2011.07.26 14:41:57 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomm.dll
[2011.07.26 14:41:57 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbkutil.dll
[2011.07.26 14:41:57 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkinpa.dll
[2011.07.26 14:41:57 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkiesc.dll
[2011.07.26 14:41:57 | 000,385,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkih.exe
[2011.07.26 14:41:57 | 000,381,608 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcfg.exe
[2011.07.26 14:41:57 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBKinst.dll
[2011.07.26 14:41:57 | 000,180,904 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkppls.exe
[2011.07.26 14:41:57 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkprox.dll
[2011.07.26 14:41:57 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpplc.dll
[2011.07.25 22:59:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.25 22:56:00 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.25 22:45:03 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.07.25 22:45:03 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.07.25 22:39:28 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.04 03:26:22 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011.03.04 03:26:22 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.03.04 03:26:16 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
========== LOP Check ==========
[2012.02.02 15:58:26 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\DAEMON Tools Lite
[2012.03.18 17:52:58 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\DeepBurner
[2012.03.30 13:49:18 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\Dropbox
[2012.03.28 20:45:21 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\ICQ
[2011.07.31 19:04:36 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\IK Multimedia
[2011.07.28 02:31:58 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\Leadertech
[2011.12.21 16:17:34 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\Mra
[2012.02.05 15:43:59 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\OpenOffice.org
[2011.11.01 19:28:16 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\pdfforge
[2011.07.26 02:29:45 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.08.02 18:48:04 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\Steinberg
[2011.09.28 18:54:43 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\TeamViewer
[2012.03.03 18:36:34 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\Ubisoft
[2012.03.10 21:52:26 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\uTorrent
[2012.02.15 11:56:35 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2011.07.25 22:37:16 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.07.25 23:25:26 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.07.25 22:36:54 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.07.26 14:40:43 | 000,000,000 | ---D | M] -- C:\drivers
[2011.12.24 21:53:39 | 000,000,000 | ---D | M] -- C:\inetpub
[2011.07.25 22:41:37 | 000,000,000 | ---D | M] -- C:\Intel
[2012.01.05 14:45:39 | 000,000,000 | ---D | M] -- C:\meinfotoalbum_GesendeterAuftrag
[2011.07.26 21:06:07 | 000,000,000 | ---D | M] -- C:\Nexon
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.03 16:26:09 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.22 21:34:26 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.03.10 20:56:39 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.07.25 22:36:54 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.07.25 22:36:54 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.03.30 12:39:42 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.15 16:16:20 | 000,000,000 | ---D | M] -- C:\temp
[2011.07.25 22:37:01 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.22 21:33:47 | 000,000,000 | ---D | M] -- C:\Windows
[2012.02.18 15:18:58 | 000,000,000 | ---D | M] -- C:\WindowsESD
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: IASTORV.SYS >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %USERPROFILE%\*.* >
[2012.03.30 14:23:59 | 002,359,296 | -HS- | M] () -- C:\Users\install\NTUSER.DAT
[2012.03.30 14:23:58 | 000,262,144 | -HS- | M] () -- C:\Users\install\ntuser.dat.LOG1
[2011.07.25 22:37:02 | 000,000,000 | -HS- | M] () -- C:\Users\install\ntuser.dat.LOG2
[2011.07.25 22:42:35 | 000,065,536 | -HS- | M] () -- C:\Users\install\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.07.25 22:42:35 | 000,524,288 | -HS- | M] () -- C:\Users\install\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.07.25 22:42:35 | 000,524,288 | -HS- | M] () -- C:\Users\install\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.07.25 22:37:03 | 000,000,020 | -HS- | M] () -- C:\Users\install\ntuser.ini
< %USERPROFILE%\Local Settings\Temp\*.exe >
< %USERPROFILE%\Local Settings\Temp\*.dll >
< %USERPROFILE%\Application Data\*.exe >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
< >
========== Files - Unicode (All) ==========
[2011.12.24 22:08:14 | 000,000,084 | ---- | M] ()(C:\Users\install\Desktop\Go-Go ?? ???????.Inna dance - YouTube.URL) -- C:\Users\install\Desktop\Go-Go на пуантах.Inna dance - YouTube.URL
[2011.12.24 22:08:14 | 000,000,084 | ---- | C] ()(C:\Users\install\Desktop\Go-Go ?? ???????.Inna dance - YouTube.URL) -- C:\Users\install\Desktop\Go-Go на пуантах.Inna dance - YouTube.URL
[2011.12.05 22:08:56 | 000,000,068 | ---- | M] ()(C:\Users\install\Desktop\????????? ?????? - ?????-????? vs Mina - Lo Faresti - YouTube.URL) -- C:\Users\install\Desktop\Унесенные ветром - Какао-Какао vs Mina - Lo Faresti - YouTube.URL
[2011.12.05 22:08:56 | 000,000,068 | ---- | C] ()(C:\Users\install\Desktop\????????? ?????? - ?????-????? vs Mina - Lo Faresti - YouTube.URL) -- C:\Users\install\Desktop\Унесенные ветром - Какао-Какао vs Mina - Lo Faresti - YouTube.URL
[2011.11.30 21:47:32 | 000,000,059 | ---- | M] ()(C:\Users\install\Desktop\?????????? ???????? ???????? 167 ??????????.URL) -- C:\Users\install\Desktop\Фотографии Элеоноры Агаповой 167 фотографий.URL
[2011.11.30 21:47:32 | 000,000,059 | ---- | C] ()(C:\Users\install\Desktop\?????????? ???????? ???????? 167 ??????????.URL) -- C:\Users\install\Desktop\Фотографии Элеоноры Агаповой 167 фотографий.URL
[2011.11.29 22:19:00 | 000,000,061 | ---- | M] ()(C:\Users\install\Desktop\«5 ??????? ?????» - ????? ????????? ???????? ????????.URL) -- C:\Users\install\Desktop\«5 бутылок водки» - фильм режиссера Светланы Басковой.URL
[2011.11.29 22:19:00 | 000,000,061 | ---- | C] ()(C:\Users\install\Desktop\«5 ??????? ?????» - ????? ????????? ???????? ????????.URL) -- C:\Users\install\Desktop\«5 бутылок водки» - фильм режиссера Светланы Басковой.URL
[2011.11.29 21:52:02 | 000,000,084 | ---- | M] ()(C:\Users\install\Desktop\? ????? ?????? ???? - YouTube.URL) -- C:\Users\install\Desktop\У кошки четыре ноги - YouTube.URL
[2011.11.29 21:52:02 | 000,000,084 | ---- | C] ()(C:\Users\install\Desktop\? ????? ?????? ???? - YouTube.URL) -- C:\Users\install\Desktop\У кошки четыре ноги - YouTube.URL
[2011.11.21 22:06:47 | 000,000,084 | ---- | M] ()(C:\Users\install\Desktop\? ????? ?????? ?????? ??... - YouTube.URL) -- C:\Users\install\Desktop\С таким языком только на... - YouTube.URL
[2011.11.21 22:06:47 | 000,000,084 | ---- | C] ()(C:\Users\install\Desktop\? ????? ?????? ?????? ??... - YouTube.URL) -- C:\Users\install\Desktop\С таким языком только на... - YouTube.URL
[2011.11.20 00:27:34 | 000,000,084 | ---- | M] ()(C:\Users\install\Desktop\?????????? ?? ??????? ??????? ?????. ????????. - YouTube.URL) -- C:\Users\install\Desktop\ПИСЬМОШНАЯ на Пикнике журнала Афиша. Оригинал. - YouTube.URL
[2011.11.20 00:27:34 | 000,000,084 | ---- | C] ()(C:\Users\install\Desktop\?????????? ?? ??????? ??????? ?????. ????????. - YouTube.URL) -- C:\Users\install\Desktop\ПИСЬМОШНАЯ на Пикнике журнала Афиша. Оригинал. - YouTube.URL
[2011.10.28 21:59:42 | 000,000,068 | ---- | M] ()(C:\Users\install\Desktop\?-????? - ??????? ?? ?????? - YouTube.URL) -- C:\Users\install\Desktop\Ю-Питер - Девушка По Городу - YouTube.URL
[2011.10.28 21:59:42 | 000,000,068 | ---- | C] ()(C:\Users\install\Desktop\?-????? - ??????? ?? ?????? - YouTube.URL) -- C:\Users\install\Desktop\Ю-Питер - Девушка По Городу - YouTube.URL
[2011.09.21 16:11:08 | 000,000,064 | ---- | M] ()(C:\Users\install\Desktop\???????? ??? ???????? ? ?????? ????? - Fishki.Net ????????? ?????.URL) -- C:\Users\install\Desktop\Подстава для режисера в прямом эфире - Fishki.Net Остальные Видео.URL
[2011.09.21 16:11:08 | 000,000,064 | ---- | C] ()(C:\Users\install\Desktop\???????? ??? ???????? ? ?????? ????? - Fishki.Net ????????? ?????.URL) -- C:\Users\install\Desktop\Подстава для режисера в прямом эфире - Fishki.Net Остальные Видео.URL
[2011.09.01 23:18:29 | 000,000,064 | ---- | M] ()(C:\Users\install\Desktop\??????????? - ???????? - Fishki.Net ????????? ?????.URL) -- C:\Users\install\Desktop\Барабанщики - виртуозы - Fishki.Net Остальные Видео.URL
[2011.09.01 23:18:29 | 000,000,064 | ---- | C] ()(C:\Users\install\Desktop\??????????? - ???????? - Fishki.Net ????????? ?????.URL) -- C:\Users\install\Desktop\Барабанщики - виртуозы - Fishki.Net Остальные Видео.URL
[2011.08.22 10:07:14 | 000,000,064 | ---- | M] ()(C:\Users\install\Desktop\??? ????? ????? ???????? - Fishki.Net ????????? ?????.URL) -- C:\Users\install\Desktop\Как нужно брать интервью - Fishki.Net Остальные Видео.URL
[2011.08.22 10:07:14 | 000,000,064 | ---- | C] ()(C:\Users\install\Desktop\??? ????? ????? ???????? - Fishki.Net ????????? ?????.URL) -- C:\Users\install\Desktop\Как нужно брать интервью - Fishki.Net Остальные Видео.URL
[2011.08.09 20:34:34 | 000,000,084 | ---- | M] ()(C:\Users\install\Desktop\?Rammstein - Sehnsucht on bayan %))?? - YouTube.URL) -- C:\Users\install\Desktop\Rammstein - Sehnsucht on bayan %)) - YouTube.URL
[2011.08.09 20:34:34 | 000,000,084 | ---- | C] ()(C:\Users\install\Desktop\?Rammstein - Sehnsucht on bayan %))?? - YouTube.URL) -- C:\Users\install\Desktop\Rammstein - Sehnsucht on bayan %)) - YouTube.URL
[2011.08.08 16:15:42 | 000,000,000 | ---D | M](C:\Users\install\Documents\????? Mail.Ru ??????) -- C:\Users\install\Documents\Файлы Mail.Ru Агента
[2011.08.08 16:15:42 | 000,000,000 | ---D | C](C:\Users\install\Documents\????? Mail.Ru ??????) -- C:\Users\install\Documents\Файлы Mail.Ru Агента
[2011.07.29 03:48:14 | 000,000,084 | ---- | M] ()(C:\Users\install\Desktop\?Gnomus - Värgtimmen?? - YouTube.URL) -- C:\Users\install\Desktop\Gnomus - Värgtimmen - YouTube.URL
[2011.07.29 03:48:14 | 000,000,084 | ---- | C] ()(C:\Users\install\Desktop\?Gnomus - Värgtimmen?? - YouTube.URL) -- C:\Users\install\Desktop\Gnomus - Värgtimmen - YouTube.URL
< End of report >
--- --- ---
Geändert von webcollector (30.03.2012 um 14:01 Uhr)
30.03.2012, 13:43
Baum-Darstellung